Index: head/security/suricata/Makefile
===================================================================
--- head/security/suricata/Makefile	(revision 443828)
+++ head/security/suricata/Makefile	(revision 443829)
@@ -1,156 +1,156 @@
 # Created by: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
 # $FreeBSD$
 
 PORTNAME=	suricata
-PORTVERSION=	3.2.1
+PORTVERSION=	3.2.2
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/
 
 MAINTAINER=	franco@opnsense.org
 COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine
 
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 LIB_DEPENDS=	libpcre.so:devel/pcre \
 		libnet.so:net/libnet \
-		libgnutls.so:security/gnutls \
-		libgcrypt.so:security/libgcrypt \
-		libgpg-error.so:security/libgpg-error \
-		libltdl.so:devel/libltdl \
 		libyaml.so:textproc/libyaml
 
 USES=		autoreconf cpe gmake libtool pathfix pkgconfig
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
 
 GNU_CONFIGURE=	yes
 
 CPE_VENDOR=	openinfosecfoundation
 
 INSTALL_TARGET=		install-strip
 TEST_TARGET=		check
 
 OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE SC TESTS
 OPTIONS_DEFINE_amd64=	HYPERSCAN
 OPTIONS_DEFAULT=	HTP_PORT IPFW JSON NETMAP PRELUDE
 OPTIONS_SUB=		yes
 
 OPTIONS_RADIO=		SCRIPTS
 OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT
 
 SCRIPTS_DESC=		Scripting
 
 GEOIP_DESC=		GeoIP support
 HYPERSCAN_DESC=		Hyperscan support
 HTP_PORT_DESC=		Use libhtp from ports
 IPFW_DESC=		IPFW and IP Divert support for inline IDP
 JSON_DESC=		JSON output support
 LUA_DESC=		LUA scripting support
 LUAJIT_DESC=		LuaJIT scripting support
 NETMAP_DESC=		Netmap support for inline IDP
 NSS_DESC=		File checksums and SSL/TLS fingerprinting
 PORTS_PCAP_DESC=	Use libpcap from ports
 PRELUDE_DESC=		Prelude support for NIDS alerts
 SC_DESC=		Suricata socket client (suricatasc)
 TESTS_DESC=		Unit tests in suricata binary
 
 GEOIP_LIB_DEPENDS=		libGeoIP.so:net/GeoIP
 GEOIP_CONFIGURE_ON=		--enable-geoip
 
-HTP_PORT_BUILD_DEPENDS=		libhtp>=0.5.20:devel/libhtp
+HTP_PORT_BUILD_DEPENDS=		libhtp>=0.5.24:devel/libhtp
 HTP_PORT_LIB_DEPENDS=		libhtp.so:devel/libhtp
 HTP_PORT_CONFIGURE_ON=		--enable-non-bundled-htp
 HTP_PORT_CONFIGURE_OFF=		--enable-bundled-htp
 HTP_PORT_CONFLICTS_INSTALL_OFF=	libhtp-[0-9]* libhtp-suricata
 HTP_PORT_USES_OFF=		iconv:translit
 
 HYPERSCAN_LIB_DEPENDS=		libhs.so:devel/hyperscan
 HYPERSCAN_CONFIGURE_ON=		--with-libhs-includes=${LOCALBASE}/include \
 				--with-libhs-libraries=${LOCALBASE}/lib
 
 IPFW_CONFIGURE_ON=		--enable-ipfw
 
 JSON_LIB_DEPENDS=		libjansson.so:devel/jansson
 JSON_CONFIGURE_ON=		--with-libjansson-includes=${LOCALBASE}/include \
 				--with-libjansson-libraries=${LOCALBASE}/lib
 
 LUA_USES=			lua:51
 LUA_CONFIGURE_ON=		--enable-lua \
 				--with-liblua-includes=${LUA_INCDIR} \
 				--with-liblua-libraries=${LUA_LIBDIR}
 
 LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit
 LUAJIT_CONFIGURE_ON=		--enable-luajit
 
 NSS_LIB_DEPENDS=		libnss3.so:security/nss \
 				libnspr4.so:devel/nspr
 NSS_CONFIGURE_ON=		--with-libnss-includes=${LOCALBASE}/include/nss/nss \
 				--with-libnss-libraries=${LOCALBASE}/lib \
 				--with-libnspr-libraries=${LOCALBASE}/lib \
 				--with-libnspr-includes=${LOCALBASE}/include/nspr
 
 NETMAP_CONFIGURE_ENABLE=	netmap
 
 PORTS_PCAP_LIB_DEPENDS=		libpcap.so.1:net/libpcap
 PORTS_PCAP_CONFIGURE_ON=	--with-libpcap-includes=${LOCALBASE}/include \
 				--with-libpcap-libraries=${LOCALBASE}/lib
 PORTS_PCAP_CONFIGURE_OFF=	--with-libpcap-includes=/usr/include \
 				--with-libpcap-libraries=/usr/lib
 
-PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude
+PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
+				libgnutls.so:security/gnutls \
+				libgcrypt.so:security/libgcrypt \
+				libgpg-error.so:security/libgpg-error \
+				libltdl.so:devel/libltdl
 PRELUDE_CONFIGURE_ENABLE=	prelude
 PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
 
 SC_USES=			python
 SC_CONFIGURE_ENV=		ac_cv_path_HAVE_PYTHON_CONFIG=yes
 SC_CONFIGURE_ENV_OFF=		ac_cv_path_HAVE_PYTHON_CONFIG=no
 
 TESTS_CONFIGURE_ENABLE=		unittests
 
 SUB_FILES=	pkg-message
 
 CONFIGURE_ARGS+=--enable-gccprotect \
 		--with-libpcre-includes=${LOCALBASE}/include \
 		--with-libpcre-libraries=${LOCALBASE}/lib \
 		--with-libyaml-includes=${LOCALBASE}/include \
 		--with-libyaml-libraries=${LOCALBASE}/lib \
 		--with-libnet-includes=${LOCALBASE}/include \
 		--with-libnet-libraries=${LOCALBASE}/lib \
 		--with-libhtp-includes=${LOCALBASE}/include/ \
 		--with-libhtp-libraries=${LOCALBASE}/lib \
 	        --disable-gccmarch-native
 
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
 RULES_DIR=	${CONFIG_DIR}/rules
 RULES_FILES=	app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
 		http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
 		tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}
 
 .include <bsd.port.pre.mk>
 
 pre-patch:
 	${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
 
 post-install:
 	${MKDIR} ${STAGEDIR}${CONFIG_DIR}
 	${MKDIR} ${STAGEDIR}${RULES_DIR}
 	${MKDIR} ${STAGEDIR}${LOGS_DIR}
 
 .for f in ${CONFIG_FILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
 .endfor
 
 .for f in ${RULES_FILES}
 	${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
 .endfor
 
 .if ${PORT_OPTIONS:MSC}
 	(cd ${STAGEDIR}${PREFIX} \
 	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
 	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
 .endif
 
 .include <bsd.port.post.mk>
Index: head/security/suricata/distinfo
===================================================================
--- head/security/suricata/distinfo	(revision 443828)
+++ head/security/suricata/distinfo	(revision 443829)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1487168316
-SHA256 (suricata-3.2.1.tar.gz) = 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994
-SIZE (suricata-3.2.1.tar.gz) = 11754332
+TIMESTAMP = 1497119063
+SHA256 (suricata-3.2.2.tar.gz) = b1d8e5e53a76fbc89712d10ca8e2208f68f6fc2def0e6ac82e9693bb586a49cb
+SIZE (suricata-3.2.2.tar.gz) = 11758084
Index: head/security/suricata/files/suricata.in
===================================================================
--- head/security/suricata/files/suricata.in	(revision 443828)
+++ head/security/suricata/files/suricata.in	(revision 443829)
@@ -1,53 +1,55 @@
 #!/bin/sh
 # $FreeBSD$
 
 # PROVIDE: suricata
 # REQUIRE: DAEMON
 # BEFORE: LOGIN
 # KEYWORD: shutdown
 
 # Add the following lines to /etc/rc.conf to enable suricata:
 # suricata_enable (bool):	Set to YES to enable suricata
 # 				Default: NO
 # suricata_flags (str):		Extra flags passed to suricata
-#				Default: -D -q
-# suricata_interface (str):	Network interface to sniff
+#				Default: -D
+# suricata_interface (str):	Network interface(s) to sniff
 #				Default: "" 
 # suricata_conf (str):		Suricata configuration file
 #				Default: ${PREFIX}/etc/suricata/suricata.yaml
 # suricata_divertport (int):	Port to create divert socket (Inline Mode)
 #				Default: 8000
 # suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
 #				Default: NO
 
 
 . /etc/rc.subr
 
 name="suricata"
 rcvar=suricata_enable
 
 command="%%PREFIX%%/bin/suricata"
 
 load_rc_config $name
 
 [ -z "$suricata_enable" ]	&& suricata_enable="NO"
 [ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
 [ -z "$suricata_flags" ]	&& suricata_flags="-D"
 [ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
 [ -z "$suricata_netmap" ]	&& suricata_netmap="NO"
 
 if [ -n "$suricata_interface" ]; then
-	suricata_flags="$suricata_flags -i $suricata_interface"
+	for interface in $suricata_interface; do
+		suricata_flags="$suricata_flags --pcap=$interface"
+	done
 elif [ "$suricata_netmap" != "NO" ]; then
 	suricata_flags="$suricata_flags --netmap"
 else
 	suricata_flags="$suricata_flags -d $suricata_divertport"
 	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
 fi
 
 pidfile="/var/run/suricata.pid"
 suricata_flags="$suricata_flags --pidfile $pidfile"
 
 [ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"
 
 run_rc_command "$1"
Index: head/security/suricata/pkg-plist
===================================================================
--- head/security/suricata/pkg-plist	(revision 443828)
+++ head/security/suricata/pkg-plist	(revision 443829)
@@ -1,77 +1,77 @@
 bin/suricata
 man/man1/suricata.1.gz
 %%SC%%bin/suricatasc
 %%DOCSDIR%%/AUTHORS
 %%DOCSDIR%%/Basic_Setup.txt
 %%DOCSDIR%%/CentOS5.txt
 %%DOCSDIR%%/CentOS_56_Installation.txt
 %%DOCSDIR%%/Debian_Installation.txt
 %%DOCSDIR%%/Fedora_Core.txt
 %%DOCSDIR%%/FreeBSD_8.txt
 %%DOCSDIR%%/GITGUIDE
 %%DOCSDIR%%/HTP_library_installation.txt
 %%DOCSDIR%%/INSTALL
 %%DOCSDIR%%/INSTALL.PF_RING
 %%DOCSDIR%%/INSTALL.WINDOWS
 %%DOCSDIR%%/Installation_from_GIT_with_PCRE-JIT.txt
 %%DOCSDIR%%/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt
 %%DOCSDIR%%/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
 %%DOCSDIR%%/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
 %%DOCSDIR%%/Installation_with_CUDA_on_Scientific_Linux_6.txt
 %%DOCSDIR%%/Installation_with_CUDA_on_Ubuntu_server_1104.txt
 %%DOCSDIR%%/Installation_with_PF_RING.txt
 %%DOCSDIR%%/Mac_OS_X_106x.txt
 %%DOCSDIR%%/NEWS
 %%DOCSDIR%%/OpenBSD_Installation_from_GIT.txt
 %%DOCSDIR%%/README
 %%DOCSDIR%%/Setting_up_IPSinline_for_Linux.txt
 %%DOCSDIR%%/TODO
 %%DOCSDIR%%/Third_Party_Installation_Guides.txt
 %%DOCSDIR%%/Ubuntu_Installation.txt
 %%DOCSDIR%%/Ubuntu_Installation_from_GIT.txt
 %%DOCSDIR%%/Windows.txt
 %%NO_HTP_PORT%%include/htp/bstr.h
 %%NO_HTP_PORT%%include/htp/bstr_builder.h
 %%NO_HTP_PORT%%include/htp/htp.h
 %%NO_HTP_PORT%%include/htp/htp_base64.h
 %%NO_HTP_PORT%%include/htp/htp_config.h
 %%NO_HTP_PORT%%include/htp/htp_connection_parser.h
 %%NO_HTP_PORT%%include/htp/htp_core.h
 %%NO_HTP_PORT%%include/htp/htp_decompressors.h
 %%NO_HTP_PORT%%include/htp/htp_hooks.h
 %%NO_HTP_PORT%%include/htp/htp_list.h
 %%NO_HTP_PORT%%include/htp/htp_multipart.h
 %%NO_HTP_PORT%%include/htp/htp_table.h
 %%NO_HTP_PORT%%include/htp/htp_transaction.h
 %%NO_HTP_PORT%%include/htp/htp_urlencoded.h
 %%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h
 %%NO_HTP_PORT%%include/htp/htp_version.h
-%%NO_HTP_PORT%%lib/libhtp-0.5.23.so.1
-%%NO_HTP_PORT%%lib/libhtp-0.5.23.so.1.0.0
+%%NO_HTP_PORT%%lib/libhtp-0.5.24.so.1
+%%NO_HTP_PORT%%lib/libhtp-0.5.24.so.1.0.0
 %%NO_HTP_PORT%%lib/libhtp.a
 %%NO_HTP_PORT%%lib/libhtp.so
 %%NO_HTP_PORT%%libdata/pkgconfig/htp.pc
 %%NO_HTP_PORT%%@dir include/htp
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc-0.9-py%%PYTHON_VER%%.egg-info
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.py
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.pyc
 @sample %%ETCDIR%%/suricata.yaml.sample
 @sample %%ETCDIR%%/classification.config.sample
 @sample %%ETCDIR%%/reference.config.sample
 @sample %%ETCDIR%%/threshold.config.sample
 %%ETCDIR%%/rules/app-layer-events.rules
 %%ETCDIR%%/rules/decoder-events.rules
 %%ETCDIR%%/rules/dns-events.rules
 %%ETCDIR%%/rules/files.rules
 %%ETCDIR%%/rules/http-events.rules
 %%ETCDIR%%/rules/modbus-events.rules
 %%ETCDIR%%/rules/smtp-events.rules
 %%ETCDIR%%/rules/stream-events.rules
 %%ETCDIR%%/rules/tls-events.rules
 @dir etc/suricata/rules
 @dir etc/suricata
 @dir(root,wheel,0700) /var/log/suricata
 @postunexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove configuration files."; fi
 @dir %%DOCSDIR%%