And be super careful about this in anything else which interfaces to bpf or pcap. The pcap people were super uncareful using a machine-dependent structure.
> > This diff fixes unified logging/alerting on 64-bit platforms. > > > > http://secure.lv/~nikns/stuff/ports/snort-2.6.0.2p1.diff > ... > > > +--- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006 > > ++++ src/snort_packet_header.h Tue Nov 7 20:28:12 2006 > > +@@ -16,12 +16,20 @@ > > + #include <sys/types.h> > > + > > + > > ++/* we must use fixed size of 32 bits, because on-disk > > ++ * format of savefiles uses 32-bit tv_sec (and tv_usec) > > ++ */ > > ++struct pcap_timeval { > > ++ u_int32_t tv_sec; /* seconds */ > > ++ u_int32_t tv_usec; /* microseconds */ > > ++}; > > ++ > > Use bpf_timeval (see net/bpf.h) which is defined the same way, > don't define your own struct... >
