Some code tweaks to get it to compile on Debian Wheezy.

Added debian startup script.

AUTHORS

@@ -1 +1,2 @@
 Ryan McCabe <[email protected]>
+Nathan Gibbs [email protected]

ChangeLog

@@ -1,3 +1,12 @@
+06-17-2013
+	Released as version 2.2.4
+	Some code tweaks to get it to compile on debian Wheezy.
+	Added debian startup script
+
+05-16-2013
+	New project lead.
+	Nathan Gibbs [email protected]
+
 Wed Jan 03 14:06:11 EST 2001    Ryan McCabe <[email protected]>
 
     * Released as version 2.2.3.

NEWS

@@ -1,3 +1,8 @@
+CHANGES IN IPLOG 2.2.4
+----------------------
+* Code tweaks to allow compilation on debian wheezy.
+* Included debian specific init script.
+
 CHANGES IN IPLOG 2.2.3
 ----------------------
 * Bug fixes.

README

@@ -1,4 +1,5 @@
-iplog 2.2.3 by Ryan McCabe <[email protected]>
+iplog 2.2.4 by Ryan McCabe <[email protected]>
+Continued by Nathan Gibbs [email protected]
 ------------------------------------------
 
 iplog is a TCP/IP traffic logger.  Currently, it is capable of logging 
@@ -71,15 +72,3 @@ GNU make can be found at ftp.gnu.org:/pub/gnu/make
 
 Any contributions (testing, comments, bug reports, ports, enhancements,
 etc) are greatly appreciated.
-
-
-
-
-
-
-
-
-
-
-
-$Id: README,v 1.20 2001/01/01 19:42:54 odin Exp $

TODO

@@ -29,8 +29,5 @@ Other Stuff
     - I want to port iplog to more platforms.  If you'd like to do this
       or provide access so I can do this, I'd be awfully grateful.
 
-
-
-
-
-$Id: TODO,v 1.13 2001/01/01 19:42:54 odin Exp $
+Nathan's TODO
+	1. Clean up the format of the log messages

configure

@@ -705,7 +705,7 @@ fi
 
 PACKAGE=$PACKAGE
 
-VERSION=2.2.3
+VERSION=2.2.4
 
 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
   { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }

iplog.init

@@ -0,0 +1,160 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          iplog
+# Required-Start:    $network $syslog
+# Required-Stop:     $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPLog Service
+# Description:       IP Logging Service
+### END INIT INFO
+
+# Author: NPG <[email protected]>
+
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="IP Logging Service"
+NAME=iplog
+DAEMON=/usr/local/sbin/$NAME
+DAEMON_ARGS=""
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+
+#
+# Configuration is in /etc/iplog.conf
+#
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		$DAEMON_ARGS \
+		|| return 2
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+	#
+	# If the daemon can reload its configuration without
+	# restarting (for example, when it is sent a SIGHUP),
+	# then implement that here.
+	#
+	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+	return 0
+}
+
+case "$1" in
+  start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  status)
+	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+	;;
+  #reload|force-reload)
+	#
+	# If do_reload() is not implemented then leave this commented out
+	# and leave 'force-reload' as an alias for 'restart'.
+	#
+	#log_daemon_msg "Reloading $DESC" "$NAME"
+	#do_reload
+	#log_end_msg $?
+	#;;
+  restart|force-reload)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+		# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:

src/iplog_options.c

@@ -440,57 +440,57 @@ void check_options(void) {
 
 static void print_help(void) {
 	mysyslog(
-"Usage: " PACKAGE " [options] (\"*\" Denotes enabled by default)
---user      or -u <user|UID>     Run as specified the user or UID.
---group     or -g <group|GID>    Run with specified the group or GID.
---logfile   or -l <file>         Log to <file>.
---pid-file  <file>               Use <file> as the pid file.
---ignore    or -d                Ignore DNS traffic from nameservers listed in
-                                 /etc/resolv.conf.
---interface or -i <if0,...,ifN>  Listen on the specified interface(s).
---promisc   or -a <network>      Log traffic to all hosts on <network>.
---kill      or -k                Kill iplog, if it is running.
---restart   or -R                Restart iplog, if it is running.
---no-fork   or -o                Run in the foreground.
---stdout    or -L                Log to stdout.
---help      or -h                This help screen.
---version   or -v                Print version information and exit.
-
---facility <facility>            Use the specified syslog facility.
---priority <priority>            Use the specified syslog priority.
-
---tcp[=true|false|toggle]                      %cLog TCP traffic.
---udp[=true|false|toggle]                      %cLog UDP traffic.
---icmp[=true|false|toggle]                     %cLog ICMP traffic.
-
---log-ip[=true|false|toggle]            or -w  %cLog IP along with hostname.
---log-dest[=true|false|toggle]          or -D  %cLog the destination of traffic.
---dns-cache[=true|false|toggle]         or -c  %cUse the built-in DNS cache.
---get-ident[=true|false|toggle]         or -e  %cGet ident info on connections
-                                                to listening ports.
-
---tcp-resolve[=true|false|toggle]       or -T  %cResolve IPs of TCP traffic.
---udp-resolve[=true|false|toggle]       or -U  %cResolve IPs of UDP traffic.
---icmp-resolve[=true|false|toggle]      or -I  %cResolve IPs of ICMP traffic.
---disable-resolver                      or -N  %cDo not resolve any IPs.
-
---verbose[=true|false|toggle]           or -V  %cBe verbose.
---fool-nmap[=true|false|toggle]         or -z  %cFool nmap's OS detection.
---scans-only[=true|false|toggle]        or -m  %cOnly log scans.
---detect-syn-flood[=true|false|toggle]  or -s  %cStop resolving IPs if a
-                                                SYN flood is detected.
-
---log-frag[=true|false|toggle]          or -y  %cLog fragment attacks.
---log-traceroute[=true|false|toggle]    or -t  %cLog traceroutes.
---log-ping-flood[=true|false|toggle]    or -P  %cLog ICMP ping floods.
---log-smurf[=true|false|toggle]         or -S  %cLog smurf attacks.
---log-bogus[=true|false|toggle]         or -b  %cLog bogus TCP flags.
---log-portscan[=true|false|toggle]      or -p  %cLog port scans.
---log-udp-scan[=true|false|toggle]      or -F  %cLog UDP scans/floods.
---log-fin-scan[=true|false|toggle]      or -f  %cLog FIN scans.
---log-syn-scan[=true|false|toggle]      or -q  %cLog SYN scans.
---log-xmas-scan[=true|false|toggle]     or -x  %cLog Xmas scans.
---log-null-scan[=true|false|toggle]     or -n  %cLog null scans.",
+"Usage: " PACKAGE " [options] (\"*\" Denotes enabled by default)\n"
+"--user      or -u <user|UID>     Run as specified the user or UID.\n"
+"--group     or -g <group|GID>    Run with specified the group or GID.\n"
+"--logfile   or -l <file>         Log to <file>.\n"
+"--pid-file  <file>               Use <file> as the pid file.\n"
+"--ignore    or -d                Ignore DNS traffic from nameservers listed in\n"
+"                                 /etc/resolv.conf.\n"
+"--interface or -i <if0,...,ifN>  Listen on the specified interface(s).\n"
+"--promisc   or -a <network>      Log traffic to all hosts on <network>.\n"
+"--kill      or -k                Kill iplog, if it is running.\n"
+"--restart   or -R                Restart iplog, if it is running.\n"
+"--no-fork   or -o                Run in the foreground.\n"
+"--stdout    or -L                Log to stdout.\n"
+"--help      or -h                This help screen.\n"
+"--version   or -v                Print version information and exit.\n"
+"\n"
+"--facility <facility>            Use the specified syslog facility.\n"
+"--priority <priority>            Use the specified syslog priority.\n"
+"\n"
+"--tcp[=true|false|toggle]                      %cLog TCP traffic.\n"
+"--udp[=true|false|toggle]                      %cLog UDP traffic.\n"
+"--icmp[=true|false|toggle]                     %cLog ICMP traffic.\n"
+"\n"
+"--log-ip[=true|false|toggle]            or -w  %cLog IP along with hostname.\n"
+"--log-dest[=true|false|toggle]          or -D  %cLog the destination of traffic.\n"
+"--dns-cache[=true|false|toggle]         or -c  %cUse the built-in DNS cache.\n"
+"--get-ident[=true|false|toggle]         or -e  %cGet ident info on connections\n"
+"                                                to listening ports.\n"
+"\n"
+"--tcp-resolve[=true|false|toggle]       or -T  %cResolve IPs of TCP traffic.\n"
+"--udp-resolve[=true|false|toggle]       or -U  %cResolve IPs of UDP traffic.\n"
+"--icmp-resolve[=true|false|toggle]      or -I  %cResolve IPs of ICMP traffic.\n"
+"--disable-resolver                      or -N  %cDo not resolve any IPs.\n"
+"\n"
+"--verbose[=true|false|toggle]           or -V  %cBe verbose.\n"
+"--fool-nmap[=true|false|toggle]         or -z  %cFool nmap's OS detection.\n"
+"--scans-only[=true|false|toggle]        or -m  %cOnly log scans.\n"
+"--detect-syn-flood[=true|false|toggle]  or -s  %cStop resolving IPs if a\n"
+"                                                SYN flood is detected.\n"
+"\n"
+"--log-frag[=true|false|toggle]          or -y  %cLog fragment attacks.\n"
+"--log-traceroute[=true|false|toggle]    or -t  %cLog traceroutes.\n"
+"--log-ping-flood[=true|false|toggle]    or -P  %cLog ICMP ping floods.\n"
+"--log-smurf[=true|false|toggle]         or -S  %cLog smurf attacks.\n"
+"--log-bogus[=true|false|toggle]         or -b  %cLog bogus TCP flags.\n"
+"--log-portscan[=true|false|toggle]      or -p  %cLog port scans.\n"
+"--log-udp-scan[=true|false|toggle]      or -F  %cLog UDP scans/floods.\n"
+"--log-fin-scan[=true|false|toggle]      or -f  %cLog FIN scans.\n"
+"--log-syn-scan[=true|false|toggle]      or -q  %cLog SYN scans.\n"
+"--log-xmas-scan[=true|false|toggle]     or -x  %cLog Xmas scans.\n"
+"--log-null-scan[=true|false|toggle]     or -n  %cLog null scans.",
 IS_DEFAULT(LOG_TCP),	IS_DEFAULT(LOG_UDP),	IS_DEFAULT(LOG_ICMP),
 IS_DEFAULT(LOG_IP),		IS_DEFAULT(LOG_DEST),	IS_DEFAULT(DNS_CACHE),
 IS_DEFAULT(GET_IDENT),	IS_DEFAULT(TCP_RES),	IS_DEFAULT(UDP_RES),

src/iplog_options.h

@@ -60,8 +60,8 @@ extern u_int32_t flags;
 #define ANY_SCAN \
 (PORTSCAN | NULL_SCAN | FIN_SCAN | XMAS_SCAN | UDP_SCAN | PING_FLOOD | SMURF)
 
-#define AUTHORS "Ryan McCabe <[email protected]> "
-#define WEBPAGE "http://ojnk.sourceforge.net"
+#define AUTHORS "Ryan McCabe <[email protected]> & Nathan Gibbs ([email protected])"
+#define WEBPAGE "http://www.cmpublishers.com/oss"
 
 int get_facility(const u_char *new_facility);
 int get_priority(const u_char *new_priority);

src/iplog_tcp.c

@@ -144,9 +144,7 @@ int tcp_parser(const struct ip *ip) {
 
 		ret = sendto(raw_sock, (char *) xip,
 				sizeof(struct ip) + sizeof(struct tcphdr), 0,
-#if !defined(__GLIBC__) || (__GLIBC__ < 2)
 				(struct sockaddr *)
-#endif
 				&fn_sin,
 				sizeof(struct sockaddr_in));