Suricata

We recently had a user bump into this problem as well so I happened to find this issue. Per the request in the most recent comment for a public pcap, I've attached one that reproduces with current GA Suricata v7.0.2.

$ suricata -V
This is Suricata version 7.0.2 RELEASE

$ suricata -r linux_dlt_sll2.pcap 
i: suricata: This is Suricata version 7.0.2 RELEASE running in USER mode
E: pcap: datalink type 276 not (yet) supported in module PcapFile.
W: pcap: Failed to init pcap file linux_dlt_sll2.pcap, skipping
E: pcap: pcap file reader thread failed to initialize
i: threads: Threads created -> RX: 1 W: 12 FM: 1 FR: 1   Engine started.
i: suricata: Signal Received.  Stopping engine.

That example pcap happens to be https://github.com/zeek/zeek/blob/master/testing/btest/Traces/linux_dlt_sll2.pcap that's used in tesing the Zeek project, as they added support for this format in https://github.com/zeek/zeek/pull/2340. Perhaps adding support in Suricata could be aided by borrowing from another open source project.