works for me.
follow msf@ advice, resubmit a diff to 2.8.0.1 and please take
maintainership.
Regards,
rui
On Thu, Nov 29, 2007 at 12:21:13AM +0100, Markus Lude wrote:
> Hello,
> here is an update to snort 2.8.0. Please test/comment/commit/...
>
> Based on changes for 2.7.0.1 by Jason Dixon.
> Some added patches fix bus errors on sparc64 noticed by [EMAIL PROTECTED]
>
> If noone other wants, I would take maintainership (not included in
> diff).
>
> Regards,
> Markus
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/snort/Makefile,v
> retrieving revision 1.51
> diff -u -p -r1.51 Makefile
> --- Makefile 15 Sep 2007 22:36:59 -0000 1.51
> +++ Makefile 21 Nov 2007 00:43:34 -0000
> @@ -2,14 +2,14 @@
>
> COMMENT= highly flexible sniffer/NIDS
>
> -DISTNAME= snort-2.6.0.2
> -PKGNAME= ${DISTNAME}p1
> +DISTNAME= snort-2.8.0
> +PKGNAME= ${DISTNAME}
> CATEGORIES= net security
> MASTER_SITES= ${HOMEPAGE}/dl/current/
>
> HOMEPAGE= http://www.snort.org/
>
> -# GPL
> +# GPLv2
> PERMIT_PACKAGE_CDROM= Yes
> PERMIT_PACKAGE_FTP= Yes
> PERMIT_DISTFILES_CDROM= Yes
> @@ -17,9 +17,11 @@ PERMIT_DISTFILES_FTP= Yes
> WANTLIB= c m pcap
>
> SHARED_LIBS= sf_engine 0.0 \
> + sf_dcerpc_preproc 0.0 \
> sf_dns_preproc 0.0 \
> sf_ftptelnet_preproc 0.0 \
> - sf_smtp_preproc 0.0
> + sf_smtp_preproc 0.0 \
> + sf_ssh_preproc 0.0
>
> USE_LIBTOOL= Yes
>
> @@ -62,10 +64,12 @@ CONFIGURE_ARGS+=--enable-prelude
> MESSAGE= ${PKGDIR}/MESSAGE-prelude
> .endif
>
> -CONFIGS= classification.config gen-msg.map generators reference.config \
> - sid sid-msg.map snort.conf threshold.conf unicode.map
> +CONFIGS= classification.config gen-msg.map reference.config \
> + sid-msg.map snort.conf threshold.conf unicode.map
>
> -DOCS= AUTHORS CREDITS README.* *.pdf
> +PREPROC= decoder.rules preprocessor.rules
> +
> +DOCS= AUTHORS CREDITS README README.* *.pdf TODO USAGE
> WISHLIST
>
> post-build:
> @perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," \
> @@ -77,6 +81,11 @@ post-install:
> ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/snort
> .for i in ${CONFIGS}
> ${INSTALL_DATA} ${WRKSRC}/etc/${i} ${PREFIX}/share/examples/snort
> +.endfor
> + ${INSTALL_DATA} ${WRKSRC}/doc/generators ${PREFIX}/share/examples/snort
> +
> +.for i in ${PREPROC}
> + ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${i}
> ${PREFIX}/share/examples/snort
> .endfor
>
> ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snort
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/snort/distinfo,v
> retrieving revision 1.15
> diff -u -p -r1.15 distinfo
> --- distinfo 5 Apr 2007 16:20:15 -0000 1.15
> +++ distinfo 21 Nov 2007 00:43:34 -0000
> @@ -1,5 +1,5 @@
> -MD5 (snort-2.6.0.2.tar.gz) = XAlP9tgtuEWl8CPkpJIQPg==
> -RMD160 (snort-2.6.0.2.tar.gz) = cG1j24O30DesinHIEEMk2bdZTrU=
> -SHA1 (snort-2.6.0.2.tar.gz) = Gms/sZqC+Dvw/OWo226xJ3xyN5s=
> -SHA256 (snort-2.6.0.2.tar.gz) = B716x7ZF0TgKzmWzPAZO1Y2dwhvXNrH3a8V13CLhpeI=
> -SIZE (snort-2.6.0.2.tar.gz) = 3350277
> +MD5 (snort-2.8.0.tar.gz) = z7qxwuOc27iRISxL8V6C8w==
> +RMD160 (snort-2.8.0.tar.gz) = 2sNqSh/aYLZszcXHdKthqqD2yKg=
> +SHA1 (snort-2.8.0.tar.gz) = 8HuEoIcthhAGtWqManmmAwjdaLQ=
> +SHA256 (snort-2.8.0.tar.gz) = uaBzfTL2nEvnSySDJLQBc2Z7W8e09Yru9PInGi6oQtE=
> +SIZE (snort-2.8.0.tar.gz) = 4278872
> Index: patches/patch-etc_snort_conf
> ===================================================================
> RCS file: /cvs/ports/net/snort/patches/patch-etc_snort_conf,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-etc_snort_conf
> --- patches/patch-etc_snort_conf 10 Oct 2006 13:33:17 -0000 1.1
> +++ patches/patch-etc_snort_conf 21 Nov 2007 00:43:34 -0000
> @@ -1,22 +1,26 @@
> $OpenBSD: patch-etc_snort_conf,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> ---- etc/snort.conf.orig Wed Sep 13 21:44:31 2006
> -+++ etc/snort.conf Tue Oct 10 12:54:59 2006
> -@@ -82,6 +82,9 @@ var SNMP_SERVERS $HOME_NET
> - # Port lists must either be continuous [eg 80:8080], or a single port [eg
> 80].
> - # We will adding support for a real list of ports in the future.
> -
> +--- etc/snort.conf.orig Fri Sep 7 20:32:45 2007
> ++++ etc/snort.conf Mon Nov 19 22:23:57 2007
> +@@ -78,7 +78,10 @@ var SNMP_SERVERS $HOME_NET
> + # like this:
> + #
> + # portvar HTTP_PORTS 8081
> +-#
> ++
> +# Ports you run ssh servers on
> -+var SSH_PORTS 22
> ++portvar SSH_PORTS 22
> +
> # Ports you run web servers on
> - #
> - # Please note: [80,8080] does not work.
> -@@ -108,7 +111,7 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.
> + portvar HTTP_PORTS 80
> +
> +@@ -107,8 +110,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161
> # Path to your rules files (this can be a relative path)
> # Note for Windows users: You are advised to make this an absolute path,
> # such as: c:\snort\rules
> -var RULE_PATH ../rules
> +-var PREPROC_RULE_PATH ../preproc_rules
> +var RULE_PATH %%SYSCONFDIR%%/snort/rules
> ++var PREPROC_RULE_PATH %%SYSCONFDIR%%/snort/preproc_rules
>
> # Configure the snort decoder
> # ============================
> Index: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> ===================================================================
> RCS file: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> diff -N patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
> --- patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 10 Oct 2006
> 13:33:17 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> ---- src/dynamic-plugins/sf_dynamic_plugins.c.orig Wed Sep 20 16:10:44 2006
> -+++ src/dynamic-plugins/sf_dynamic_plugins.c Wed Sep 20 16:09:23 2006
> -@@ -42,6 +42,8 @@
> - #define EXT "*.sl"
> - #elif defined(MACOS)
> - #define EXT "*.dylib"
> -+#elif defined(OPENBSD)
> -+#define EXT "*.so.*"
> - #else
> - #define EXT "*.so"
> - #endif
> Index: patches/patch-src_dynamic-preprocessors_Makefile_in
> ===================================================================
> RCS file:
> /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_Makefile_in 10 Oct 2006
> 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_Makefile_in 21 Nov 2007
> 00:43:34 -0000
> @@ -1,16 +1,17 @@
> $OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.1 2006/10/10
> 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/Makefile.in.orig Wed Sep 13 21:40:06 2006
> -+++ src/dynamic-preprocessors/Makefile.in Sun Oct 1 17:38:17 2006
> -@@ -480,7 +480,7 @@ maintainer-clean-generic:
> +--- src/dynamic-preprocessors/Makefile.in.orig Fri Sep 7 20:31:51 2007
> ++++ src/dynamic-preprocessors/Makefile.in Mon Nov 19 22:18:10 2007
> +@@ -540,8 +540,7 @@ maintainer-clean-generic:
> @echo "This command is intended for maintainers to use"
> @echo "it deletes files that may require special tools to rebuild."
> -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
> [EMAIL PROTECTED]@uninstall-local:
> [EMAIL PROTECTED]@install-data-local:
> +install-data-local:
> clean: clean-recursive
>
> clean-am: clean-generic clean-libtool clean-local mostlyclean-am
> -@@ -608,13 +608,6 @@ include/str_search.h: $(srcdir)/../prepr
> +@@ -705,20 +704,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s
> clean-local:
> rm -rf include build
>
> @@ -20,6 +21,13 @@ $OpenBSD: patch-src_dynamic-preprocessor
> [EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
> [EMAIL PROTECTED]@ if test -f $(srcdir)/$$f; then p=$(srcdir)/$$f;
> else p=$$f; fi; \
> [EMAIL PROTECTED]@ $(INSTALL_DATA) $$p
> $(DESTDIR)$(srcinstdir)/$$truefile; \
> [EMAIL PROTECTED]@ done
> +-
> [EMAIL PROTECTED]@uninstall-local:
> [EMAIL PROTECTED]@ @for f in $(exported_files); do \
> [EMAIL PROTECTED]@ truefile=`echo $$f | sed -e "s/.*\///"`; \
> [EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
> [EMAIL PROTECTED]@ $(RM) -f $(DESTDIR)$(srcinstdir)/$$truefile; \
> [EMAIL PROTECTED]@ done
> # Tell versions [3.59,3.63) of GNU make to not export all variables.
> # Otherwise a system limit (for SysV at least) may be exceeded.
> Index: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> ===================================================================
> RCS file: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> diff -N patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 21 Nov
> 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Fri Sep 7
> 20:31:51 2007
> ++++ src/dynamic-preprocessors/dcerpc/Makefile.in Mon Nov 19 22:18:11 2007
> +@@ -392,7 +392,7 @@ distdir: $(DISTFILES)
> + check-am: all-am
> + check: $(BUILT_SOURCES)
> + $(MAKE) $(AM_MAKEFLAGS) check-am
> +-all-am: Makefile $(LTLIBRARIES) all-local
> ++all-am: Makefile $(LTLIBRARIES)
> + installdirs:
> + for dir in "$(DESTDIR)$(libdir)"; do \
> + test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_dns_Makefile_in
> ===================================================================
> RCS file:
> /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dns_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_dns_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_dns_Makefile_in 10 Oct 2006
> 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_dns_Makefile_in 21 Nov 2007
> 00:43:34 -0000
> @@ -1,7 +1,7 @@
> $OpenBSD: patch-src_dynamic-preprocessors_dns_Makefile_in,v 1.1 2006/10/10
> 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/dns/Makefile.in.orig Tue Oct 10 12:22:55 2006
> -+++ src/dynamic-preprocessors/dns/Makefile.in Tue Oct 10 12:23:59 2006
> -@@ -373,7 +373,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/dns/Makefile.in.orig Fri Sep 7 20:31:51 2007
> ++++ src/dynamic-preprocessors/dns/Makefile.in Mon Nov 19 22:18:12 2007
> +@@ -374,7 +374,7 @@ distdir: $(DISTFILES)
> check-am: all-am
> check: $(BUILT_SOURCES)
> $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
> +all-am: Makefile $(LTLIBRARIES)
> installdirs:
> for dir in "$(DESTDIR)$(libdir)"; do \
> - test -z "$$dir" || $(mkdir_p) "$$dir"; \
> + test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
> ===================================================================
> RCS file:
> /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 10 Oct
> 2006 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 21 Nov
> 2007 00:43:34 -0000
> @@ -1,7 +1,7 @@
> $OpenBSD: patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v 1.1
> 2006/10/10 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Tue Oct 10
> 12:18:08 2006
> -+++ src/dynamic-preprocessors/ftptelnet/Makefile.in Tue Oct 10 12:18:34 2006
> -@@ -409,7 +409,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Fri Sep 7
> 20:31:51 2007
> ++++ src/dynamic-preprocessors/ftptelnet/Makefile.in Mon Nov 19 22:18:14 2007
> +@@ -414,7 +414,7 @@ distdir: $(DISTFILES)
> check-am: all-am
> check: $(BUILT_SOURCES)
> $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
> +all-am: Makefile $(LTLIBRARIES)
> installdirs:
> for dir in "$(DESTDIR)$(libdir)"; do \
> - test -z "$$dir" || $(mkdir_p) "$$dir"; \
> + test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_smtp_Makefile_in
> ===================================================================
> RCS file:
> /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_smtp_Makefile_in,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_dynamic-preprocessors_smtp_Makefile_in
> --- patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 10 Oct 2006
> 13:33:17 -0000 1.1
> +++ patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 21 Nov 2007
> 00:43:34 -0000
> @@ -1,7 +1,7 @@
> $OpenBSD: patch-src_dynamic-preprocessors_smtp_Makefile_in,v 1.1 2006/10/10
> 13:33:17 aanriot Exp $
> ---- src/dynamic-preprocessors/smtp/Makefile.in.orig Tue Oct 10 12:22:47 2006
> -+++ src/dynamic-preprocessors/smtp/Makefile.in Tue Oct 10 12:23:13 2006
> -@@ -387,7 +387,7 @@ distdir: $(DISTFILES)
> +--- src/dynamic-preprocessors/smtp/Makefile.in.orig Fri Sep 7 20:31:52 2007
> ++++ src/dynamic-preprocessors/smtp/Makefile.in Mon Nov 19 22:18:14 2007
> +@@ -388,7 +388,7 @@ distdir: $(DISTFILES)
> check-am: all-am
> check: $(BUILT_SOURCES)
> $(MAKE) $(AM_MAKEFLAGS) check-am
> @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor
> +all-am: Makefile $(LTLIBRARIES)
> installdirs:
> for dir in "$(DESTDIR)$(libdir)"; do \
> - test -z "$$dir" || $(mkdir_p) "$$dir"; \
> + test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> ===================================================================
> RCS file: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> diff -N patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 21 Nov 2007
> 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/dynamic-preprocessors/ssh/Makefile.in.orig Fri Sep 7 20:31:52 2007
> ++++ src/dynamic-preprocessors/ssh/Makefile.in Mon Nov 19 22:18:15 2007
> +@@ -374,7 +374,7 @@ distdir: $(DISTFILES)
> + check-am: all-am
> + check: $(BUILT_SOURCES)
> + $(MAKE) $(AM_MAKEFLAGS) check-am
> +-all-am: Makefile $(LTLIBRARIES) all-local
> ++all-am: Makefile $(LTLIBRARIES)
> + installdirs:
> + for dir in "$(DESTDIR)$(libdir)"; do \
> + test -z "$$dir" || $(MKDIR_P) "$$dir"; \
> Index: patches/patch-src_event_h
> ===================================================================
> RCS file: patches/patch-src_event_h
> diff -N patches/patch-src_event_h
> --- patches/patch-src_event_h 25 Nov 2006 05:33:28 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,21 +0,0 @@
> -$OpenBSD: patch-src_event_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
> ---- src/event.h.orig Tue Aug 23 18:52:22 2005
> -+++ src/event.h Tue Nov 7 20:28:12 2006
> -@@ -34,6 +34,8 @@
> - #include <sys/time.h>
> - #endif
> -
> -+#include "snort_packet_header.h"
> -+
> - typedef struct _Event
> - {
> - u_int32_t sig_generator; /* which part of snort generated the alert?
> */
> -@@ -45,7 +47,7 @@ typedef struct _Event
> - u_int32_t event_reference; /* reference to other events that have gone
> off,
> - * such as in the case of tagged packets...
> - */
> -- struct timeval ref_time; /* reference time for the event reference */
> -+ struct pcap_timeval ref_time; /* reference time for the event
> reference */
> -
> - /* Don't add to this structure because this is the serialized data
> - * struct for unified logging.
> Index: patches/patch-src_log_c
> ===================================================================
> RCS file: patches/patch-src_log_c
> diff -N patches/patch-src_log_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_log_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,39 @@
> +$OpenBSD$
> +--- src/log.c.orig Mon Aug 20 19:40:24 2007
> ++++ src/log.c Mon Nov 19 22:32:12 2007
> +@@ -355,7 +355,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p)
> + DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type););
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> + /* dump the timestamp */
> + fwrite(timestamp, strlen(timestamp), 1, fp);
> +@@ -800,7 +800,7 @@ void PrintArpHeader(FILE * fp, Packet * p)
> +
> + bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> + /* determine what to use as MAC src and dst */
> + if (p->eh != NULL)
> +@@ -1874,7 +1874,7 @@ void PrintEapolPkt(FILE * fp, Packet * p)
> +
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> + /* dump the timestamp */
> + fwrite(timestamp, strlen(timestamp), 1, fp);
> +@@ -2048,7 +2048,7 @@ void PrintWifiPkt(FILE * fp, Packet * p)
> +
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print((struct timeval *) & p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
> +
> + /* dump the timestamp */
> + fwrite(timestamp, strlen(timestamp), 1, fp);
> Index: patches/patch-src_output-plugins_spo_alert_fast_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_alert_fast_c
> diff -N patches/patch-src_output-plugins_spo_alert_fast_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_alert_fast_c 21 Nov 2007 00:43:34
> -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_alert_fast.c.orig Mon Aug 20 19:26:05 2007
> ++++ src/output-plugins/spo_alert_fast.c Mon Nov 19 22:36:30 2007
> +@@ -138,7 +138,7 @@ void AlertFast(Packet *p, char *msg, void *arg, Event
> + SpoAlertFastData *data = (SpoAlertFastData *)arg;
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts,
> timestamp);
> ++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
> timestamp);
> +
> + /* dump the timestamp */
> + fwrite(timestamp, strlen(timestamp), 1, data->file);
> Index: patches/patch-src_output-plugins_spo_alert_full_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_alert_full_c
> diff -N patches/patch-src_output-plugins_spo_alert_full_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_alert_full_c 21 Nov 2007 00:43:34
> -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_alert_full.c.orig Mon Aug 20 19:26:05 2007
> ++++ src/output-plugins/spo_alert_full.c Mon Nov 19 22:36:14 2007
> +@@ -162,7 +162,7 @@ void AlertFull(Packet *p, char *msg, void *arg, Event
> + DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n"););
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts,
> timestamp);
> ++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
> timestamp);
> +
> + /* dump the timestamp */
> + fwrite(timestamp, strlen(timestamp), 1, data->file);
> Index: patches/patch-src_output-plugins_spo_csv_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_csv_c
> diff -N patches/patch-src_output-plugins_spo_csv_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_output-plugins_spo_csv_c 21 Nov 2007 00:43:34
> -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/output-plugins/spo_csv.c.orig Mon Aug 20 19:26:06 2007
> ++++ src/output-plugins/spo_csv.c Mon Nov 19 22:37:14 2007
> +@@ -270,7 +270,7 @@ void RealAlertCSV(Packet * p, char *msg, FILE * file,
> + return;
> +
> + bzero((char *) timestamp, TIMEBUF_SIZE);
> +- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts,
> timestamp);
> ++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
> timestamp);
> +
> + DEBUG_WRAP(DebugMessage(DEBUG_LOG,"Logging CSV Alert data\n"););
> +
> Index: patches/patch-src_output-plugins_spo_unified_c
> ===================================================================
> RCS file: patches/patch-src_output-plugins_spo_unified_c
> diff -N patches/patch-src_output-plugins_spo_unified_c
> --- patches/patch-src_output-plugins_spo_unified_c 25 Nov 2006 05:33:28
> -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,38 +0,0 @@
> -$OpenBSD: patch-src_output-plugins_spo_unified_c,v 1.1 2006/11/25 05:33:28
> pvalchev Exp $
> ---- src/output-plugins/spo_unified.c.orig Fri May 12 20:19:56 2006
> -+++ src/output-plugins/spo_unified.c Tue Nov 7 20:28:12 2006
> -@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
> - typedef struct _UnifiedAlert
> - {
> - Event event;
> -- struct timeval ts; /* event timestamp */
> -+ struct pcap_timeval ts; /* event timestamp */
> - u_int32_t sip; /* src ip */
> - u_int32_t dip; /* dest ip */
> - u_int16_t sp; /* src port */
> -@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
> - * this will have to be fixed when we transition to the pa_engine
> - * code (p->pkth is libpcap specific)
> - */
> -- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
> -+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
> -+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
> -+ logheader.pkth.caplen = p->pkth->caplen;
> -+ logheader.pkth.pktlen = p->pkth->len;
> -+
> - }
> - else
> - {
> -@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
> - {
> - logheader.flags = p->packet_flags;
> -
> -- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
> -+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
> -+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
> -+ logheader.pkth.caplen = p->pkth->caplen;
> -+ logheader.pkth.pktlen = p->pkth->len;
> -+
> -
> - #ifdef GIDS
> - /*
> Index: patches/patch-src_ppm_c
> ===================================================================
> RCS file: patches/patch-src_ppm_c
> diff -N patches/patch-src_ppm_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_ppm_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,21 @@
> +$OpenBSD$
> +--- src/ppm.c.orig Mon Aug 20 19:25:02 2007
> ++++ src/ppm.c Mon Nov 19 22:39:12 2007
> +@@ -360,7 +360,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
> + if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
> + {
> + if(!*timestamp)
> +- ts_print((struct timeval*)&p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32*)&p->pkth->ts, timestamp);
> +
> + LogMessage(PPM_FMT_REENABLED,
> + otn->sigInfo.generator,
> +@@ -423,7 +423,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
> + if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
> + {
> + if(!*timestamp)
> +- ts_print((struct timeval*)&p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32*)&p->pkth->ts, timestamp);
> +
> + LogMessage(PPM_FMT_SUSPENDED,
> + otn->sigInfo.generator,
> Index: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> diff -N patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 21 Nov
> 2007 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Fri Sep 7
> 20:04:06 2007
> ++++ src/preprocessors/Stream5/snort_stream5_tcp.c Mon Nov 19 22:38:27 2007
> +@@ -6076,7 +6076,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet
> + char src_addr[17];
> + char dst_addr[17];
> + bzero((char *)timestamp, TIMEBUF_SIZE);
> +- ts_print((struct timeval *) &p->pkth->ts, timestamp);
> ++ ts_print((struct timeval32 *) &p->pkth->ts, timestamp);
> + SnortSnprintf(src_addr, 17, "%s",
> + inet_ntoa(GET_SRC_IP(p)));
> + SnortSnprintf(dst_addr, 17, "%s",
> Index: patches/patch-src_preprocessors_snort_stream4_session_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_snort_stream4_session_c
> diff -N patches/patch-src_preprocessors_snort_stream4_session_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_snort_stream4_session_c 21 Nov 2007
> 00:43:34 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/snort_stream4_session.c.orig Mon Aug 20 19:30:23 2007
> ++++ src/preprocessors/snort_stream4_session.c Mon Nov 19 22:50:05 2007
> +@@ -149,7 +149,7 @@ int GetSessionKey(Packet *p, SessionHashKey *key)
> + key->proto = GET_IPH_PROTO(p);
> +
> + #ifdef _LP64
> +- key->pad1 = key->pad2 = 0;
> ++ key->pad1 = key->pad2 = key->pad3 = 0;
> + #endif
> +
> + return 1;
> Index: patches/patch-src_preprocessors_spp_sfportscan_c
> ===================================================================
> RCS file: patches/patch-src_preprocessors_spp_sfportscan_c
> diff -N patches/patch-src_preprocessors_spp_sfportscan_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_spp_sfportscan_c 21 Nov 2007 00:43:34
> -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- src/preprocessors/spp_sfportscan.c.orig Fri Sep 7 19:59:20 2007
> ++++ src/preprocessors/spp_sfportscan.c Mon Nov 19 22:39:50 2007
> +@@ -247,7 +247,7 @@ static int LogPortscanAlert(Packet *p, char *msg, u_in
> + return 0;
> + }
> +
> +- ts_print((struct timeval *)&p->pkth->ts, timebuf);
> ++ ts_print((struct timeval32 *)&p->pkth->ts, timebuf);
> +
> + fprintf(g_logfile, "Time: %s\n", timebuf);
> +
> Index: patches/patch-src_preprocessors_stream_h
> ===================================================================
> RCS file: patches/patch-src_preprocessors_stream_h
> diff -N patches/patch-src_preprocessors_stream_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_preprocessors_stream_h 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,80 @@
> +$OpenBSD$
> +--- src/preprocessors/stream.h.orig Mon Aug 20 19:30:23 2007
> ++++ src/preprocessors/stream.h Mon Nov 19 22:54:03 2007
> +@@ -39,12 +39,12 @@ typedef struct _StreamPacketData
> + u_int8_t *pktOrig;
> + u_int8_t *pkt;
> + struct pcap_pkthdr pkth;
> +- u_int16_t pkt_size;
> + /* Pointer to trimmed payload */
> + u_int8_t *payload;
> +- u_int16_t payload_size;
> + u_int32_t seq_num;
> + u_int32_t cksum;
> ++ u_int16_t pkt_size;
> ++ u_int16_t payload_size;
> + u_int8_t chuck; /* mark the spd for chucking if it's
> + * been reassembled
> + */
> +@@ -66,34 +66,37 @@ typedef struct _StreamAlertInfo
> + typedef struct _Stream
> + {
> + ip_t ip; /* IP addr */
> +- u_int16_t port; /* port number */
> +- u_int8_t state; /* stream state */
> + u_int32_t isn; /* initial sequence number */
> + u_int32_t base_seq; /* base seq num for this packet set */
> + u_int32_t last_ack; /* last segment ack'd */
> ++ u_int16_t port; /* port number */
> + u_int16_t win_size; /* window size */
> + u_int32_t next_seq; /* next sequence we expect to see -- used on
> reassemble */
> + u_int32_t pkts_sent; /* track the number of packets in this stream */
> + u_int32_t bytes_sent; /* track the number of bytes in this stream */
> + u_int32_t bytes_tracked; /* track the total number of bytes on this
> side */
> ++ u_int8_t state; /* stream state */
> + u_int8_t state_queue; /* queued state transition */
> + u_int8_t expected_flags; /* tcp flag needed to accept transition */
> +- u_int32_t trans_seq; /* sequence number of transition packet */
> + u_int8_t stq_chk_seq; /* flag to see if we need to check the seq
> + num of the state transition packet */
> ++ u_int32_t trans_seq; /* sequence number of transition packet */
> + u_int32_t overlap_pkts; /* track the number of packets with duplicate
> seq #s */
> + u_int32_t bytes_inspected; /* track the number of bytes seen since last
> + * data from other side */
> +
> ++ u_int32_t pkt_count;
> + StreamPacketData *seglist;
> + StreamPacketData *seglist_tail;
> +- u_int32_t pkt_count;
> +- char flags;
> +
> + StreamAlertInfo alerts[MAX_SESSION_ALERTS];
> + u_int8_t alert_count; /* count alerts seen in a stream */
> +
> + u_int8_t outoforder; /* flag indicating stream is no longer in
> order */
> ++ char flags;
> ++#if defined(_LP64)
> ++ char pad;
> ++#endif
> + } Stream;
> +
> + typedef struct _SessionHashKey
> +@@ -103,14 +106,13 @@ typedef struct _SessionHashKey
> + u_int16_t port; /* If IPs are the same, this will be the lower of
> + * the two ports. Otherwise, it will be the port
> + * corresponding to lowIP. */
> +-#if defined(_LP64)
> +- u_int16_t pad1;
> +-#endif
> + u_int16_t port2;
> ++ u_int8_t proto;
> + #if defined(_LP64)
> +- u_int16_t pad2;
> ++ u_int8_t pad1;
> ++ u_int8_t pad2;
> ++ u_int8_t pad3;
> + #endif
> +- u_int8_t proto;
> + } SessionHashKey;
> +
> + typedef struct _StreamApplicationData
> Index: patches/patch-src_snort_packet_header_h
> ===================================================================
> RCS file: patches/patch-src_snort_packet_header_h
> diff -N patches/patch-src_snort_packet_header_h
> --- patches/patch-src_snort_packet_header_h 25 Nov 2006 05:33:28 -0000
> 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,25 +0,0 @@
> -$OpenBSD: patch-src_snort_packet_header_h,v 1.1 2006/11/25 05:33:28 pvalchev
> Exp $
> ---- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
> -+++ src/snort_packet_header.h Tue Nov 7 20:28:12 2006
> -@@ -16,12 +16,20 @@
> - #include <sys/types.h>
> -
> -
> -+/* we must use fixed size of 32 bits, because on-disk
> -+ * format of savefiles uses 32-bit tv_sec (and tv_usec)
> -+ */
> -+struct pcap_timeval {
> -+ u_int32_t tv_sec; /* seconds */
> -+ u_int32_t tv_usec; /* microseconds */
> -+};
> -+
> - /* this is equivalent to the pcap pkthdr struct, but we need one for
> - * portability once we introduce the pa_engine code
> - */
> - typedef struct _SnortPktHeader
> - {
> -- struct timeval ts; /* packet timestamp */
> -+ struct pcap_timeval ts;/* packet timestamp */
> - u_int32_t caplen; /* packet capture length */
> - u_int32_t pktlen; /* packet "real" length */
> - } SnortPktHeader;
> Index: patches/patch-src_util_c
> ===================================================================
> RCS file: patches/patch-src_util_c
> diff -N patches/patch-src_util_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_util_c 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,29 @@
> +$OpenBSD$
> +--- src/util.c.orig Mon Aug 20 18:31:51 2007
> ++++ src/util.c Mon Nov 19 22:37:37 2007
> +@@ -392,12 +392,13 @@ int DisplayBanner()
> + * Returns: void function
> + *
> +
> ****************************************************************************/
> +-void ts_print(register const struct timeval *tvp, char *timebuf)
> ++void ts_print(register const struct timeval32 *tvp, char *timebuf)
> + {
> + register int s;
> + int localzone;
> + time_t Time;
> + struct timeval tv;
> ++ struct timeval32 tvnow;
> + struct timezone tz;
> + struct tm *lt; /* place to stick the adjusted clock data */
> +
> +@@ -407,7 +408,9 @@ void ts_print(register const struct timeval *tvp, char
> + /* manual page (for linux) says tz is never used, so.. */
> + bzero((char *) &tz, sizeof(tz));
> + gettimeofday(&tv, &tz);
> +- tvp = &tv;
> ++ tvnow.tv_sec = tv.tv_sec;
> ++ tvnow.tv_usec = tv.tv_usec;
> ++ tvp = &tvnow;
> + }
> +
> + localzone = thiszone;
> Index: patches/patch-src_util_h
> ===================================================================
> RCS file: patches/patch-src_util_h
> diff -N patches/patch-src_util_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_util_h 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1,20 @@
> +$OpenBSD$
> +--- src/util.h.orig Mon Aug 20 18:35:44 2007
> ++++ src/util.h Mon Nov 19 22:31:17 2007
> +@@ -34,6 +34,7 @@
> + #endif
> +
> + #include "sf_types.h"
> ++#include "pcap_pkthdr32.h"
> +
> + /* specifies that a function does not return
> + * used for quieting Visual Studio warnings
> +@@ -139,7 +140,7 @@ typedef struct _IntervalStats
> + int DisplayBanner();
> + void GetTime(char *);
> + int gmt2local(time_t);
> +-void ts_print(register const struct timeval *, char *);
> ++void ts_print(register const struct timeval32 *, char *);
> + char *copy_argv(char **);
> + void strip(char *);
> + double CalcPct(UINT64, UINT64);
> Index: pkg/PFRAG.prelude
> ===================================================================
> RCS file: pkg/PFRAG.prelude
> diff -N pkg/PFRAG.prelude
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/PFRAG.prelude 21 Nov 2007 00:43:34 -0000
> @@ -0,0 +1 @@
> [EMAIL PROTECTED] usermod -G _prelude _snort
> Index: pkg/PFRAG.shared
> ===================================================================
> RCS file: /cvs/ports/net/snort/pkg/PFRAG.shared,v
> retrieving revision 1.1
> diff -u -p -r1.1 PFRAG.shared
> --- pkg/PFRAG.shared 10 Oct 2006 13:33:17 -0000 1.1
> +++ pkg/PFRAG.shared 21 Nov 2007 00:43:34 -0000
> @@ -1,5 +1,7 @@
> @comment $OpenBSD: PFRAG.shared,v 1.1 2006/10/10 13:33:17 aanriot Exp $
> @lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION}
> [EMAIL PROTECTED]
> lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.${LIBsf_dcerpc_preproc_VERSION}
> @lib
> lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.${LIBsf_dns_preproc_VERSION}
> @lib
> lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.${LIBsf_ftptelnet_preproc_VERSION}
> @lib
> lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.${LIBsf_smtp_preproc_VERSION}
> [EMAIL PROTECTED]
> lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.${LIBsf_ssh_preproc_VERSION}
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/snort/pkg/PLIST,v
> retrieving revision 1.15
> diff -u -p -r1.15 PLIST
> --- pkg/PLIST 10 Oct 2006 13:33:17 -0000 1.15
> +++ pkg/PLIST 21 Nov 2007 00:43:34 -0000
> @@ -1,22 +1,29 @@
> @comment $OpenBSD: PLIST,v 1.15 2006/10/10 13:33:17 aanriot Exp $
> @newgroup _snort:557
> @newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
> +%%prelude%%
> %%SHARED%%
> bin/snort
> lib/snort_dynamicengine/
> lib/snort_dynamicengine/libsf_engine.a
> @comment lib/snort_dynamicengine/libsf_engine.la
> lib/snort_dynamicpreprocessor/
> +lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
> [EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
> lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
> @comment lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
> lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
> @comment lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
> lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
> @comment lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
> +lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
> [EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
> @man man/man8/snort.8
> share/doc/snort/
> share/doc/snort/AUTHORS
> share/doc/snort/CREDITS
> +share/doc/snort/README
> +share/doc/snort/README.ARUBA
> share/doc/snort/README.FLEXRESP
> share/doc/snort/README.FLEXRESP2
> share/doc/snort/README.INLINE
> @@ -29,6 +36,8 @@ share/doc/snort/README.alert_order
> share/doc/snort/README.asn1
> share/doc/snort/README.csv
> share/doc/snort/README.database
> +share/doc/snort/README.dcerpc
> +share/doc/snort/README.decode
> share/doc/snort/README.dns
> share/doc/snort/README.event_queue
> share/doc/snort/README.flow
> @@ -37,25 +46,32 @@ share/doc/snort/README.flowbits
> share/doc/snort/README.frag3
> share/doc/snort/README.ftptelnet
> share/doc/snort/README.http_inspect
> +share/doc/snort/README.ppm
> share/doc/snort/README.sfportscan
> +share/doc/snort/README.ssh
> +share/doc/snort/README.stream4
> +share/doc/snort/README.stream5
> +share/doc/snort/README.tag
> share/doc/snort/README.thresholding
> +share/doc/snort/README.variables
> share/doc/snort/README.wireless
> +share/doc/snort/TODO
> +share/doc/snort/USAGE
> +share/doc/snort/WISHLIST
> share/doc/snort/faq.pdf
> +share/doc/snort/generators
> share/doc/snort/snort_manual.pdf
> share/doc/snort/snort_schema_v106.pdf
> share/examples/snort/
> @sample ${SYSCONFDIR}/snort/
> @sample ${SYSCONFDIR}/snort/rules/
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/
> share/examples/snort/classification.config
> @sample ${SYSCONFDIR}/snort/classification.config
> share/examples/snort/gen-msg.map
> @sample ${SYSCONFDIR}/snort/gen-msg.map
> -share/examples/snort/generators
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/generators
> share/examples/snort/reference.config
> @sample ${SYSCONFDIR}/snort/reference.config
> -share/examples/snort/sid
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/sid
> share/examples/snort/sid-msg.map
> @sample ${SYSCONFDIR}/snort/sid-msg.map
> share/examples/snort/snort.conf
> @@ -64,6 +80,11 @@ share/examples/snort/threshold.conf
> @sample ${SYSCONFDIR}/snort/threshold.conf
> share/examples/snort/unicode.map
> @sample ${SYSCONFDIR}/snort/unicode.map
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/generators
> +share/examples/snort/decoder.rules
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/decoder.rules
> +share/examples/snort/preprocessor.rules
> [EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/preprocessor.rules
> @sample /var/snort/
> @owner _snort
> @group _snort
