- my $comment = $3;
- my $packet = $4;
-
- $packet =~ /IN=(\w+)/; my $iface=$1;
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
- $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1;
- $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
- $packet =~ /PROTO=(\w+)/; my $proto=$1;
- $packet =~ /SPT=(\d+)/; my $srcport=$1;
- $packet =~ /DPT=(\d+)/; my $dstport=$1;
-
- my $gi = Geo::IP::PurePerl->new();
- my $ccode = $gi->country_code_by_name($srcaddr);
- my $fcode = lc($ccode);
+ my $chain = $3;
+
+ my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ # Identify whether ipv4 or ipv6. Both are mutally exclusive.
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; }
+ if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; }
+ if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; }
+ if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; }
+ $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
+ $proto=$1 if $packet =~ /PROTO=(\w+)/;
+ $srcport=$1 if $packet =~ /SPT=(\d+)/;
+ $dstport=$1 if $packet =~ /DPT=(\d+)/;
+
+ # Get the country code.
+ my $ccode = &Location::Functions::lookup_country_code($srcaddr);