./configure option, --enable-unified-native-timeval to have unified outputs use a native timeval to be compatible with unpatched barnyard 1 on 64 bit systems.

configure.in

@@ -582,6 +582,15 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
     CFLAGS="${CFLAGS} -DUNITTESTS"
     fi
 
+# enable native timeval for unified alert output
+    AC_ARG_ENABLE(unified-native-timeval,
+            [  --enable-unified-native-timeval  Use native timeval for unified outputs],
+            [ enable_unified_native_timeval=yes
+            ])
+    if test "$enable_unified_native_timeval" = "yes"; then
+    CFLAGS="${CFLAGS} -DUNIFIED_NATIVE_TIMEVAL"
+    fi
+
 # enable debug output
     AC_ARG_ENABLE(debug,
             [  --enable-debug  Enable debug output],

src/alert-unified-alert.c

@@ -83,8 +83,13 @@ typedef struct AlertUnifiedAlertPacketHeader_ {
     uint32_t sig_prio;
     uint32_t pad1; /* Snort's event_id */
     uint32_t pad2; /* Snort's event_reference */
+#ifdef UNIFIED_NATIVE_TIMEVAL
+    struct timeval ref_ts; /* Reference timestamp. */
+    struct timeval ts; /* Timestamp. */
+#else
     struct sc_timeval32 ref_ts; /* Reference timestamp. */
     struct sc_timeval32 ts; /* Timestamp. */
+#endif /* UNIFIED_NATIVE_TIMEVAL */
     uint32_t src_ip;
     uint32_t dst_ip;
     uint16_t sp;

src/alert-unified-log.c

@@ -86,13 +86,21 @@ typedef struct AlertUnifiedLogPacketHeader_ {
     uint32_t sig_prio;
     uint32_t pad1; /* Snort's event_id */
     uint32_t pad2; /* Snort's event_reference */
+#ifdef UNIFIED_NATIVE_TIMEVAL
+    struct timeval ref_tv;
+#else
     struct sc_timeval32 ref_tv;
+#endif /* UNIFIED_NATIVE_TIMEVAL */
 
     /* 32 bit unsigned flags */
     uint32_t pktflags;
 
     /* Snort's 'SnortPktHeader' structure */
+#ifdef UNIFIED_NATIVE_TIMEVAL
+    struct timeval tv;
+#else
     struct sc_timeval32 tv;
+#endif /* UNIFIED_NATIVE_TIMEVAL */
     uint32_t caplen;
     uint32_t pktlen;
 } AlertUnifiedLogPacketHeader;