> This diff fixes unified logging/alerting on 64-bit platforms.
>
> http://secure.lv/~nikns/stuff/ports/snort-2.6.0.2p1.diff
...
> +--- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
> ++++ src/snort_packet_header.h Tue Nov 7 20:28:12 2006
> +@@ -16,12 +16,20 @@
> + #include <sys/types.h>
> +
> +
> ++/* we must use fixed size of 32 bits, because on-disk
> ++ * format of savefiles uses 32-bit tv_sec (and tv_usec)
> ++ */
> ++struct pcap_timeval {
> ++ u_int32_t tv_sec; /* seconds */
> ++ u_int32_t tv_usec; /* microseconds */
> ++};
> ++
Use bpf_timeval (see net/bpf.h) which is defined the same way,
don't define your own struct...
