- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
- my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
-
- if($iface eq $red_interface) {
- if($srcaddr ne '') {
- my $ccode = $gi->country_code_by_name($srcaddr);
- if( $ccode eq '') {
- $ccode = 'unknown';
- }
- $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
- if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
- $linesjc++;
- }
- }
- else {
- if($iface ne '') {
- $tabjc{$iface} = $tabjc{$iface} + 1 ;
- if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
- $linesjc++;
- }
- }
+ # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
+ my $packet = $4;
+ my $iface = '';
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ if ( $1 =~ /2./ ) { $iface=''; }
+ my $srcaddr = '';
+ # Find ipv4 and ipv6 addresses
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1; }
+ elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1; }
+
+ if($iface eq $red_interface) {
+ # Traffic from red
+ if($srcaddr ne '') {
+ # srcaddr is set
+ my $ccode = &GeoIP::lookup($srcaddr);
+ if ($ccode eq '') {
+ $ccode = 'unknown';
+ }
+ $tabjc{$ccode} = $tabjc{$ccode} + 1;
+ if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+ $linesjc++;
+ }
+ }
+ else {
+ # Traffic not from red
+ if($iface ne '') {
+ $tabjc{$iface} = $tabjc{$iface} + 1 ;
+ if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
+ $linesjc++;
+ }
+ else {
+ # What to do with empty iface lines?
+ # This probably is traffic from ipfire itself (IN= OUT=XY)?
+ }
+ }