libpcap 1.2.0 for OpenBSD

This diff has been committed! Thank you to everyone who tested and gave feedback. It should be in most of the snapshots by now. Continuous testing before the next OpenBSD release is most welcome!

There is also a new Snort 2.9 port that has been posted by Markus Lude, the official Snort maintainer, to the ports@openbsd.org mailing list. Please follow that thread if you're interested in making Snort 2.9 work on OpenBSD!


Latest diff: libpcap-1.2.0-20120523.diff

Summary

The libpcap in OpenBSD base is really old (last sync with upstream was done with libpcap 0.9.4 in 2006). Because of this, some new programs that need libpcap >= 1.0 cannot be easily ported to OpenBSD.

Snort users are especially affected because the latest Snort 2.9.x requires libpcap 1.x. Sourcefire (Snort's author) no longer supports or provide rules for Snort 2.8 since November 2011. The current Snort port in OpenBSD is Snort 2.8.6.

In the spirit of Shut Up and Hack, I wrote a diff (downloadable at top of page) that imports critical functions from libpcap 1.2.0 to libcap in base. This new libpcap should be backwards-compatible with existing programs that already use libpcap.

This is where you can help! :) If you care about having a more recent libpcap in OpenBSD base, could you please consider testing this diff? To make it as easy as possible, I have included the steps to apply the diff within the diff itself (just like the OpenBSD errata diffs).

I have also identified programs in base and all the ports that use libpcap. If you use any of these programs or ports, please consider testing them with the diff to ensure that they still work for you.

I've also created a proof-of-concept Snort 2.9.x port that links with the new libpcap for anyone who may be interested.

Here are a few things that could use some testing. I have only tested them on amd64 and i386, so tests on other platforms would be appreciated.

Please send reports and feedback to me at lteo()openbsd.org .. thank you!