From 9877d28d9e2daf49324cbf2120d00ab7169da0d3 Mon Sep 17 00:00:00 2001 From: Michael Eitelwein Date: Thu, 7 Jan 2016 14:00:01 +0100 Subject: [PATCH] Enable correct display of ipv6 entries in Firewall log pages of web UI. 3 main changes: - Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT - Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr - Match color coding of tables to pie charts (see seperate patch sent earlier) I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup. Signed-off-by: Michael Eitelwein --- --- html/cgi-bin/logs.cgi/firewalllog.dat | 14 +++- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++---- html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++-- html/cgi-bin/logs.cgi/firewalllogport.dat | 12 +-- .../logs.cgi/showrequestfromcountry.dat | 81 ++++++++++++++----- html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++--- html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-- 7 files changed, 131 insertions(+), 75 deletions(-) diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 5a584d60de..42c9612e59 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -328,7 +328,10 @@ END $lines = 0; foreach $_ (@log) { - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information + # otherwise use IN= + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $day = $1; $day =~ tr / /0/; my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; @@ -336,9 +339,12 @@ foreach $_ (@log) my $packet = $4; my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); - $iface=$1 if $packet =~ /IN=(\w+)/; - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/; - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/; + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1} + # Identify whether ipv4 or ipv6. Both are mutally exclusive. + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1 } + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1 } + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1 } + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1 } $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; $proto=$1 if $packet =~ /PROTO=(\w+)/; $srcport=$1 if $packet =~ /SPT=(\d+)/; diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat index f998a6201f..2661ddd01a 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};} if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};} if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};} - print < @@ -294,15 +293,24 @@ $lines = 0; foreach $_ (@log) { - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $packet = $4; - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + my $iface = ''; + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } + if ( $1 =~ /2./ ) { $iface=''; } + my $srcaddr = ''; + # Find ipv4 and ipv6 addresses + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1 } + elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1 } if($iface eq $red_interface) { + # Traffic from red if($srcaddr ne '') { + # srcaddr is set my $ccode = $gi->country_code_by_name($srcaddr); - if( $ccode eq '') { + if ($ccode eq '') { $ccode = 'unknown'; } $tabjc{$ccode} = $tabjc{$ccode} + 1 ; @@ -311,11 +319,16 @@ foreach $_ (@log) } } else { + # Traffic not from red if($iface ne '') { $tabjc{$iface} = $tabjc{$iface} + 1 ; if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; } + else { + # What to do with empty iface lines? + # This probably is traffic from ipfire itself (IN= OUT=XY)? + } } } @@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { print ""; print ""; } - print < @@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s]; - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; $color++; print ""; @@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++) print""; print""; } - - if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') { + elsif ($key[$s] eq 'unknown') { + print "unknown"; + } + # Looks dangerous to use hardcoded interface names here. Probably needs fixing. + if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) { print "$key[$s]"; } else { @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++) if($cgiparams{'otherspie'} == 2 ){} else{ - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; print ""; diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat index 7d82d20e72..6fc34223e1 100644 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines = 0; foreach $_ (@log) { - if($_ =~ /SRC\=([\d\.]+)/){ + # Extract ipv4 or ipv6 address + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $tabjc{$1} = $tabjc{$1} + 1 ; if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s]; - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; print ""; @@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++) if($cgiparams{'otherspie'} == 2 ){} else{ - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; print ""; diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat index 5b0db62314..583c1b3d3e 100644 --- a/html/cgi-bin/logs.cgi/firewalllogport.dat +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s]; - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; print ""; @@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++) if($cgiparams{'otherspie'} == 2 ){} else{ - my $colorIndex = $color % 10; - if($colorIndex == 0) { - $colorIndex = 10; - } + # colors are numbered 1 to 10 + my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{\"color$colorIndex\"}'"; print ""; diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index 5283c426b8..0784ab941f 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -158,23 +158,35 @@ if (!$skip) { while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - my $packet = $2; - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + # First check whether valid log line (date, day) + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + # If ipv6 uses bridge, then use PHYSIN otherwise use IN + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {} + elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {} + my $packet = $2; + my $iface = ''; + my $srcaddr = ''; + # If ipv6 uses bridge, use PHYSIN otherwise IN + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } + # Extract ipv4 and ipv6 addresses + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + $srcaddr = $1 + }; if($iface eq $country) { + # iface matches country code $log[$lines] = $_; $lines++; } elsif($srcaddr ne '') { + # or srcaddr matches country code my $ccode = $gi->country_code_by_name($srcaddr); if($ccode eq $country){ $log[$lines] = $_; $lines++; } } - } + } } close (FILE); } @@ -194,16 +206,28 @@ if ($multifile) { } if (!$skip) { while () { - if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /SRC\=([\d\.]+)/){ - my $srcaddr=$1; - my $ccode = $gi->country_code_by_name($srcaddr); - if($ccode eq $country){ + # Check if valid log line (date, day) + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + my $iface = ''; + # If ipv6 uses bridge, then use PHYSIN otherwise IN + if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($_ =~ /IN=(\w+)/) { $iface = $1 } + + if($iface eq $country) { + # iface matches country code + $log[$lines] = $_; + $lines++; + } + # extract ipv4 and ipv6 address + elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + my $srcaddr=$1; + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq $country){ + # or srcaddr matches country code $log[$lines] = $_; $lines++; + } } - } - } + } } close (FILE); } @@ -308,32 +332,45 @@ $lines = 0; foreach $_ (@slice) { $a = $_; - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses bridge, use PHYSIN otherwise use IN + if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}; my $packet = $4; - $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + my $iface = ''; + # If ipv6 uses bridge, use PHYSIN otherwise use IN + if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 } + if ( $1 =~ /2./ ){ $iface="";} + my $srcaddr = ''; + # Extract ipv4 and ipv6 addresses + if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + $srcaddr = $1 + }; if($iface eq $country || $srcaddr ne '') { - my $ccode; + my $ccode=''; if($iface ne $country) { $ccode = $gi->country_code_by_name($srcaddr); } if($iface eq $country || $ccode eq $country) { - my $chain = ''; + my $chain = ''; my $in = '-'; my $out = '-'; my $srcaddr = ''; my $dstaddr = ''; my $protostr = ''; my $srcport = ''; my $dstport = ''; - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses bridge, the use PHYSIN otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; - if ($a =~ /IN\=(\w+)/) { $iface = $1; } - if ($a =~ /OUT\=(\w+)/) { $out = $1; } - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } + # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 } + # Extract ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat index 09a60b519b..94e795c6d1 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat @@ -155,7 +155,7 @@ if (!$skip) while () { if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /SRC\=([\d\.]+)/){ + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { if($1 eq $ip){ $log[$lines] = $_; $lines++; @@ -182,12 +182,12 @@ if ($multifile) { if (!$skip) { while () { if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { - if($_ =~ /SRC\=([\d\.]+)/){ - if($1 eq $ip){ + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { + if($1 eq $ip){ $log[$lines] = $_; $lines++; - } - } + } + } } } close (FILE); @@ -293,7 +293,8 @@ $lines = 0; foreach $_ (@slice) { $a = $_; - if($_ =~ /SRC\=([\d\.]+)/){ + # Check whether valid ipv4 or ipv6 address + if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { if($1 eq $ip){ my $chain = ''; my $in = '-'; my $out = '-'; @@ -301,15 +302,19 @@ foreach $_ (@slice) my $protostr = ''; my $srcport = ''; my $dstport = ''; - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; - if ($a =~ /IN\=(\w+)/) { $iface = $1; } - if ($a =~ /OUT\=(\w+)/) { $out = $1; } - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 } + if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 } + # Detect ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat index ad9823cde7..af7779a87f 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat @@ -307,15 +307,19 @@ foreach $_ (@slice) my $protostr = ''; my $srcport = ''; my $dstport = ''; - $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses bridge, the use PHYSIN, otherwise use IN + if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {} + elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; my $iface; - if ($a =~ /IN\=(\w+)/) { $iface = $1; } - if ($a =~ /OUT\=(\w+)/) { $out = $1; } - if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } - if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } + # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT + if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; } + if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; } + # Detect ipv4 and ipv6 addresses + if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; } + if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } -- 2.39.5