FIX: net/snort

nikns Tue, 07 Nov 2006 10:44:23 -0800

This diff fixes unified logging/alerting on 64-bit platforms.

http://secure.lv/~nikns/stuff/ports/snort-2.6.0.2p1.diff


Index: snort/Makefile
===================================================================
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.49
diff -u -r1.49 Makefile
--- snort/Makefile      14 Oct 2006 09:54:04 -0000      1.49
+++ snort/Makefile      7 Nov 2006 18:35:32 -0000
@@ -3,7 +3,7 @@
 COMMENT=       "highly flexible sniffer/NIDS"
 
 DISTNAME=      snort-2.6.0.2
-PKGNAME=       ${DISTNAME}p0
+PKGNAME=       ${DISTNAME}p1
 CATEGORIES=    net security
 MASTER_SITES=  ${HOMEPAGE}/dl/current/
 
Index: snort/patches/patch-src_event_h
===================================================================
RCS file: snort/patches/patch-src_event_h
diff -N snort/patches/patch-src_event_h
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ snort/patches/patch-src_event_h     7 Nov 2006 18:35:32 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/event.h.orig   Tue Aug 23 18:52:22 2005
++++ src/event.h        Tue Nov  7 20:28:12 2006
+@@ -34,6 +34,8 @@
+ #include <sys/time.h>
+ #endif
+ 
++#include "snort_packet_header.h"
++
+ typedef struct _Event
+ {
+     u_int32_t sig_generator;   /* which part of snort generated the alert? */
+@@ -45,7 +47,7 @@ typedef struct _Event
+     u_int32_t event_reference; /* reference to other events that have gone 
off,
+                                 * such as in the case of tagged packets...
+                                 */
+-    struct timeval ref_time;   /* reference time for the event reference */
++    struct pcap_timeval ref_time;   /* reference time for the event reference 
*/
+ 
+     /* Don't add to this structure because this is the serialized data
+      * struct for unified logging.
Index: snort/patches/patch-src_output-plugins_spo_unified_c
===================================================================
RCS file: snort/patches/patch-src_output-plugins_spo_unified_c
diff -N snort/patches/patch-src_output-plugins_spo_unified_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ snort/patches/patch-src_output-plugins_spo_unified_c        7 Nov 2006 
18:35:32 -0000
@@ -0,0 +1,38 @@
+$OpenBSD$
+--- src/output-plugins/spo_unified.c.orig      Fri May 12 20:19:56 2006
++++ src/output-plugins/spo_unified.c   Tue Nov  7 20:28:12 2006
+@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
+ typedef struct _UnifiedAlert
+ {
+     Event event;
+-    struct timeval ts;         /* event timestamp */
++    struct pcap_timeval ts;    /* event timestamp */
+     u_int32_t sip;             /* src ip */
+     u_int32_t dip;             /* dest ip */
+     u_int16_t sp;              /* src port */
+@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
+          * this will have to be fixed when we transition to the pa_engine
+          * code (p->pkth is libpcap specific)
+          */ 
+-        memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
++        logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
++        logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
++        logheader.pkth.caplen = p->pkth->caplen;
++        logheader.pkth.pktlen = p->pkth->len;
++
+     }
+     else
+     {
+@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
+         {
+             logheader.flags = p->packet_flags;
+ 
+-            memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
++            logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
++            logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
++            logheader.pkth.caplen = p->pkth->caplen;
++            logheader.pkth.pktlen = p->pkth->len;
++
+ 
+ #ifdef GIDS
+             /*
Index: snort/patches/patch-src_snort_packet_header_h
===================================================================
RCS file: snort/patches/patch-src_snort_packet_header_h
diff -N snort/patches/patch-src_snort_packet_header_h
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ snort/patches/patch-src_snort_packet_header_h       7 Nov 2006 18:35:32 
-0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- src/snort_packet_header.h.orig     Thu Jan 19 19:09:12 2006
++++ src/snort_packet_header.h  Tue Nov  7 20:28:12 2006
+@@ -16,12 +16,20 @@
+ #include <sys/types.h>
+ 
+ 
++/* we must use fixed size of 32 bits, because on-disk
++ * format of savefiles uses 32-bit tv_sec (and tv_usec)
++ */
++struct pcap_timeval {
++    u_int32_t tv_sec;      /* seconds */
++    u_int32_t tv_usec;     /* microseconds */
++};
++
+ /* this is equivalent to the pcap pkthdr struct, but we need one for
+  * portability once we introduce the pa_engine code 
+  */
+ typedef struct _SnortPktHeader
+ {
+-    struct timeval ts;     /* packet timestamp */
++    struct pcap_timeval ts;/* packet timestamp */
+     u_int32_t caplen;      /* packet capture length */
+     u_int32_t pktlen;      /* packet "real" length */
+ } SnortPktHeader;

FIX: net/snort

Reply via email to