net-analyzer/iplog/files/2.2.3-DLT_LINUX_SSL.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

--- a/src/iplog_options.c
+++ b/src/iplog_options.c
@@ -440,58 +440,58 @@
 
 static void print_help(void) {
 	mysyslog(
-"Usage: " PACKAGE " [options] (\"*\" Denotes enabled by default)
---user      or -u <user|UID>     Run as specified the user or UID.
---group     or -g <group|GID>    Run with specified the group or GID.
---logfile   or -l <file>         Log to <file>.
---pid-file  <file>               Use <file> as the pid file.
---ignore    or -d                Ignore DNS traffic from nameservers listed in
-                                 /etc/resolv.conf.
---interface or -i <if0,...,ifN>  Listen on the specified interface(s).
---promisc   or -a <network>      Log traffic to all hosts on <network>.
---kill      or -k                Kill iplog, if it is running.
---restart   or -R                Restart iplog, if it is running.
---no-fork   or -o                Run in the foreground.
---stdout    or -L                Log to stdout.
---help      or -h                This help screen.
---version   or -v                Print version information and exit.
-
---facility <facility>            Use the specified syslog facility.
---priority <priority>            Use the specified syslog priority.
-
---tcp[=true|false|toggle]                      %cLog TCP traffic.
---udp[=true|false|toggle]                      %cLog UDP traffic.
---icmp[=true|false|toggle]                     %cLog ICMP traffic.
-
---log-ip[=true|false|toggle]            or -w  %cLog IP along with hostname.
---log-dest[=true|false|toggle]          or -D  %cLog the destination of traffic.
---dns-cache[=true|false|toggle]         or -c  %cUse the built-in DNS cache.
---get-ident[=true|false|toggle]         or -e  %cGet ident info on connections
-                                                to listening ports.
-
---tcp-resolve[=true|false|toggle]       or -T  %cResolve IPs of TCP traffic.
---udp-resolve[=true|false|toggle]       or -U  %cResolve IPs of UDP traffic.
---icmp-resolve[=true|false|toggle]      or -I  %cResolve IPs of ICMP traffic.
---disable-resolver                      or -N  %cDo not resolve any IPs.
-
---verbose[=true|false|toggle]           or -V  %cBe verbose.
---fool-nmap[=true|false|toggle]         or -z  %cFool nmap's OS detection.
---scans-only[=true|false|toggle]        or -m  %cOnly log scans.
---detect-syn-flood[=true|false|toggle]  or -s  %cStop resolving IPs if a
-                                                SYN flood is detected.
-
---log-frag[=true|false|toggle]          or -y  %cLog fragment attacks.
---log-traceroute[=true|false|toggle]    or -t  %cLog traceroutes.
---log-ping-flood[=true|false|toggle]    or -P  %cLog ICMP ping floods.
---log-smurf[=true|false|toggle]         or -S  %cLog smurf attacks.
---log-bogus[=true|false|toggle]         or -b  %cLog bogus TCP flags.
---log-portscan[=true|false|toggle]      or -p  %cLog port scans.
---log-udp-scan[=true|false|toggle]      or -F  %cLog UDP scans/floods.
---log-fin-scan[=true|false|toggle]      or -f  %cLog FIN scans.
---log-syn-scan[=true|false|toggle]      or -q  %cLog SYN scans.
---log-xmas-scan[=true|false|toggle]     or -x  %cLog Xmas scans.
---log-null-scan[=true|false|toggle]     or -n  %cLog null scans.",
-IS_DEFAULT(LOG_TCP),	IS_DEFAULT(LOG_UDP),	IS_DEFAULT(LOG_ICMP),
+"Usage: %s [options] (\"*\" Denotes enabled by default)\n"
+"--user      or -u <user|UID>     Run as specified the user or UID.\n"
+"--group     or -g <group|GID>    Run with specified the group or GID.\n"
+"--logfile   or -l <file>         Log to <file>.\n"
+"--pid-file  <file>               Use <file> as the pid file.\n"
+"--ignore    or -d                Ignore DNS traffic from nameservers listed in\n"
+"                                 /etc/resolv.conf.\n"
+"--interface or -i <if0,...,ifN>  Listen on the specified interface(s).\n"
+"--promisc   or -a <network>      Log traffic to all hosts on <network>.\n"
+"--kill      or -k                Kill iplog, if it is running.\n"
+"--restart   or -R                Restart iplog, if it is running.\n"
+"--no-fork   or -o                Run in the foreground.\n"
+"--stdout    or -L                Log to stdout.\n"
+"--help      or -h                This help screen.\n"
+"--version   or -v                Print version information and exit.\n"
+"\n"
+"--facility <facility>            Use the specified syslog facility.\n"
+"--priority <priority>            Use the specified syslog priority.\n"
+"\n"
+"--tcp[=true|false|toggle]                      %cLog TCP traffic.\n"
+"--udp[=true|false|toggle]                      %cLog UDP traffic.\n"
+"--icmp[=true|false|toggle]                     %cLog ICMP traffic.\n"
+"\n"
+"--log-ip[=true|false|toggle]            or -w  %cLog IP along with hostname.\n"
+"--log-dest[=true|false|toggle]          or -D  %cLog the destination of traffic.\n"
+"--dns-cache[=true|false|toggle]         or -c  %cUse the built-in DNS cache.\n"
+"--get-ident[=true|false|toggle]         or -e  %cGet ident info on connections\n"
+"                                                to listening ports.\n"
+"\n"
+"--tcp-resolve[=true|false|toggle]       or -T  %cResolve IPs of TCP traffic.\n"
+"--udp-resolve[=true|false|toggle]       or -U  %cResolve IPs of UDP traffic.\n"
+"--icmp-resolve[=true|false|toggle]      or -I  %cResolve IPs of ICMP traffic.\n"
+"--disable-resolver                      or -N  %cDo not resolve any IPs.\n"
+"\n"
+"--verbose[=true|false|toggle]           or -V  %cBe verbose.\n"
+"--fool-nmap[=true|false|toggle]         or -z  %cFool nmap's OS detection.\n"
+"--scans-only[=true|false|toggle]        or -m  %cOnly log scans.\n"
+"--detect-syn-flood[=true|false|toggle]  or -s  %cStop resolving IPs if a\n"
+"                                                SYN flood is detected.\n"
+"\n"
+"--log-frag[=true|false|toggle]          or -y  %cLog fragment attacks.\n"
+"--log-traceroute[=true|false|toggle]    or -t  %cLog traceroutes.\n"
+"--log-ping-flood[=true|false|toggle]    or -P  %cLog ICMP ping floods.\n"
+"--log-smurf[=true|false|toggle]         or -S  %cLog smurf attacks.\n"
+"--log-bogus[=true|false|toggle]         or -b  %cLog bogus TCP flags.\n"
+"--log-portscan[=true|false|toggle]      or -p  %cLog port scans.\n"
+"--log-udp-scan[=true|false|toggle]      or -F  %cLog UDP scans/floods.\n"
+"--log-fin-scan[=true|false|toggle]      or -f  %cLog FIN scans.\n"
+"--log-syn-scan[=true|false|toggle]      or -q  %cLog SYN scans.\n"
+"--log-xmas-scan[=true|false|toggle]     or -x  %cLog Xmas scans.\n"
+"--log-null-scan[=true|false|toggle]     or -n  %cLog null scans.",
+PACKAGE, IS_DEFAULT(LOG_TCP),	IS_DEFAULT(LOG_UDP),	IS_DEFAULT(LOG_ICMP),
 IS_DEFAULT(LOG_IP),		IS_DEFAULT(LOG_DEST),	IS_DEFAULT(DNS_CACHE),
 IS_DEFAULT(GET_IDENT),	IS_DEFAULT(TCP_RES),	IS_DEFAULT(UDP_RES),
 IS_DEFAULT(ICMP_RES),	IS_DEFAULT(NO_RESOLV),	IS_DEFAULT(VERBOSE),
--- a/src/iplog_pcap.c
+++ b/src/iplog_pcap.c
@@ -189,8 +189,16 @@
 		case DLT_PPP_BSDOS:
 			dlt = 24;
 			break;
-		case DLT_SLIP:
-			dlt = 16;
+#ifdef DLT_FDDI
+	        case DLT_FDDI:
+	                dlt = 21;
+	                break;
+#endif
+	        case DLT_SLIP:
+#ifdef DLT_LINUX_SLL
+	        case DLT_LINUX_SLL:
+#endif
+	                dlt = 16;
 			break;
 		case DLT_PPP:
 		case DLT_NULL: