- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
- my $day = $1;
- $day =~ tr / /0/;
- my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
- my $comment = $3;
- my $packet = $4;
-
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
- $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1;
- $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1;
- $packet =~ /PROTO=(\w+)/; my $proto=$1;
- $packet =~ /SPT=(\d+)/; my $srcport=$1;
- $packet =~ /DPT=(\d+)/; my $dstport=$1;
-
- my $gi = Geo::IP::PurePerl->new();
- my $ccode = $gi->country_code_by_name($srcaddr);
- my $fcode = lc($ccode);
-
- my $servi = uc(getservbyport($srcport, lc($proto)));
- if ($servi ne '' && $srcport < 1024) {
- $srcport = "$srcport($servi)"; }
- $servi = uc(getservbyport($dstport, lc($proto)));
- if ($servi ne '' && $dstport < 1024) {
- $dstport = "$dstport($servi)";}
- my @mactemp = split(/:/,$macaddr);
- $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]";
- my $col="";
- if ($lines % 2) {
- print "<tr>";
- $col="bgcolor='$color{'color20'}'"; }
- else {
- print "<tr>";
- $col="bgcolor='$color{'color22'}'"; }
- print <<END
-
- <td align='center' $col>$time</td>
- <td align='center' $col>$comment</td>
- <td align='center' $col>$iface</td>
- <td align='center' $col>$proto</td>
- <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
- <td align='center' $col>$srcport<br/>$dstport</td>
+ # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information
+ # otherwise use IN=
+ my $packet = '';
+ if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; }
+ elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; }
+ my $day = $1;
+ $day =~ tr / /0/;
+ my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
+ my $chain = $3;
+
+ my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; }
+ # Identify whether ipv4 or ipv6. Both are mutally exclusive.
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; }
+ if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; }
+ if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; }
+ if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; }
+ $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
+ $proto=$1 if $packet =~ /PROTO=(\w+)/;
+ $srcport=$1 if $packet =~ /SPT=(\d+)/;
+ $dstport=$1 if $packet =~ /DPT=(\d+)/;
+
+ my $ccode = &GeoIP::lookup($srcaddr);
+
+ my $servi = uc(getservbyport($srcport, lc($proto)));
+ if ($servi ne '' && $srcport < 1024) {
+ $srcport = "$srcport($servi)";
+ }
+ $servi = uc(getservbyport($dstport, lc($proto)));
+ if ($servi ne '' && $dstport < 1024) {
+ $dstport = "$dstport($servi)";
+ }
+ my @mactemp = split(/:/,$macaddr);
+ $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]";
+ my $col="";
+ if ($lines % 2) {
+ print "<tr>";
+ $col="bgcolor='$color{'color20'}'";
+ }
+ else {
+ print "<tr>";
+ $col="bgcolor='$color{'color22'}'";
+ }
+ print <<END
+
+ <td align='center' $col>$time</td>
+ <td align='center' $col>$chain</td>
+ <td align='center' $col>$iface</td>
+ <td align='center' $col>$proto</td>
+ <td align='center' $col><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td>
+ <td align='center' $col>$srcport<br/>$dstport</td>