[UPDATE] net/snort 2.8.0

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[UPDATE] net/snort 2.8.0

Markus Lude-3
Hello,
here is an update to snort 2.8.0. Please test/comment/commit/...

Based on changes for 2.7.0.1 by Jason Dixon.
Some added patches fix bus errors on sparc64 noticed by rui@.

If noone other wants, I would take maintainership (not included in
diff).

Regards,
Markus


snort-2.8.0.diff (36K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

fuzzyping
On Nov 28, 2007, at 6:21 PM, Markus Lude wrote:

> Hello,
> here is an update to snort 2.8.0. Please test/comment/commit/...
>
> Based on changes for 2.7.0.1 by Jason Dixon.
> Some added patches fix bus errors on sparc64 noticed by rui@.

Crashes on my alpha.  I've sent you a new kdump offlist.

---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net


Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

Mathieu Sauve-Frankel
In reply to this post by Markus Lude-3
On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:
> Hello,
> here is an update to snort 2.8.0. Please test/comment/commit/...

2.8.0.1 is already out. please resubmit a diff to 2.8.0.1

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

Rui Reis-2
In reply to this post by Markus Lude-3
works for me.

follow msf@ advice, resubmit a diff to 2.8.0.1 and please take
maintainership.

Regards,
rui


On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:

> Hello,
> here is an update to snort 2.8.0. Please test/comment/commit/...
>
> Based on changes for 2.7.0.1 by Jason Dixon.
> Some added patches fix bus errors on sparc64 noticed by rui@.
>
> If noone other wants, I would take maintainership (not included in
> diff).
>
> Regards,
> Markus
>

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/snort/Makefile,v
> retrieving revision 1.51
> diff -u -p -r1.51 Makefile
> --- Makefile 15 Sep 2007 22:36:59 -0000 1.51
> +++ Makefile 21 Nov 2007 00:43:34 -0000
> @@ -2,14 +2,14 @@
>  
>  COMMENT= highly flexible sniffer/NIDS
>  
> -DISTNAME= snort-2.6.0.2
> -PKGNAME= ${DISTNAME}p1
> +DISTNAME= snort-2.8.0
> +PKGNAME= ${DISTNAME}
>  CATEGORIES= net security
>  MASTER_SITES= ${HOMEPAGE}/dl/current/
>  
>  HOMEPAGE=       http://www.snort.org/
>  
> -# GPL
> +# GPLv2
>  PERMIT_PACKAGE_CDROM= Yes
>  PERMIT_PACKAGE_FTP=   Yes
>  PERMIT_DISTFILES_CDROM= Yes
> @@ -17,9 +17,11 @@ PERMIT_DISTFILES_FTP= Yes
>  WANTLIB= c m pcap
>  
>  SHARED_LIBS= sf_engine 0.0 \
> + sf_dcerpc_preproc 0.0 \
>   sf_dns_preproc 0.0 \
>   sf_ftptelnet_preproc 0.0 \
> - sf_smtp_preproc 0.0
> + sf_smtp_preproc 0.0 \
> + sf_ssh_preproc 0.0
>  
>  USE_LIBTOOL= Yes
>  
> @@ -62,10 +64,12 @@ CONFIGURE_ARGS+=--enable-prelude
>  MESSAGE= ${PKGDIR}/MESSAGE-prelude
>  .endif
>  
> -CONFIGS= classification.config gen-msg.map generators reference.config \
> - sid sid-msg.map snort.conf threshold.conf unicode.map
> +CONFIGS= classification.config gen-msg.map reference.config \
> + sid-msg.map snort.conf threshold.conf unicode.map
>  
> -DOCS= AUTHORS CREDITS README.* *.pdf
> +PREPROC= decoder.rules preprocessor.rules
> +
> +DOCS= AUTHORS CREDITS README README.* *.pdf TODO USAGE WISHLIST
>  
>  post-build:
>   @perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," \
> @@ -77,6 +81,11 @@ post-install:
>   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/snort
>  .for i in ${CONFIGS}
>   ${INSTALL_DATA} ${WRKSRC}/etc/${i} ${PREFIX}/share/examples/snort
> +.endfor
> + ${INSTALL_DATA} ${WRKSRC}/doc/generators ${PREFIX}/share/examples/snort
> +
> +.for i in ${PREPROC}
> + ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${i} ${PREFIX}/share/examples/snort
>  .endfor
>  
>   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snort
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/snort/distinfo,v
> retrieving revision 1.15
> diff -u -p -r1.15 distinfo
> --- distinfo 5 Apr 2007 16:20:15 -0000 1.15
> +++ distinfo 21 Nov 2007 00:43:34 -0000
> @@ -1,5 +1,5 @@
> -MD5 (snort-2.6.0.2.tar.gz) = XAlP9tgtuEWl8CPkpJIQPg==
> -RMD160 (snort-2.6.0.2.tar.gz) = cG1j24O30DesinHIEEMk2bdZTrU=
> -SHA1 (snort-2.6.0.2.tar.gz) = Gms/sZqC+Dvw/OWo226xJ3xyN5s=
> -SHA256 (snort-2.6.0.2.tar.gz) = B716x7ZF0TgKzmWzPAZO1Y2dwhvXNrH3a8V13CLhpeI=
> -SIZE (snort-2.6.0.2.tar.gz) = 3350277
> +MD5 (snort-2.8.0.tar.gz) = z7qxwuOc27iRISxL8V6C8w==
> +RMD160 (snort-2.8.0.tar.gz) = 2sNqSh/aYLZszcXHdKthqqD2yKg=
> +SHA1 (snort-2.8.0.tar.gz) = 8HuEoIcthhAGtWqManmmAwjdaLQ=
> +SHA256 (snort-2.8.0.tar.gz) = uaBzfTL2nEvnSySDJLQBc2Z7W8e09Yru9PInGi6oQtE=
> +SIZE (snort-2.8.0.tar.gz) = 4278872
> Index: patches/patch-etc_snort_conf
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-etc_snort_conf,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-etc_snort_conf
> --- patches/patch-etc_snort_conf 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-etc_snort_conf 21 Nov 2007 00:43:34 -0000
> @@ -1,22 +1,26 @@
>  $OpenBSD: patch-etc_snort_conf,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- etc/snort.conf.orig Wed Sep 13 21:44:31 2006
> -+++ etc/snort.conf Tue Oct 10 12:54:59 2006
> -@@ -82,6 +82,9 @@ var SNMP_SERVERS $HOME_NET
> - # Port lists must either be continuous [eg 80:8080], or a single port [eg 80].
> - # We will adding support for a real list of ports in the future.
> -
> +--- etc/snort.conf.orig Fri Sep  7 20:32:45 2007
> ++++ etc/snort.conf Mon Nov 19 22:23:57 2007
> +@@ -78,7 +78,10 @@ var SNMP_SERVERS $HOME_NET
> + # like this:
> + #
> + # portvar HTTP_PORTS 8081
> +-#
> ++
>  +# Ports you run ssh servers on
> -+var SSH_PORTS 22
> ++portvar SSH_PORTS 22
>  +
>   # Ports you run web servers on
> - #
> - # Please note:  [80,8080] does not work.
> -@@ -108,7 +111,7 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.
> + portvar HTTP_PORTS 80
> +
> +@@ -107,8 +110,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161
>   # Path to your rules files (this can be a relative path)
>   # Note for Windows users:  You are advised to make this an absolute path,
>   # such as:  c:\snort\rules
>  -var RULE_PATH ../rules
> +-var PREPROC_RULE_PATH ../preproc_rules
>  +var RULE_PATH %%SYSCONFDIR%%/snort/rules
> ++var PREPROC_RULE_PATH %%SYSCONFDIR%%/snort/preproc_rules
>  
>   # Configure the snort decoder
>   # ============================
> Index: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> ===================================================================
> RCS file: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> diff -N patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> --- patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 10 Oct 2006 13:33:17 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> ---- src/dynamic-plugins/sf_dynamic_plugins.c.orig Wed Sep 20 16:10:44 2006
> -+++ src/dynamic-plugins/sf_dynamic_plugins.c Wed Sep 20 16:09:23 2006
> -@@ -42,6 +42,8 @@
> - #define EXT "*.sl"
> - #elif defined(MACOS)
> - #define EXT "*.dylib"
> -+#elif defined(OPENBSD)
> -+#define EXT "*.so.*"
> - #else
> - #define EXT "*.so"
> - #endif
> Index: patches/patch-src_dynamic-preprocessors_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -1,16 +1,17 @@
>  $OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/Makefile.in.orig Wed Sep 13 21:40:06 2006
> -+++ src/dynamic-preprocessors/Makefile.in Sun Oct  1 17:38:17 2006
> -@@ -480,7 +480,7 @@ maintainer-clean-generic:
> +--- src/dynamic-preprocessors/Makefile.in.orig Fri Sep  7 20:31:51 2007
> ++++ src/dynamic-preprocessors/Makefile.in Mon Nov 19 22:18:10 2007
> +@@ -540,8 +540,7 @@ maintainer-clean-generic:
>   @echo "This command is intended for maintainers to use"
>   @echo "it deletes files that may require special tools to rebuild."
>   -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
> +-@HAVE_DYNAMIC_PLUGINS_FALSE@uninstall-local:
>  -@HAVE_DYNAMIC_PLUGINS_FALSE@install-data-local:
>  +install-data-local:
>   clean: clean-recursive
>  
>   clean-am: clean-generic clean-libtool clean-local mostlyclean-am
> -@@ -608,13 +608,6 @@ include/str_search.h: $(srcdir)/../prepr
> +@@ -705,20 +704,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s
>   clean-local:
>   rm -rf include build
>  
> @@ -20,6 +21,13 @@ $OpenBSD: patch-src_dynamic-preprocessor
>  -@HAVE_DYNAMIC_PLUGINS_TRUE@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
>  -@HAVE_DYNAMIC_PLUGINS_TRUE@ if test -f $(srcdir)/$$f; then p=$(srcdir)/$$f; else p=$$f; fi; \
>  -@HAVE_DYNAMIC_PLUGINS_TRUE@ $(INSTALL_DATA) $$p $(DESTDIR)$(srcinstdir)/$$truefile; \
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@ done
> +-
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@uninstall-local:
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@ @for f in $(exported_files); do \
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@ truefile=`echo $$f | sed -e "s/.*\///"`; \
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
> +-@HAVE_DYNAMIC_PLUGINS_TRUE@ $(RM) -f $(DESTDIR)$(srcinstdir)/$$truefile; \
>  -@HAVE_DYNAMIC_PLUGINS_TRUE@ done
>   # Tell versions [3.59,3.63) of GNU make to not export all variables.
>   # Otherwise a system limit (for SysV at least) may be exceeded.
> Index: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> ===================================================================
> RCS file: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> diff -N patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Fri Sep  7 20:31:51 2007
> ++++ src/dynamic-preprocessors/dcerpc/Makefile.in Mon Nov 19 22:18:11 2007
> +@@ -392,7 +392,7 @@ distdir: $(DISTFILES)
> + check-am: all-am
> + check: $(BUILT_SOURCES)
> + $(MAKE) $(AM_MAKEFLAGS) check-am
> +-all-am: Makefile $(LTLIBRARIES) all-local
> ++all-am: Makefile $(LTLIBRARIES)
> + installdirs:
> + for dir in "$(DESTDIR)$(libdir)"; do \
> +  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_dns_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dns_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_dns_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_dns_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_dns_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -1,7 +1,7 @@
>  $OpenBSD: patch-src_dynamic-preprocessors_dns_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/dns/Makefile.in.orig Tue Oct 10 12:22:55 2006
> -+++ src/dynamic-preprocessors/dns/Makefile.in Tue Oct 10 12:23:59 2006
> -@@ -373,7 +373,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/dns/Makefile.in.orig Fri Sep  7 20:31:51 2007
> ++++ src/dynamic-preprocessors/dns/Makefile.in Mon Nov 19 22:18:12 2007
> +@@ -374,7 +374,7 @@ distdir: $(DISTFILES)
>   check-am: all-am
>   check: $(BUILT_SOURCES)
>   $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
>  +all-am: Makefile $(LTLIBRARIES)
>   installdirs:
>   for dir in "$(DESTDIR)$(libdir)"; do \
> -  test -z "$$dir" || $(mkdir_p) "$$dir"; \
> +  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -1,7 +1,7 @@
>  $OpenBSD: patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Tue Oct 10 12:18:08 2006
> -+++ src/dynamic-preprocessors/ftptelnet/Makefile.in Tue Oct 10 12:18:34 2006
> -@@ -409,7 +409,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Fri Sep  7 20:31:51 2007
> ++++ src/dynamic-preprocessors/ftptelnet/Makefile.in Mon Nov 19 22:18:14 2007
> +@@ -414,7 +414,7 @@ distdir: $(DISTFILES)
>   check-am: all-am
>   check: $(BUILT_SOURCES)
>   $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
>  +all-am: Makefile $(LTLIBRARIES)
>   installdirs:
>   for dir in "$(DESTDIR)$(libdir)"; do \
> -  test -z "$$dir" || $(mkdir_p) "$$dir"; \
> +  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_smtp_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_smtp_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_smtp_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -1,7 +1,7 @@
>  $OpenBSD: patch-src_dynamic-preprocessors_smtp_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/smtp/Makefile.in.orig Tue Oct 10 12:22:47 2006
> -+++ src/dynamic-preprocessors/smtp/Makefile.in Tue Oct 10 12:23:13 2006
> -@@ -387,7 +387,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/smtp/Makefile.in.orig Fri Sep  7 20:31:52 2007
> ++++ src/dynamic-preprocessors/smtp/Makefile.in Mon Nov 19 22:18:14 2007
> +@@ -388,7 +388,7 @@ distdir: $(DISTFILES)
>   check-am: all-am
>   check: $(BUILT_SOURCES)
>   $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
>  +all-am: Makefile $(LTLIBRARIES)
>   installdirs:
>   for dir in "$(DESTDIR)$(libdir)"; do \
> -  test -z "$$dir" || $(mkdir_p) "$$dir"; \
> +  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> ===================================================================
> RCS file: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> diff -N patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/dynamic-preprocessors/ssh/Makefile.in.orig Fri Sep  7 20:31:52 2007
> ++++ src/dynamic-preprocessors/ssh/Makefile.in Mon Nov 19 22:18:15 2007
> +@@ -374,7 +374,7 @@ distdir: $(DISTFILES)
> + check-am: all-am
> + check: $(BUILT_SOURCES)
> + $(MAKE) $(AM_MAKEFLAGS) check-am
> +-all-am: Makefile $(LTLIBRARIES) all-local
> ++all-am: Makefile $(LTLIBRARIES)
> + installdirs:
> + for dir in "$(DESTDIR)$(libdir)"; do \
> +  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_event_h
> ===================================================================
> RCS file: patches/patch-src_event_h
> diff -N patches/patch-src_event_h
> --- patches/patch-src_event_h 25 Nov 2006 05:33:28 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,21 +0,0 @@
> -$OpenBSD: patch-src_event_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
> ---- src/event.h.orig Tue Aug 23 18:52:22 2005
> -+++ src/event.h Tue Nov  7 20:28:12 2006
> -@@ -34,6 +34,8 @@
> - #include <sys/time.h>
> - #endif
> -
> -+#include "snort_packet_header.h"
> -+
> - typedef struct _Event
> - {
> -     u_int32_t sig_generator;   /* which part of snort generated the alert? */
> -@@ -45,7 +47,7 @@ typedef struct _Event
> -     u_int32_t event_reference; /* reference to other events that have gone off,
> -                                 * such as in the case of tagged packets...
> -                                 */
> --    struct timeval ref_time;   /* reference time for the event reference */
> -+    struct pcap_timeval ref_time;   /* reference time for the event reference */
> -
> -     /* Don't add to this structure because this is the serialized data
> -      * struct for unified logging.
> Index: patches/patch-src_log_c
> ===================================================================
> RCS file: patches/patch-src_log_c
> diff -N patches/patch-src_log_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_log_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,39 @@
> +$OpenBSD$
> +--- src/log.c.orig Mon Aug 20 19:40:24 2007
> ++++ src/log.c Mon Nov 19 22:32:12 2007
> +@@ -355,7 +355,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p)
> +     DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type););
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* dump the timestamp */
> +     fwrite(timestamp, strlen(timestamp), 1, fp);
> +@@ -800,7 +800,7 @@ void PrintArpHeader(FILE * fp, Packet * p)
> +
> +     bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* determine what to use as MAC src and dst */
> +     if (p->eh != NULL)
> +@@ -1874,7 +1874,7 @@ void PrintEapolPkt(FILE * fp, Packet * p)
> +  
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* dump the timestamp */
> +     fwrite(timestamp, strlen(timestamp), 1, fp);
> +@@ -2048,7 +2048,7 @@ void PrintWifiPkt(FILE * fp, Packet * p)
> +
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* dump the timestamp */
> +     fwrite(timestamp, strlen(timestamp), 1, fp);
> Index: patches/patch-src_output-plugins_spo_alert_fast_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_alert_fast_c
> diff -N patches/patch-src_output-plugins_spo_alert_fast_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_alert_fast_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_alert_fast.c.orig Mon Aug 20 19:26:05 2007
> ++++ src/output-plugins/spo_alert_fast.c Mon Nov 19 22:36:30 2007
> +@@ -138,7 +138,7 @@ void AlertFast(Packet *p, char *msg, void *arg, Event
> +     SpoAlertFastData *data = (SpoAlertFastData *)arg;
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* dump the timestamp */
> +     fwrite(timestamp, strlen(timestamp), 1, data->file);
> Index: patches/patch-src_output-plugins_spo_alert_full_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_alert_full_c
> diff -N patches/patch-src_output-plugins_spo_alert_full_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_alert_full_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_alert_full.c.orig Mon Aug 20 19:26:05 2007
> ++++ src/output-plugins/spo_alert_full.c Mon Nov 19 22:36:14 2007
> +@@ -162,7 +162,7 @@ void AlertFull(Packet *p, char *msg, void *arg, Event
> +     DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n"););
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     /* dump the timestamp */
> +     fwrite(timestamp, strlen(timestamp), 1, data->file);
> Index: patches/patch-src_output-plugins_spo_csv_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_csv_c
> diff -N patches/patch-src_output-plugins_spo_csv_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_csv_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_csv.c.orig Mon Aug 20 19:26:06 2007
> ++++ src/output-plugins/spo_csv.c Mon Nov 19 22:37:14 2007
> +@@ -270,7 +270,7 @@ void RealAlertCSV(Packet * p, char *msg, FILE * file,
> + return;
> +
> +     bzero((char *) timestamp, TIMEBUF_SIZE);
> +-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
> ++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
> +
> +     DEBUG_WRAP(DebugMessage(DEBUG_LOG,"Logging CSV Alert data\n"););
> +
> Index: patches/patch-src_output-plugins_spo_unified_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_unified_c
> diff -N patches/patch-src_output-plugins_spo_unified_c
> --- patches/patch-src_output-plugins_spo_unified_c 25 Nov 2006 05:33:28 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,38 +0,0 @@
> -$OpenBSD: patch-src_output-plugins_spo_unified_c,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
> ---- src/output-plugins/spo_unified.c.orig Fri May 12 20:19:56 2006
> -+++ src/output-plugins/spo_unified.c Tue Nov  7 20:28:12 2006
> -@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
> - typedef struct _UnifiedAlert
> - {
> -     Event event;
> --    struct timeval ts;         /* event timestamp */
> -+    struct pcap_timeval ts;    /* event timestamp */
> -     u_int32_t sip;             /* src ip */
> -     u_int32_t dip;             /* dest ip */
> -     u_int16_t sp;              /* src port */
> -@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
> -          * this will have to be fixed when we transition to the pa_engine
> -          * code (p->pkth is libpcap specific)
> -          */
> --        memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
> -+        logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
> -+        logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
> -+        logheader.pkth.caplen = p->pkth->caplen;
> -+        logheader.pkth.pktlen = p->pkth->len;
> -+
> -     }
> -     else
> -     {
> -@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
> -         {
> -             logheader.flags = p->packet_flags;
> -
> --            memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
> -+            logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
> -+            logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
> -+            logheader.pkth.caplen = p->pkth->caplen;
> -+            logheader.pkth.pktlen = p->pkth->len;
> -+
> -
> - #ifdef GIDS
> -             /*
> Index: patches/patch-src_ppm_c
> ===================================================================
> RCS file: patches/patch-src_ppm_c
> diff -N patches/patch-src_ppm_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_ppm_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,21 @@
> +$OpenBSD$
> +--- src/ppm.c.orig Mon Aug 20 19:25:02 2007
> ++++ src/ppm.c Mon Nov 19 22:39:12 2007
> +@@ -360,7 +360,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
> +         if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
> +         {
> +             if(!*timestamp)
> +-                ts_print((struct timeval*)&p->pkth->ts, timestamp);
> ++                ts_print((struct timeval32*)&p->pkth->ts, timestamp);
> +
> +             LogMessage(PPM_FMT_REENABLED,
> +                 otn->sigInfo.generator,
> +@@ -423,7 +423,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
> +         if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
> +         {
> +             if(!*timestamp)
> +-                ts_print((struct timeval*)&p->pkth->ts, timestamp);
> ++                ts_print((struct timeval32*)&p->pkth->ts, timestamp);
> +
> +             LogMessage(PPM_FMT_SUSPENDED,
> +                 otn->sigInfo.generator,
> Index: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> diff -N patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Fri Sep  7 20:04:06 2007
> ++++ src/preprocessors/Stream5/snort_stream5_tcp.c Mon Nov 19 22:38:27 2007
> +@@ -6076,7 +6076,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet
> +                     char src_addr[17];
> +                     char dst_addr[17];
> +                     bzero((char *)timestamp, TIMEBUF_SIZE);
> +-                    ts_print((struct timeval *) &p->pkth->ts, timestamp);
> ++                    ts_print((struct timeval32 *) &p->pkth->ts, timestamp);
> +                     SnortSnprintf(src_addr, 17, "%s",
> +                         inet_ntoa(GET_SRC_IP(p)));
> +                     SnortSnprintf(dst_addr, 17, "%s",
> Index: patches/patch-src_preprocessors_snort_stream4_session_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_snort_stream4_session_c
> diff -N patches/patch-src_preprocessors_snort_stream4_session_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_snort_stream4_session_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/snort_stream4_session.c.orig Mon Aug 20 19:30:23 2007
> ++++ src/preprocessors/snort_stream4_session.c Mon Nov 19 22:50:05 2007
> +@@ -149,7 +149,7 @@ int GetSessionKey(Packet *p, SessionHashKey *key)
> +     key->proto = GET_IPH_PROTO(p);
> +
> + #ifdef _LP64
> +-    key->pad1 = key->pad2 = 0;
> ++    key->pad1 = key->pad2 = key->pad3 = 0;
> + #endif
> +
> +     return 1;
> Index: patches/patch-src_preprocessors_spp_sfportscan_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_spp_sfportscan_c
> diff -N patches/patch-src_preprocessors_spp_sfportscan_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_spp_sfportscan_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/spp_sfportscan.c.orig Fri Sep  7 19:59:20 2007
> ++++ src/preprocessors/spp_sfportscan.c Mon Nov 19 22:39:50 2007
> +@@ -247,7 +247,7 @@ static int LogPortscanAlert(Packet *p, char *msg, u_in
> +         return 0;
> +     }
> +
> +-    ts_print((struct timeval *)&p->pkth->ts, timebuf);
> ++    ts_print((struct timeval32 *)&p->pkth->ts, timebuf);
> +
> +     fprintf(g_logfile, "Time: %s\n", timebuf);
> +
> Index: patches/patch-src_preprocessors_stream_h
> ===================================================================
> RCS file: patches/patch-src_preprocessors_stream_h
> diff -N patches/patch-src_preprocessors_stream_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_stream_h 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,80 @@
> +$OpenBSD$
> +--- src/preprocessors/stream.h.orig Mon Aug 20 19:30:23 2007
> ++++ src/preprocessors/stream.h Mon Nov 19 22:54:03 2007
> +@@ -39,12 +39,12 @@ typedef struct _StreamPacketData
> +     u_int8_t *pktOrig;
> +     u_int8_t *pkt;
> +     struct pcap_pkthdr pkth;
> +-    u_int16_t pkt_size;
> +     /* Pointer to trimmed payload */
> +     u_int8_t *payload;
> +-    u_int16_t payload_size;
> +     u_int32_t seq_num;
> +     u_int32_t cksum;
> ++    u_int16_t pkt_size;
> ++    u_int16_t payload_size;
> +     u_int8_t  chuck;   /* mark the spd for chucking if it's
> +                         * been reassembled
> +                         */
> +@@ -66,34 +66,37 @@ typedef struct _StreamAlertInfo
> + typedef struct _Stream
> + {
> +     ip_t      ip;          /* IP addr */
> +-    u_int16_t port;        /* port number */
> +-    u_int8_t  state;       /* stream state */
> +     u_int32_t isn;         /* initial sequence number */
> +     u_int32_t base_seq;    /* base seq num for this packet set */
> +     u_int32_t last_ack;    /* last segment ack'd */
> ++    u_int16_t port;        /* port number */
> +     u_int16_t win_size;    /* window size */
> +     u_int32_t next_seq;    /* next sequence we expect to see -- used on reassemble */
> +     u_int32_t pkts_sent;   /* track the number of packets in this stream */
> +     u_int32_t bytes_sent;  /* track the number of bytes in this stream */
> +     u_int32_t bytes_tracked; /* track the total number of bytes on this side */
> ++    u_int8_t  state;       /* stream state */
> +     u_int8_t  state_queue;    /* queued state transition */
> +     u_int8_t  expected_flags; /* tcp flag needed to accept transition */
> +-    u_int32_t trans_seq;      /* sequence number of transition packet */
> +     u_int8_t  stq_chk_seq;    /* flag to see if we need to check the seq
> +                                  num of the state transition packet */
> ++    u_int32_t trans_seq;      /* sequence number of transition packet */
> +     u_int32_t overlap_pkts;  /* track the number of packets with duplicate seq #s */
> +     u_int32_t bytes_inspected; /* track the number of bytes seen since last
> +                                 * data from other side */
> +
> ++    u_int32_t pkt_count;
> +     StreamPacketData *seglist;
> +     StreamPacketData *seglist_tail;
> +-    u_int32_t pkt_count;
> +-    char flags;
> +
> +     StreamAlertInfo alerts[MAX_SESSION_ALERTS];
> +     u_int8_t  alert_count;   /* count alerts seen in a stream */
> +
> +     u_int8_t  outoforder;    /* flag indicating stream is no longer in order */
> ++    char flags;
> ++#if defined(_LP64)
> ++    char pad;
> ++#endif
> + } Stream;
> +
> + typedef struct _SessionHashKey
> +@@ -103,14 +106,13 @@ typedef struct _SessionHashKey
> +     u_int16_t port; /* If IPs are the same, this will be the lower of
> +                      * the two ports.  Otherwise, it will be the port
> +                      * corresponding to lowIP. */
> +-#if defined(_LP64)
> +-    u_int16_t pad1;
> +-#endif
> +     u_int16_t port2;
> ++    u_int8_t  proto;
> + #if defined(_LP64)
> +-    u_int16_t pad2;
> ++    u_int8_t pad1;
> ++    u_int8_t pad2;
> ++    u_int8_t pad3;
> + #endif
> +-    u_int8_t  proto;
> + } SessionHashKey;
> +
> + typedef struct _StreamApplicationData
> Index: patches/patch-src_snort_packet_header_h
> ===================================================================
> RCS file: patches/patch-src_snort_packet_header_h
> diff -N patches/patch-src_snort_packet_header_h
> --- patches/patch-src_snort_packet_header_h 25 Nov 2006 05:33:28 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,25 +0,0 @@
> -$OpenBSD: patch-src_snort_packet_header_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
> ---- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
> -+++ src/snort_packet_header.h Tue Nov  7 20:28:12 2006
> -@@ -16,12 +16,20 @@
> - #include <sys/types.h>
> -
> -
> -+/* we must use fixed size of 32 bits, because on-disk
> -+ * format of savefiles uses 32-bit tv_sec (and tv_usec)
> -+ */
> -+struct pcap_timeval {
> -+    u_int32_t tv_sec;      /* seconds */
> -+    u_int32_t tv_usec;     /* microseconds */
> -+};
> -+
> - /* this is equivalent to the pcap pkthdr struct, but we need one for
> -  * portability once we introduce the pa_engine code
> -  */
> - typedef struct _SnortPktHeader
> - {
> --    struct timeval ts;     /* packet timestamp */
> -+    struct pcap_timeval ts;/* packet timestamp */
> -     u_int32_t caplen;      /* packet capture length */
> -     u_int32_t pktlen;      /* packet "real" length */
> - } SnortPktHeader;
> Index: patches/patch-src_util_c
> ===================================================================
> RCS file: patches/patch-src_util_c
> diff -N patches/patch-src_util_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_util_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,29 @@
> +$OpenBSD$
> +--- src/util.c.orig Mon Aug 20 18:31:51 2007
> ++++ src/util.c Mon Nov 19 22:37:37 2007
> +@@ -392,12 +392,13 @@ int DisplayBanner()
> +  * Returns: void function
> +  *
> +  ****************************************************************************/
> +-void ts_print(register const struct timeval *tvp, char *timebuf)
> ++void ts_print(register const struct timeval32 *tvp, char *timebuf)
> + {
> +     register int s;
> +     int    localzone;
> +     time_t Time;
> +     struct timeval tv;
> ++    struct timeval32 tvnow;
> +     struct timezone tz;
> +     struct tm *lt;    /* place to stick the adjusted clock data */
> +
> +@@ -407,7 +408,9 @@ void ts_print(register const struct timeval *tvp, char
> +         /* manual page (for linux) says tz is never used, so.. */
> +         bzero((char *) &tz, sizeof(tz));
> +         gettimeofday(&tv, &tz);
> +-        tvp = &tv;
> ++        tvnow.tv_sec = tv.tv_sec;
> ++        tvnow.tv_usec = tv.tv_usec;
> ++        tvp = &tvnow;
> +     }
> +
> +     localzone = thiszone;
> Index: patches/patch-src_util_h
> ===================================================================
> RCS file: patches/patch-src_util_h
> diff -N patches/patch-src_util_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_util_h 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,20 @@
> +$OpenBSD$
> +--- src/util.h.orig Mon Aug 20 18:35:44 2007
> ++++ src/util.h Mon Nov 19 22:31:17 2007
> +@@ -34,6 +34,7 @@
> + #endif
> +
> + #include "sf_types.h"
> ++#include "pcap_pkthdr32.h"
> +
> + /* specifies that a function does not return
> +  * used for quieting Visual Studio warnings
> +@@ -139,7 +140,7 @@ typedef struct _IntervalStats
> + int DisplayBanner();
> + void GetTime(char *);
> + int gmt2local(time_t);
> +-void ts_print(register const struct timeval *, char *);
> ++void ts_print(register const struct timeval32 *, char *);
> + char *copy_argv(char **);
> + void strip(char *);
> + double CalcPct(UINT64, UINT64);
> Index: pkg/PFRAG.prelude
> ===================================================================
> RCS file: pkg/PFRAG.prelude
> diff -N pkg/PFRAG.prelude
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/PFRAG.prelude 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1 @@
> +@exec usermod -G _prelude _snort
> Index: pkg/PFRAG.shared
> ===================================================================
> RCS file: /cvs/ports/net/snort/pkg/PFRAG.shared,v
> retrieving revision 1.1
> diff -u -p -r1.1 PFRAG.shared
> --- pkg/PFRAG.shared 10 Oct 2006 13:33:17 -0000 1.1
> +++ pkg/PFRAG.shared 21 Nov 2007 00:43:34 -0000
> @@ -1,5 +1,7 @@
>  @comment $OpenBSD: PFRAG.shared,v 1.1 2006/10/10 13:33:17 aanriot Exp $
>  @lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION}
> +@lib lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.${LIBsf_dcerpc_preproc_VERSION}
>  @lib lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.${LIBsf_dns_preproc_VERSION}
>  @lib lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.${LIBsf_ftptelnet_preproc_VERSION}
>  @lib lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.${LIBsf_smtp_preproc_VERSION}
> +@lib lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.${LIBsf_ssh_preproc_VERSION}
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/snort/pkg/PLIST,v
> retrieving revision 1.15
> diff -u -p -r1.15 PLIST
> --- pkg/PLIST 10 Oct 2006 13:33:17 -0000 1.15
> +++ pkg/PLIST 21 Nov 2007 00:43:34 -0000
> @@ -1,22 +1,29 @@
>  @comment $OpenBSD: PLIST,v 1.15 2006/10/10 13:33:17 aanriot Exp $
>  @newgroup _snort:557
>  @newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
> +%%prelude%%
>  %%SHARED%%
>  bin/snort
>  lib/snort_dynamicengine/
>  lib/snort_dynamicengine/libsf_engine.a
>  @comment lib/snort_dynamicengine/libsf_engine.la
>  lib/snort_dynamicpreprocessor/
> +lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
> +@comment lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
>  lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
>  @comment lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
>  lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
>  @comment lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
>  lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
>  @comment lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
> +lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
> +@comment lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
>  @man man/man8/snort.8
>  share/doc/snort/
>  share/doc/snort/AUTHORS
>  share/doc/snort/CREDITS
> +share/doc/snort/README
> +share/doc/snort/README.ARUBA
>  share/doc/snort/README.FLEXRESP
>  share/doc/snort/README.FLEXRESP2
>  share/doc/snort/README.INLINE
> @@ -29,6 +36,8 @@ share/doc/snort/README.alert_order
>  share/doc/snort/README.asn1
>  share/doc/snort/README.csv
>  share/doc/snort/README.database
> +share/doc/snort/README.dcerpc
> +share/doc/snort/README.decode
>  share/doc/snort/README.dns
>  share/doc/snort/README.event_queue
>  share/doc/snort/README.flow
> @@ -37,25 +46,32 @@ share/doc/snort/README.flowbits
>  share/doc/snort/README.frag3
>  share/doc/snort/README.ftptelnet
>  share/doc/snort/README.http_inspect
> +share/doc/snort/README.ppm
>  share/doc/snort/README.sfportscan
> +share/doc/snort/README.ssh
> +share/doc/snort/README.stream4
> +share/doc/snort/README.stream5
> +share/doc/snort/README.tag
>  share/doc/snort/README.thresholding
> +share/doc/snort/README.variables
>  share/doc/snort/README.wireless
> +share/doc/snort/TODO
> +share/doc/snort/USAGE
> +share/doc/snort/WISHLIST
>  share/doc/snort/faq.pdf
> +share/doc/snort/generators
>  share/doc/snort/snort_manual.pdf
>  share/doc/snort/snort_schema_v106.pdf
>  share/examples/snort/
>  @sample ${SYSCONFDIR}/snort/
>  @sample ${SYSCONFDIR}/snort/rules/
> +@sample ${SYSCONFDIR}/snort/preproc_rules/
>  share/examples/snort/classification.config
>  @sample ${SYSCONFDIR}/snort/classification.config
>  share/examples/snort/gen-msg.map
>  @sample ${SYSCONFDIR}/snort/gen-msg.map
> -share/examples/snort/generators
> -@sample ${SYSCONFDIR}/snort/generators
>  share/examples/snort/reference.config
>  @sample ${SYSCONFDIR}/snort/reference.config
> -share/examples/snort/sid
> -@sample ${SYSCONFDIR}/snort/sid
>  share/examples/snort/sid-msg.map
>  @sample ${SYSCONFDIR}/snort/sid-msg.map
>  share/examples/snort/snort.conf
> @@ -64,6 +80,11 @@ share/examples/snort/threshold.conf
>  @sample ${SYSCONFDIR}/snort/threshold.conf
>  share/examples/snort/unicode.map
>  @sample ${SYSCONFDIR}/snort/unicode.map
> +@sample ${SYSCONFDIR}/snort/generators
> +share/examples/snort/decoder.rules
> +@sample ${SYSCONFDIR}/snort/preproc_rules/decoder.rules
> +share/examples/snort/preprocessor.rules
> +@sample ${SYSCONFDIR}/snort/preproc_rules/preprocessor.rules
>  @sample /var/snort/
>  @owner _snort
>  @group _snort

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

Claer
In reply to this post by Markus Lude-3
On Thu, Nov 29 2007 at 21:00, Markus Lude wrote:
> Hello,
> here is an update to snort 2.8.0. Please test/comment/commit/...

Does not compile on i386 with FLAVOR="flexresp" on 4.2-stable

> Based on changes for 2.7.0.1 by Jason Dixon.
> Some added patches fix bus errors on sparc64 noticed by rui@.
>
> If noone other wants, I would take maintainership (not included in
> diff).
>
> Regards,
> Markus
>

Here is the compile error

cc -DHAVE_CONFIG_H -I. -I../.. -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0 -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/sfutil  -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/output-plugins -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/dynamic-plugins -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors/flow -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors/portscan  -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors/flow/int-snort  -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors/HttpInspect/include -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/preprocessors/Stream5 -I/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/target-based   -I/usr/local/include -DENABLE_RESPONSE2 -I/usr/local/include  -O2 -pipe -Wall -DDYNAMIC_PLUGIN -c /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c
In file included from /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/decode.h:49,
                 from /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:99:
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/ipv6_port.h:71: error: conflicting types for `ip_t'
/usr/local/include/dnet/ip.h:411: error: previous declaration of `ip_t'
In file included from /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:99:
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/decode.h:948:1: warning: "IP_PROTO_HOPOPTS" redefined
In file included from /usr/local/include/dnet.h:15,
                 from /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:97:
/usr/local/include/dnet/ip.h:97:1: warning: this is the location of the previous definition
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c: In function `Respond2Init':
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:260: warning: assignment from incompatible pointer type
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c: In function `Respond2Restart':
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:299: warning: passing arg 1 of `ip_close' from incompatible pointer type
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:299: warning: assignment from incompatible pointer type
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c: In function `SendReset':
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:682: warning: passing arg 1 of `ip_send' from incompatible pointer type
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c: In function `SendUnreach':
/usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/snort-2.8.0/src/detection-plugins/sp_respond2.c:806: warning: passing arg 1 of `ip_send' from incompatible pointer type
*** Error code 1

Stop in /usr/ports/dynetcom/snort/w-snort-2.8.0-flexresp/build-i386-flexresp/src/detection-plugins.
*** Error code 1


Claer

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

Nikns Siankin
In reply to this post by Markus Lude-3
On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:

>Hello,
>here is an update to snort 2.8.0. Please test/comment/commit/...
>
>Based on changes for 2.7.0.1 by Jason Dixon.
>Some added patches fix bus errors on sparc64 noticed by rui@.
>
>If noone other wants, I would take maintainership (not included in
>diff).
>
>Regards,
>Markus
>
Attached diff to apply after your diff.

* Updated to 2.8.0.1
* Fixes flexresp flavor: http://marc.info/?l=snort-users&m=119099490314507&w=2
* Fixes prelude WANTLIB
* Replaces depricated --with-mysql

snort_2.8.0.1.diff (10K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0

Claer
On Fri, Nov 30 2007 at 34:12, Nikns Siankin wrote:

> On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:
> >Hello,
> >here is an update to snort 2.8.0. Please test/comment/commit/...
> >
> >Based on changes for 2.7.0.1 by Jason Dixon.
> >Some added patches fix bus errors on sparc64 noticed by rui@.
> >
> >If noone other wants, I would take maintainership (not included in
> >diff).
> >
> >Regards,
> >Markus
> >
>
> Attached diff to apply after your diff.
>
> * Updated to 2.8.0.1
> * Fixes flexresp flavor: http://marc.info/?l=snort-users&m=119099490314507&w=2
> * Fixes prelude WANTLIB
> * Replaces depricated --with-mysql

Compile fine this time with flexresp. I'll test with prelude in the next
few days.

Thanks !

Claer

Reply | Threaded
Open this post in threaded view
|

[UPDATE] net/snort 2.8.0.1 (was: [UPDATE] net/snort 2.8.0)

Markus Lude-3
In reply to this post by Nikns Siankin
On Fri, Nov 30, 2007 at 12:34:06PM +0200, Nikns Siankin wrote:

> On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:
> >Hello,
> >here is an update to snort 2.8.0. Please test/comment/commit/...
> >
> >Based on changes for 2.7.0.1 by Jason Dixon.
> >Some added patches fix bus errors on sparc64 noticed by rui@.
> >
> >If noone other wants, I would take maintainership (not included in
> >diff).
> >
> >Regards,
> >Markus
> >
>
> Attached diff to apply after your diff.
Thanks for the diff.

> * Updated to 2.8.0.1
> * Fixes flexresp flavor: http://marc.info/?l=snort-users&m=119099490314507&w=2

Main problem here: one hunk of the distpatch file for
src/preprocessors/stream.h conflicts with a patch. I solved this by
removing that hunk from the distpatch file and do the patch in
post-patch.

Some questions here:
* Is it ok to use this distpatch file? IMO this makes it easier to get
  rid of it when the stuff made it upstream in the next release
* Is there some prefered way to resolve conflicts between a distpatch
  file which is used only for a flavor and the normal patches?

> * Fixes prelude WANTLIB
> * Replaces depricated --with-mysql

Fixed flavors stuff.

New diff against CVS attached. Please test/comment/commit/...

Regards,
Markus


snort-2.8.0.1.diff (37K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0.1

Markus Lude-3
On Sat, Dec 01, 2007 at 01:42:41PM +0100, Markus Lude wrote:

> On Fri, Nov 30, 2007 at 12:34:06PM +0200, Nikns Siankin wrote:
> > On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:
> > >Hello,
> > >here is an update to snort 2.8.0. Please test/comment/commit/...
> > >
> > >Based on changes for 2.7.0.1 by Jason Dixon.
> > >Some added patches fix bus errors on sparc64 noticed by rui@.
> > >
> > >If noone other wants, I would take maintainership (not included in
> > >diff).
> > >
> > >Regards,
> > >Markus
> > >
> >
> > Attached diff to apply after your diff.
>
> Thanks for the diff.
>
> > * Updated to 2.8.0.1
> > * Fixes flexresp flavor: http://marc.info/?l=snort-users&m=119099490314507&w=2
>
> Main problem here: one hunk of the distpatch file for
> src/preprocessors/stream.h conflicts with a patch. I solved this by
> removing that hunk from the distpatch file and do the patch in
> post-patch.
>
> Some questions here:
> * Is it ok to use this distpatch file? IMO this makes it easier to get
>   rid of it when the stuff made it upstream in the next release
> * Is there some prefered way to resolve conflicts between a distpatch
>   file which is used only for a flavor and the normal patches?

no comments?

> > * Fixes prelude WANTLIB
> > * Replaces depricated --with-mysql
>
> Fixed flavors stuff.
>
> New diff against CVS attached. Please test/comment/commit/...

Did anyone test that last diff?

The only known issue so far seems crashes on the alpha from Jason Dixon.
Sadly there wasn't any core left yet which makes it difficult to find
the cause of this.

Regards,
Markus

Reply | Threaded
Open this post in threaded view
|

Re: [UPDATE] net/snort 2.8.0.1 (was: [UPDATE] net/snort 2.8.0)

Rui Reis-2
In reply to this post by Markus Lude-3
On Sat, Dec 01, 2007 at 01:42:41PM +0100, Markus Lude wrote:
>
> New diff against CVS attached. Please test/comment/commit/...

new diff with a few changes. Please test.

Comments/oks?

cheers,
rui


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.51
diff -u -r1.51 Makefile
--- Makefile 15 Sep 2007 22:36:59 -0000 1.51
+++ Makefile 9 Feb 2008 17:38:12 -0000
@@ -2,29 +2,34 @@
 
 COMMENT= highly flexible sniffer/NIDS
 
-DISTNAME= snort-2.6.0.2
-PKGNAME= ${DISTNAME}p1
+DISTNAME= snort-2.8.0.1
 CATEGORIES= net security
 MASTER_SITES= ${HOMEPAGE}/dl/current/
 
 HOMEPAGE=       http://www.snort.org/
 
-# GPL
+MAINTAINER= Markus Lude <[hidden email]>
+
+# GPLv2
 PERMIT_PACKAGE_CDROM= Yes
 PERMIT_PACKAGE_FTP=   Yes
 PERMIT_DISTFILES_CDROM= Yes
 PERMIT_DISTFILES_FTP= Yes
-WANTLIB= c m pcap
+WANTLIB= c m pcap
 
-SHARED_LIBS= sf_engine 0.0 \
- sf_dns_preproc 0.0 \
- sf_ftptelnet_preproc 0.0 \
- sf_smtp_preproc 0.0
+SHARED_LIBS= sf_engine 1.0 \
+ sf_dns_preproc 1.0 \
+ sf_ftptelnet_preproc 1.0 \
+ sf_smtp_preproc 1.0 \
+ sf_dcerpc_preproc 0.0 \
+ sf_ssh_preproc 0.0 \
+ _sfdynamic_example_rule 0.0 \
+ _sfdynamic_preprocessor_example 0.0
 
 USE_LIBTOOL= Yes
 
 SEPARATE_BUILD= concurrent
-CONFIGURE_STYLE=gnu
+CONFIGURE_STYLE=simple
 CONFIGURE_ARGS+=${CONFIGURE_SHARED} \
  --enable-dynamicplugin
 
@@ -41,6 +46,9 @@
 .if ${FLAVOR:L:Mflexresp}
 LIB_DEPENDS+= dnet.=1::net/libdnet
 CONFIGURE_ARGS+=--enable-flexresp2
+
+MASTER_SITES0= http://www-fs.informatik.uni-tuebingen.de/~lude/openbsd/distfiles/
+PATCHFILES= snort-flexresp_patch.diff:0
 .endif
 
 .if ${FLAVOR:L:Mpostgresql}
@@ -50,22 +58,31 @@
 
 .if ${FLAVOR:L:Mmysql}
 LIB_DEPENDS+= lib/mysql/mysqlclient.>=10::databases/mysql
-CONFIGURE_ARGS+=--with-mysql="${LOCALBASE}"
+CONFIGURE_ARGS+=--with-mysql-libraries="${LOCALBASE}/lib" \
+ --with-mysql-includes="${LOCALBASE}/include"
 WANTLIB+= z
 .endif
 
 .if ${FLAVOR:L:Mprelude}
 MODULES= devel/gettext
-WANTLIB+= gcrypt gpg-error pthread z
+WANTLIB+= gcrypt gnutls gpg-error pthread z
 LIB_DEPENDS+= prelude.>=8::security/prelude/libprelude
 CONFIGURE_ARGS+=--enable-prelude
 MESSAGE= ${PKGDIR}/MESSAGE-prelude
 .endif
 
-CONFIGS= classification.config gen-msg.map generators reference.config \
- sid sid-msg.map snort.conf threshold.conf unicode.map
+CONFIGS= classification.config gen-msg.map reference.config \
+ sid-msg.map snort.conf threshold.conf unicode.map
 
-DOCS= AUTHORS CREDITS README.* *.pdf
+PREPROC= decoder.rules preprocessor.rules
+
+DOCS= AUTHORS CREDITS README README.* *.pdf TODO USAGE WISHLIST
+
+# workaround conflicts between distpatches and patches
+post-patch:
+.if ${FLAVOR:L:Mflexresp}
+ @perl -pi -e "s,ip_t,snort_ip," ${WRKSRC}/src/preprocessors/stream.h
+.endif
 
 post-build:
  @perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," \
@@ -77,6 +94,11 @@
  ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/snort
 .for i in ${CONFIGS}
  ${INSTALL_DATA} ${WRKSRC}/etc/${i} ${PREFIX}/share/examples/snort
+.endfor
+ ${INSTALL_DATA} ${WRKSRC}/doc/generators ${PREFIX}/share/examples/snort
+
+.for i in ${PREPROC}
+ ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${i} ${PREFIX}/share/examples/snort
 .endfor
 
  ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snort
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/snort/distinfo,v
retrieving revision 1.15
diff -u -r1.15 distinfo
--- distinfo 5 Apr 2007 16:20:15 -0000 1.15
+++ distinfo 9 Feb 2008 17:38:12 -0000
@@ -1,5 +1,10 @@
-MD5 (snort-2.6.0.2.tar.gz) = XAlP9tgtuEWl8CPkpJIQPg==
-RMD160 (snort-2.6.0.2.tar.gz) = cG1j24O30DesinHIEEMk2bdZTrU=
-SHA1 (snort-2.6.0.2.tar.gz) = Gms/sZqC+Dvw/OWo226xJ3xyN5s=
-SHA256 (snort-2.6.0.2.tar.gz) = B716x7ZF0TgKzmWzPAZO1Y2dwhvXNrH3a8V13CLhpeI=
-SIZE (snort-2.6.0.2.tar.gz) = 3350277
+MD5 (snort-2.8.0.1.tar.gz) = u2UOjv6Fj1w8yx5HF3XX5w==
+MD5 (snort-flexresp_patch.diff) = ZYyI5dSWIpCkny37tRidUQ==
+RMD160 (snort-2.8.0.1.tar.gz) = oLC+wvfMoNR6WYcIu/xpysr0ShI=
+RMD160 (snort-flexresp_patch.diff) = vrc4csTm8t0HUKMbYMrMzDs66jA=
+SHA1 (snort-2.8.0.1.tar.gz) = s7RfptUDcvZYfNd2r0O0FSURljA=
+SHA1 (snort-flexresp_patch.diff) = qkgi0RNWJintUwpX6uYE4QdeWV4=
+SHA256 (snort-2.8.0.1.tar.gz) = T6dP2/5nc2Kw/vImAm5/EQ196Fa6qtIbX+Pr0PYnsRI=
+SHA256 (snort-flexresp_patch.diff) = cBSVJQ939iIageqqNMHQnsa1GjjplPju96ePvHBMyNY=
+SIZE (snort-2.8.0.1.tar.gz) = 4331731
+SIZE (snort-flexresp_patch.diff) = 48418
Index: patches/patch-etc_snort_conf
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-etc_snort_conf,v
retrieving revision 1.1
diff -u -r1.1 patch-etc_snort_conf
--- patches/patch-etc_snort_conf 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-etc_snort_conf 9 Feb 2008 17:38:12 -0000
@@ -1,22 +1,26 @@
 $OpenBSD: patch-etc_snort_conf,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- etc/snort.conf.orig Wed Sep 13 21:44:31 2006
-+++ etc/snort.conf Tue Oct 10 12:54:59 2006
-@@ -82,6 +82,9 @@ var SNMP_SERVERS $HOME_NET
- # Port lists must either be continuous [eg 80:8080], or a single port [eg 80].
- # We will adding support for a real list of ports in the future.
-
+--- etc/snort.conf.orig Fri Sep  7 20:32:45 2007
++++ etc/snort.conf Mon Nov 19 22:23:57 2007
+@@ -78,7 +78,10 @@ var SNMP_SERVERS $HOME_NET
+ # like this:
+ #
+ # portvar HTTP_PORTS 8081
+-#
++
 +# Ports you run ssh servers on
-+var SSH_PORTS 22
++portvar SSH_PORTS 22
 +
  # Ports you run web servers on
- #
- # Please note:  [80,8080] does not work.
-@@ -108,7 +111,7 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.
+ portvar HTTP_PORTS 80
+
+@@ -107,8 +110,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161
  # Path to your rules files (this can be a relative path)
  # Note for Windows users:  You are advised to make this an absolute path,
  # such as:  c:\snort\rules
 -var RULE_PATH ../rules
+-var PREPROC_RULE_PATH ../preproc_rules
 +var RULE_PATH %%SYSCONFDIR%%/snort/rules
++var PREPROC_RULE_PATH %%SYSCONFDIR%%/snort/preproc_rules
 
  # Configure the snort decoder
  # ============================
Index: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-plugins_sf_dynamic_plugins_c
--- patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 9 Feb 2008 17:38:12 -0000
@@ -1,11 +1,13 @@
---- src/dynamic-plugins/sf_dynamic_plugins.c.orig Wed Sep 20 16:10:44 2006
-+++ src/dynamic-plugins/sf_dynamic_plugins.c Wed Sep 20 16:09:23 2006
-@@ -42,6 +42,8 @@
- #define EXT "*.sl"
- #elif defined(MACOS)
- #define EXT "*.dylib"
-+#elif defined(OPENBSD)
-+#define EXT "*.so.*"
- #else
- #define EXT "*.so"
- #endif
+$OpenBSD$
+--- src/dynamic-plugins/sf_dynamic_plugins.c.orig Thu Feb  7 09:41:13 2008
++++ src/dynamic-plugins/sf_dynamic_plugins.c Thu Feb  7 09:41:29 2008
+@@ -218,8 +218,7 @@ void LoadAllLibs(char *path, LoadLibraryFunc loadFunc)
+         dirEntry = readdir(directory);
+         while (dirEntry)
+         {
+-            if (dirEntry->d_reclen &&
+-                !fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
++                if(!fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
+             {
+                 SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", path, "/", dirEntry->d_name);
+                 loadFunc(path_buf, 1);
Index: patches/patch-src_dynamic-preprocessors_Makefile_in
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_Makefile_in
--- patches/patch-src_dynamic-preprocessors_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -1,16 +1,17 @@
 $OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/Makefile.in.orig Wed Sep 13 21:40:06 2006
-+++ src/dynamic-preprocessors/Makefile.in Sun Oct  1 17:38:17 2006
-@@ -480,7 +480,7 @@ maintainer-clean-generic:
+--- src/dynamic-preprocessors/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/Makefile.in Thu Nov 29 12:07:49 2007
+@@ -543,8 +543,7 @@ maintainer-clean-generic:
  @echo "This command is intended for maintainers to use"
  @echo "it deletes files that may require special tools to rebuild."
  -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+-@HAVE_DYNAMIC_PLUGINS_FALSE@uninstall-local:
 -@HAVE_DYNAMIC_PLUGINS_FALSE@install-data-local:
 +install-data-local:
  clean: clean-recursive
 
  clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-@@ -608,13 +608,6 @@ include/str_search.h: $(srcdir)/../prepr
+@@ -700,20 +699,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s
  clean-local:
  rm -rf include build
 
@@ -20,6 +21,13 @@
 -@HAVE_DYNAMIC_PLUGINS_TRUE@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
 -@HAVE_DYNAMIC_PLUGINS_TRUE@ if test -f $(srcdir)/$$f; then p=$(srcdir)/$$f; else p=$$f; fi; \
 -@HAVE_DYNAMIC_PLUGINS_TRUE@ $(INSTALL_DATA) $$p $(DESTDIR)$(srcinstdir)/$$truefile; \
+-@HAVE_DYNAMIC_PLUGINS_TRUE@ done
+-
+-@HAVE_DYNAMIC_PLUGINS_TRUE@uninstall-local:
+-@HAVE_DYNAMIC_PLUGINS_TRUE@ @for f in $(exported_files); do \
+-@HAVE_DYNAMIC_PLUGINS_TRUE@ truefile=`echo $$f | sed -e "s/.*\///"`; \
+-@HAVE_DYNAMIC_PLUGINS_TRUE@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
+-@HAVE_DYNAMIC_PLUGINS_TRUE@ $(RM) -f $(DESTDIR)$(srcinstdir)/$$truefile; \
 -@HAVE_DYNAMIC_PLUGINS_TRUE@ done
  # Tell versions [3.59,3.63) of GNU make to not export all variables.
  # Otherwise a system limit (for SysV at least) may be exceeded.
Index: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
===================================================================
RCS file: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
diff -N patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/dcerpc/Makefile.in Thu Nov 29 12:07:50 2007
+@@ -394,7 +394,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+  test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: patches/patch-src_dynamic-preprocessors_dns_Makefile_in
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dns_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_dns_Makefile_in
--- patches/patch-src_dynamic-preprocessors_dns_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_dns_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-src_dynamic-preprocessors_dns_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/dns/Makefile.in.orig Tue Oct 10 12:22:55 2006
-+++ src/dynamic-preprocessors/dns/Makefile.in Tue Oct 10 12:23:59 2006
-@@ -373,7 +373,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/dns/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/dns/Makefile.in Thu Nov 29 12:07:51 2007
+@@ -376,7 +376,7 @@ distdir: $(DISTFILES)
  check-am: all-am
  check: $(BUILT_SOURCES)
  $(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
--- patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Tue Oct 10 12:18:08 2006
-+++ src/dynamic-preprocessors/ftptelnet/Makefile.in Tue Oct 10 12:18:34 2006
-@@ -409,7 +409,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/ftptelnet/Makefile.in Thu Nov 29 12:07:52 2007
+@@ -415,7 +415,7 @@ distdir: $(DISTFILES)
  check-am: all-am
  check: $(BUILT_SOURCES)
  $(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_smtp_Makefile_in
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_smtp_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_smtp_Makefile_in
--- patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-src_dynamic-preprocessors_smtp_Makefile_in,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/smtp/Makefile.in.orig Tue Oct 10 12:22:47 2006
-+++ src/dynamic-preprocessors/smtp/Makefile.in Tue Oct 10 12:23:13 2006
-@@ -387,7 +387,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/smtp/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/smtp/Makefile.in Thu Nov 29 12:07:53 2007
+@@ -390,7 +390,7 @@ distdir: $(DISTFILES)
  check-am: all-am
  check: $(BUILT_SOURCES)
  $(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
===================================================================
RCS file: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
diff -N patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/dynamic-preprocessors/ssh/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/ssh/Makefile.in Thu Nov 29 12:07:54 2007
+@@ -376,7 +376,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+  test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: patches/patch-src_event_h
===================================================================
RCS file: patches/patch-src_event_h
diff -N patches/patch-src_event_h
--- patches/patch-src_event_h 25 Nov 2006 05:33:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-src_event_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
---- src/event.h.orig Tue Aug 23 18:52:22 2005
-+++ src/event.h Tue Nov  7 20:28:12 2006
-@@ -34,6 +34,8 @@
- #include <sys/time.h>
- #endif
-
-+#include "snort_packet_header.h"
-+
- typedef struct _Event
- {
-     u_int32_t sig_generator;   /* which part of snort generated the alert? */
-@@ -45,7 +47,7 @@ typedef struct _Event
-     u_int32_t event_reference; /* reference to other events that have gone off,
-                                 * such as in the case of tagged packets...
-                                 */
--    struct timeval ref_time;   /* reference time for the event reference */
-+    struct pcap_timeval ref_time;   /* reference time for the event reference */
-
-     /* Don't add to this structure because this is the serialized data
-      * struct for unified logging.
Index: patches/patch-src_log_c
===================================================================
RCS file: patches/patch-src_log_c
diff -N patches/patch-src_log_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_log_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,39 @@
+$OpenBSD$
+--- src/log.c.orig Mon Aug 20 19:40:24 2007
++++ src/log.c Mon Nov 19 22:32:12 2007
+@@ -355,7 +355,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p)
+     DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type););
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* dump the timestamp */
+     fwrite(timestamp, strlen(timestamp), 1, fp);
+@@ -800,7 +800,7 @@ void PrintArpHeader(FILE * fp, Packet * p)
+
+     bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* determine what to use as MAC src and dst */
+     if (p->eh != NULL)
+@@ -1874,7 +1874,7 @@ void PrintEapolPkt(FILE * fp, Packet * p)
+  
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* dump the timestamp */
+     fwrite(timestamp, strlen(timestamp), 1, fp);
+@@ -2048,7 +2048,7 @@ void PrintWifiPkt(FILE * fp, Packet * p)
+
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print((struct timeval *) & p->pkth->ts, timestamp);
++    ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* dump the timestamp */
+     fwrite(timestamp, strlen(timestamp), 1, fp);
Index: patches/patch-src_output-plugins_spo_alert_fast_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_alert_fast_c
diff -N patches/patch-src_output-plugins_spo_alert_fast_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_alert_fast_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_alert_fast.c.orig Mon Aug 20 19:26:05 2007
++++ src/output-plugins/spo_alert_fast.c Mon Nov 19 22:36:30 2007
+@@ -138,7 +138,7 @@ void AlertFast(Packet *p, char *msg, void *arg, Event
+     SpoAlertFastData *data = (SpoAlertFastData *)arg;
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* dump the timestamp */
+     fwrite(timestamp, strlen(timestamp), 1, data->file);
Index: patches/patch-src_output-plugins_spo_alert_full_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_alert_full_c
diff -N patches/patch-src_output-plugins_spo_alert_full_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_alert_full_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_alert_full.c.orig Mon Aug 20 19:26:05 2007
++++ src/output-plugins/spo_alert_full.c Mon Nov 19 22:36:14 2007
+@@ -162,7 +162,7 @@ void AlertFull(Packet *p, char *msg, void *arg, Event
+     DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n"););
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
+
+     /* dump the timestamp */
+     fwrite(timestamp, strlen(timestamp), 1, data->file);
Index: patches/patch-src_output-plugins_spo_csv_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_csv_c
diff -N patches/patch-src_output-plugins_spo_csv_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_csv_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_csv.c.orig Mon Aug 20 19:26:06 2007
++++ src/output-plugins/spo_csv.c Mon Nov 19 22:37:14 2007
+@@ -270,7 +270,7 @@ void RealAlertCSV(Packet * p, char *msg, FILE * file,
+ return;
+
+     bzero((char *) timestamp, TIMEBUF_SIZE);
+-    ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++    ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts, timestamp);
+
+     DEBUG_WRAP(DebugMessage(DEBUG_LOG,"Logging CSV Alert data\n"););
+
Index: patches/patch-src_output-plugins_spo_unified_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_unified_c
diff -N patches/patch-src_output-plugins_spo_unified_c
--- patches/patch-src_output-plugins_spo_unified_c 25 Nov 2006 05:33:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,38 +0,0 @@
-$OpenBSD: patch-src_output-plugins_spo_unified_c,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
---- src/output-plugins/spo_unified.c.orig Fri May 12 20:19:56 2006
-+++ src/output-plugins/spo_unified.c Tue Nov  7 20:28:12 2006
-@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
- typedef struct _UnifiedAlert
- {
-     Event event;
--    struct timeval ts;         /* event timestamp */
-+    struct pcap_timeval ts;    /* event timestamp */
-     u_int32_t sip;             /* src ip */
-     u_int32_t dip;             /* dest ip */
-     u_int16_t sp;              /* src port */
-@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
-          * this will have to be fixed when we transition to the pa_engine
-          * code (p->pkth is libpcap specific)
-          */
--        memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+        logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+        logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+        logheader.pkth.caplen = p->pkth->caplen;
-+        logheader.pkth.pktlen = p->pkth->len;
-+
-     }
-     else
-     {
-@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
-         {
-             logheader.flags = p->packet_flags;
-
--            memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+            logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+            logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+            logheader.pkth.caplen = p->pkth->caplen;
-+            logheader.pkth.pktlen = p->pkth->len;
-+
-
- #ifdef GIDS
-             /*
Index: patches/patch-src_ppm_c
===================================================================
RCS file: patches/patch-src_ppm_c
diff -N patches/patch-src_ppm_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ppm_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/ppm.c.orig Mon Aug 20 19:25:02 2007
++++ src/ppm.c Mon Nov 19 22:39:12 2007
+@@ -360,7 +360,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
+         if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
+         {
+             if(!*timestamp)
+-                ts_print((struct timeval*)&p->pkth->ts, timestamp);
++                ts_print((struct timeval32*)&p->pkth->ts, timestamp);
+
+             LogMessage(PPM_FMT_REENABLED,
+                 otn->sigInfo.generator,
+@@ -423,7 +423,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
+         if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
+         {
+             if(!*timestamp)
+-                ts_print((struct timeval*)&p->pkth->ts, timestamp);
++                ts_print((struct timeval32*)&p->pkth->ts, timestamp);
+
+             LogMessage(PPM_FMT_SUSPENDED,
+                 otn->sigInfo.generator,
Index: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
===================================================================
RCS file: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
diff -N patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Tue Nov 13 21:32:49 2007
++++ src/preprocessors/Stream5/snort_stream5_tcp.c Thu Nov 29 12:08:00 2007
+@@ -6076,7 +6076,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet
+                     char src_addr[17];
+                     char dst_addr[17];
+                     bzero((char *)timestamp, TIMEBUF_SIZE);
+-                    ts_print((struct timeval *) &p->pkth->ts, timestamp);
++                    ts_print((struct timeval32 *) &p->pkth->ts, timestamp);
+                     SnortSnprintf(src_addr, 17, "%s",
+                         inet_ntoa(GET_SRC_ADDR(p)));
+                     SnortSnprintf(dst_addr, 17, "%s",
Index: patches/patch-src_preprocessors_snort_stream4_session_c
===================================================================
RCS file: patches/patch-src_preprocessors_snort_stream4_session_c
diff -N patches/patch-src_preprocessors_snort_stream4_session_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_snort_stream4_session_c 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/snort_stream4_session.c.orig Mon Aug 20 19:30:23 2007
++++ src/preprocessors/snort_stream4_session.c Mon Nov 19 22:50:05 2007
+@@ -149,7 +149,7 @@ int GetSessionKey(Packet *p, SessionHashKey *key)
+     key->proto = GET_IPH_PROTO(p);
+
+ #ifdef _LP64
+-    key->pad1 = key->pad2 = 0;
++    key->pad1 = key->pad2 = key->pad3 = 0;
+ #endif
+
+     return 1;
Index: patches/patch-src_preprocessors_spp_sfportscan_c
===================================================================
RCS file: patches/patch-src_preprocessors_spp_sfportscan_c
diff -N patches/patch-src_preprocessors_spp_sfportscan_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_spp_sfportscan_c 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/spp_sfportscan.c.orig Fri Sep  7 19:59:20 2007
++++ src/preprocessors/spp_sfportscan.c Mon Nov 19 22:39:50 2007
+@@ -247,7 +247,7 @@ static int LogPortscanAlert(Packet *p, char *msg, u_in
+         return 0;
+     }
+
+-    ts_print((struct timeval *)&p->pkth->ts, timebuf);
++    ts_print((struct timeval32 *)&p->pkth->ts, timebuf);
+
+     fprintf(g_logfile, "Time: %s\n", timebuf);
+
Index: patches/patch-src_preprocessors_stream_h
===================================================================
RCS file: patches/patch-src_preprocessors_stream_h
diff -N patches/patch-src_preprocessors_stream_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_stream_h 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,80 @@
+$OpenBSD$
+--- src/preprocessors/stream.h.orig Mon Aug 20 19:30:23 2007
++++ src/preprocessors/stream.h Sat Dec  1 02:18:24 2007
+@@ -39,12 +39,12 @@ typedef struct _StreamPacketData
+     u_int8_t *pktOrig;
+     u_int8_t *pkt;
+     struct pcap_pkthdr pkth;
+-    u_int16_t pkt_size;
+     /* Pointer to trimmed payload */
+     u_int8_t *payload;
+-    u_int16_t payload_size;
+     u_int32_t seq_num;
+     u_int32_t cksum;
++    u_int16_t pkt_size;
++    u_int16_t payload_size;
+     u_int8_t  chuck;   /* mark the spd for chucking if it's
+                         * been reassembled
+                         */
+@@ -66,34 +66,37 @@ typedef struct _StreamAlertInfo
+ typedef struct _Stream
+ {
+     ip_t      ip;          /* IP addr */
+-    u_int16_t port;        /* port number */
+-    u_int8_t  state;       /* stream state */
+     u_int32_t isn;         /* initial sequence number */
+     u_int32_t base_seq;    /* base seq num for this packet set */
+     u_int32_t last_ack;    /* last segment ack'd */
++    u_int16_t port;        /* port number */
+     u_int16_t win_size;    /* window size */
+     u_int32_t next_seq;    /* next sequence we expect to see -- used on reassemble */
+     u_int32_t pkts_sent;   /* track the number of packets in this stream */
+     u_int32_t bytes_sent;  /* track the number of bytes in this stream */
+     u_int32_t bytes_tracked; /* track the total number of bytes on this side */
++    u_int8_t  state;       /* stream state */
+     u_int8_t  state_queue;    /* queued state transition */
+     u_int8_t  expected_flags; /* tcp flag needed to accept transition */
+-    u_int32_t trans_seq;      /* sequence number of transition packet */
+     u_int8_t  stq_chk_seq;    /* flag to see if we need to check the seq
+                                  num of the state transition packet */
++    u_int32_t trans_seq;      /* sequence number of transition packet */
+     u_int32_t overlap_pkts;  /* track the number of packets with duplicate seq #s */
+     u_int32_t bytes_inspected; /* track the number of bytes seen since last
+                                 * data from other side */
+
++    u_int32_t pkt_count;
+     StreamPacketData *seglist;
+     StreamPacketData *seglist_tail;
+-    u_int32_t pkt_count;
+-    char flags;
+
+     StreamAlertInfo alerts[MAX_SESSION_ALERTS];
+     u_int8_t  alert_count;   /* count alerts seen in a stream */
+
+     u_int8_t  outoforder;    /* flag indicating stream is no longer in order */
++    char flags;
++#if defined(_LP64)
++    char pad;
++#endif
+ } Stream;
+
+ typedef struct _SessionHashKey
+@@ -103,14 +106,13 @@ typedef struct _SessionHashKey
+     u_int16_t port; /* If IPs are the same, this will be the lower of
+                      * the two ports.  Otherwise, it will be the port
+                      * corresponding to lowIP. */
+-#if defined(_LP64)
+-    u_int16_t pad1;
+-#endif
+     u_int16_t port2;
++    u_int8_t  proto;
+ #if defined(_LP64)
+-    u_int16_t pad2;
++    u_int8_t pad1;
++    u_int8_t pad2;
++    u_int8_t pad3;
+ #endif
+-    u_int8_t  proto;
+ } SessionHashKey;
+
+ typedef struct _StreamApplicationData
Index: patches/patch-src_snort_packet_header_h
===================================================================
RCS file: patches/patch-src_snort_packet_header_h
diff -N patches/patch-src_snort_packet_header_h
--- patches/patch-src_snort_packet_header_h 25 Nov 2006 05:33:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,25 +0,0 @@
-$OpenBSD: patch-src_snort_packet_header_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
---- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
-+++ src/snort_packet_header.h Tue Nov  7 20:28:12 2006
-@@ -16,12 +16,20 @@
- #include <sys/types.h>
-
-
-+/* we must use fixed size of 32 bits, because on-disk
-+ * format of savefiles uses 32-bit tv_sec (and tv_usec)
-+ */
-+struct pcap_timeval {
-+    u_int32_t tv_sec;      /* seconds */
-+    u_int32_t tv_usec;     /* microseconds */
-+};
-+
- /* this is equivalent to the pcap pkthdr struct, but we need one for
-  * portability once we introduce the pa_engine code
-  */
- typedef struct _SnortPktHeader
- {
--    struct timeval ts;     /* packet timestamp */
-+    struct pcap_timeval ts;/* packet timestamp */
-     u_int32_t caplen;      /* packet capture length */
-     u_int32_t pktlen;      /* packet "real" length */
- } SnortPktHeader;
Index: patches/patch-src_util_c
===================================================================
RCS file: patches/patch-src_util_c
diff -N patches/patch-src_util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_util_c 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,29 @@
+$OpenBSD$
+--- src/util.c.orig Mon Aug 20 18:31:51 2007
++++ src/util.c Mon Nov 19 22:37:37 2007
+@@ -392,12 +392,13 @@ int DisplayBanner()
+  * Returns: void function
+  *
+  ****************************************************************************/
+-void ts_print(register const struct timeval *tvp, char *timebuf)
++void ts_print(register const struct timeval32 *tvp, char *timebuf)
+ {
+     register int s;
+     int    localzone;
+     time_t Time;
+     struct timeval tv;
++    struct timeval32 tvnow;
+     struct timezone tz;
+     struct tm *lt;    /* place to stick the adjusted clock data */
+
+@@ -407,7 +408,9 @@ void ts_print(register const struct timeval *tvp, char
+         /* manual page (for linux) says tz is never used, so.. */
+         bzero((char *) &tz, sizeof(tz));
+         gettimeofday(&tv, &tz);
+-        tvp = &tv;
++        tvnow.tv_sec = tv.tv_sec;
++        tvnow.tv_usec = tv.tv_usec;
++        tvp = &tvnow;
+     }
+
+     localzone = thiszone;
Index: patches/patch-src_util_h
===================================================================
RCS file: patches/patch-src_util_h
diff -N patches/patch-src_util_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_util_h 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,20 @@
+$OpenBSD$
+--- src/util.h.orig Mon Aug 20 18:35:44 2007
++++ src/util.h Mon Nov 19 22:31:17 2007
+@@ -34,6 +34,7 @@
+ #endif
+
+ #include "sf_types.h"
++#include "pcap_pkthdr32.h"
+
+ /* specifies that a function does not return
+  * used for quieting Visual Studio warnings
+@@ -139,7 +140,7 @@ typedef struct _IntervalStats
+ int DisplayBanner();
+ void GetTime(char *);
+ int gmt2local(time_t);
+-void ts_print(register const struct timeval *, char *);
++void ts_print(register const struct timeval32 *, char *);
+ char *copy_argv(char **);
+ void strip(char *);
+ double CalcPct(UINT64, UINT64);
Index: pkg/PFRAG.prelude
===================================================================
RCS file: pkg/PFRAG.prelude
diff -N pkg/PFRAG.prelude
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/PFRAG.prelude 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,2 @@
+@comment $OpenBSD$
+@exec usermod -G _prelude _snort
Index: pkg/PFRAG.shared
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PFRAG.shared,v
retrieving revision 1.1
diff -u -r1.1 PFRAG.shared
--- pkg/PFRAG.shared 10 Oct 2006 13:33:17 -0000 1.1
+++ pkg/PFRAG.shared 9 Feb 2008 17:38:14 -0000
@@ -1,5 +1,9 @@
 @comment $OpenBSD: PFRAG.shared,v 1.1 2006/10/10 13:33:17 aanriot Exp $
 @lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION}
+@lib lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.${LIB_sfdynamic_preprocessor_example_VERSION}
+@lib lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.${LIBsf_dcerpc_preproc_VERSION}
 @lib lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.${LIBsf_dns_preproc_VERSION}
 @lib lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.${LIBsf_ftptelnet_preproc_VERSION}
 @lib lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.${LIBsf_smtp_preproc_VERSION}
+@lib lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.${LIBsf_ssh_preproc_VERSION}
+@lib lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.${LIB_sfdynamic_example_rule_VERSION}
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- pkg/PLIST 10 Oct 2006 13:33:17 -0000 1.15
+++ pkg/PLIST 9 Feb 2008 17:38:14 -0000
@@ -1,22 +1,38 @@
 @comment $OpenBSD: PLIST,v 1.15 2006/10/10 13:33:17 aanriot Exp $
 @newgroup _snort:557
 @newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
+%%prelude%%
 %%SHARED%%
 bin/snort
 lib/snort_dynamicengine/
 lib/snort_dynamicengine/libsf_engine.a
 @comment lib/snort_dynamicengine/libsf_engine.la
 lib/snort_dynamicpreprocessor/
+lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
+@comment lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
+@comment lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
 @comment lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
 lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
 @comment lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
 lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
 @comment lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
+lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
+@comment lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
+lib/snort_dynamicrules/
+lib/snort_dynamicrules/lib_sfdynamic_example_rule.a
+@comment lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
 @man man/man8/snort.8
 share/doc/snort/
 share/doc/snort/AUTHORS
+share/doc/snort/BUGS
 share/doc/snort/CREDITS
+share/doc/snort/INSTALL
+share/doc/snort/NEWS
+share/doc/snort/PROBLEMS
+share/doc/snort/README
+share/doc/snort/README.ARUBA
 share/doc/snort/README.FLEXRESP
 share/doc/snort/README.FLEXRESP2
 share/doc/snort/README.INLINE
@@ -29,6 +45,8 @@
 share/doc/snort/README.asn1
 share/doc/snort/README.csv
 share/doc/snort/README.database
+share/doc/snort/README.dcerpc
+share/doc/snort/README.decode
 share/doc/snort/README.dns
 share/doc/snort/README.event_queue
 share/doc/snort/README.flow
@@ -37,25 +55,45 @@
 share/doc/snort/README.frag3
 share/doc/snort/README.ftptelnet
 share/doc/snort/README.http_inspect
+share/doc/snort/README.ipv6
+share/doc/snort/README.ppm
 share/doc/snort/README.sfportscan
+share/doc/snort/README.ssh
+share/doc/snort/README.stream4
+share/doc/snort/README.stream5
+share/doc/snort/README.tag
 share/doc/snort/README.thresholding
+share/doc/snort/README.variables
 share/doc/snort/README.wireless
+share/doc/snort/TODO
+share/doc/snort/USAGE
+share/doc/snort/WISHLIST
 share/doc/snort/faq.pdf
+share/doc/snort/generators
 share/doc/snort/snort_manual.pdf
 share/doc/snort/snort_schema_v106.pdf
 share/examples/snort/
 @sample ${SYSCONFDIR}/snort/
 @sample ${SYSCONFDIR}/snort/rules/
+@sample ${SYSCONFDIR}/snort/preproc_rules/
 share/examples/snort/classification.config
 @sample ${SYSCONFDIR}/snort/classification.config
+share/examples/snort/decoder.rules
+@sample ${SYSCONFDIR}/snort/preproc_rules/decoder.rules
 share/examples/snort/gen-msg.map
 @sample ${SYSCONFDIR}/snort/gen-msg.map
 share/examples/snort/generators
 @sample ${SYSCONFDIR}/snort/generators
+share/examples/snort/preprocessor.rules
+@sample ${SYSCONFDIR}/snort/preproc_rules/preprocessor.rules
+@sample /var/snort/
+@owner _snort
+@group _snort
+@sample /var/snort/log/
+@owner
+@group
 share/examples/snort/reference.config
 @sample ${SYSCONFDIR}/snort/reference.config
-share/examples/snort/sid
-@sample ${SYSCONFDIR}/snort/sid
 share/examples/snort/sid-msg.map
 @sample ${SYSCONFDIR}/snort/sid-msg.map
 share/examples/snort/snort.conf
@@ -64,7 +102,3 @@
 @sample ${SYSCONFDIR}/snort/threshold.conf
 share/examples/snort/unicode.map
 @sample ${SYSCONFDIR}/snort/unicode.map
-@sample /var/snort/
-@owner _snort
-@group _snort
-@sample /var/snort/log/