On 22.01.2016 19:00, Michael Eitelwein wrote:
Hi The patch itself is working on my machine without issues. If Matthias did not observe any issues as well, than I would propose to merge it into the next release. Please let me know if there is anything I have to do to get them merged. The problems of applying the patch were not further examined, as Matthias was able to apply them in the end. Also they are now available in git.ipfire.org, so they can be applied directly from there. Michael
Hi,
I just clicked through all '.dat'-files: I saw no problems.
Playing chicken: did anyone *else* test this? ;-)
Best, Matthias
P.S.: ME, while replying to "ALL", there is something weird with your email-address: it just says "michael", not "michael@eitelwein.net". I had to add your address manually from my addressbook. Bug or feature- mine or yours?
-------- Ursprüngliche Nachricht -------- Von: Michael Tremer michael.tremer@ipfire.org Datum: 22.01.2016 01:59 (GMT+01:00) An: Michael Eitelwein michael@eitelwein.net, IPFire Development List development@lists.ipfire.org Cc: Matthias Fischer matthias.fischer@ipfire.org Betreff: Re: [PATCH 1/5] Enable correct display of ipv6 entries in Firewall log pages of web UI
Hi,
did you work out what the issue was with these emails?
Best, -Michael
On Sun, 2016-01-10 at 18:34 +0100, Michael Eitelwein wrote:
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at
bridged packets, othewerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein michael@eitelwein.net
html/cgi-bin/logs.cgi/firewalllog.dat | 14 ++-- html/cgi-bin/logs.cgi/firewalllogcountry.dat | 43 ++++++++----- html/cgi-bin/logs.cgi/firewalllogip.dat | 15 ++--- html/cgi-bin/logs.cgi/firewalllogport.dat | 12 ++-- html/cgi-bin/logs.cgi/showrequestfromcountry.dat | 81 +++++++++++++++++------- html/cgi-bin/logs.cgi/showrequestfromip.dat | 27 ++++---- html/cgi-bin/logs.cgi/showrequestfromport.dat | 14 ++-- 7 files changed, 131 insertions(+), 75 deletions(-)
diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi -bin/logs.cgi/firewalllog.dat index 5a584d6..42c9612 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -328,7 +328,10 @@ END $lines = 0; foreach $_ (@log) {
/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
- # If ipv6 uses a bridge, PHYSIN= contains the relevant iface
information
- # otherwise use IN=
if ($_ =~ /^... (..) (..:..:..) [\w\-]+
kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+
kernel:(.*)(IN=.*)$/) {} my $day = $1; $day =~ tr / /0/; my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; @@ -336,9 +339,12 @@ foreach $_ (@log) my $packet = $4;
my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport,
$dstport);
$iface=$1 if $packet =~ /IN=(\w+)/;
$srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
$dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet
=~ /IN=(\w+)/) { $iface = $1}
# Identify whether ipv4 or ipv6. Both are mutally exclusive.
if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
$srcaddr=$1 }
if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
-F]{0,4})){2,7})/) { $srcaddr=$1 }
if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) {
$dstaddr=$1 }
if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA
-F]{0,4})){2,7})/) { $dstaddr=$1 } $macaddr=$1 if $packet =~ /MAC=([\w+:]+)/; $proto=$1 if $packet =~ /PROTO=(\w+)/; $srcport=$1 if $packet =~ /SPT=(\d+)/; diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi -bin/logs.cgi/firewalllogcountry.dat index f998a62..2661ddd 100644 --- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};} if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};} if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};} if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
- print <<END
</select> </td>
@@ -294,15 +293,24 @@ $lines = 0;
foreach $_ (@log) {
- /^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/;
- # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
- if (/^... (..) (..:..:..) [\w-]+ kernel:(.*)(PHYSIN=.*)$/) {}
- elsif (/^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/) {} my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
$iface="";}
- $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1;
- my $iface = '';
- if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~
/IN=(\w+)/) { $iface = $1 }
- if ( $1 =~ /2./ ) { $iface=''; }
- my $srcaddr = '';
- # Find ipv4 and ipv6 addresses
- if ($packet =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) { $srcaddr
= $1 }
- elsif ($packet =~ /SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA
-F]{0,4})){2,7})/) { $srcaddr = $1 }
if($iface eq $red_interface) {
- # Traffic from red if($srcaddr ne '') {
# srcaddr is set my $ccode = $gi->country_code_by_name($srcaddr);
if( $ccode eq '') {
if ($ccode eq '') { $ccode = 'unknown'; } $tabjc{$ccode} = $tabjc{$ccode} + 1 ;
@@ -311,11 +319,16 @@ foreach $_ (@log) } } else {
- # Traffic not from red if($iface ne '') { $tabjc{$iface} = $tabjc{$iface} + 1 ; if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines
= $lines + 1; } $linesjc++; }
- else {
# What to do with empty iface lines?
# This probably is traffic from ipfire itself (IN= OUT=XY)?
- } } }
@@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { print "<img src='/graphs/fwlog-country$imagerandom.png'>"; print "</div>"; }
- print <<END
<table width='100%' class='tbl'> <tr>
@@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; $color++; print "<tr>";
@@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++) print"<input type='hidden' name='country' value='$key[$s]'>"; print"<input type='submit' value='details'></form>"; }
- if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
'orange0') {
- elsif ($key[$s] eq 'unknown') {
print "unknown";
- }
- # Looks dangerous to use hardcoded interface names here. Probably
needs fixing.
- if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq
'orange0' ) { print "<td align='center' $col>$key[$s]</td>"; } else { @@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){} else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi -bin/logs.cgi/firewalllogip.dat index 7d82d20..6fc3422 100644 --- a/html/cgi-bin/logs.cgi/firewalllogip.dat +++ b/html/cgi-bin/logs.cgi/firewalllogip.dat @@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines = 0; foreach $_ (@log) {
- if($_ =~ /SRC=([\d.]+)/){
- # Extract ipv4 or ipv6 address
- if (($_ =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($_ =~
/SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $tabjc{$1} = $tabjc{$1} + 1 ; if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } $linesjc++; @@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";
@@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){} else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi -bin/logs.cgi/firewalllogport.dat index 5b0db62..583c1b3 100644 --- a/html/cgi-bin/logs.cgi/firewalllogport.dat +++ b/html/cgi-bin/logs.cgi/firewalllogport.dat @@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++) $percent = $value[$s] * 100 / $linesjc; $percent = sprintf("%.f", $percent); $total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";
@@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){} else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
- # colors are numbered 1 to 10
- my $colorIndex = ($color % 10) + 1; $col="bgcolor='$color{"color$colorIndex"}'"; print "<tr>";
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat index 5283c42..0784ab9 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -158,23 +158,35 @@ if (!$skip) { while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(IN=.*)$/) {
my $packet = $2;
$packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~
/2./ ){ $iface="";}
$packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
# First check whether valid log line (date, day)
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(IN=.*)$/) {
# If ipv6 uses bridge, then use PHYSIN otherwise use IN
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(PHYSIN=.*)$/) {}
elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(IN=.*)$/) {}
my $packet = $2;
my $iface = '';
my $srcaddr = '';
# If ipv6 uses bridge, use PHYSIN otherwise IN
if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
($packet =~ /IN=(\w+)/) { $iface = $1 }
# Extract ipv4 and ipv6 addresses
if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
or ($packet =~ /SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA -F]{0,4})){2,7})/)) {
$srcaddr = $1
}; if($iface eq $country) {
# iface matches country code $log[$lines] = $_; $lines++; } elsif($srcaddr ne '') {
# or srcaddr matches country code my $ccode = $gi->country_code_by_name($srcaddr); if($ccode eq $country){ $log[$lines] = $_; $lines++; } }
}
}} } close (FILE);
@@ -194,16 +206,28 @@ if ($multifile) { } if (!$skip) { while (<FILE>) {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
my $srcaddr=$1;
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
# Check if valid log line (date, day)
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+
kernel:.*(IN=.*)$/) {
my $iface = '';
# If ipv6 uses bridge, then use PHYSIN otherwise
IN
if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif
($_ =~ /IN=(\w+)/) { $iface = $1 }
if($iface eq $country) {
# iface matches country code
$log[$lines] = $_;
$lines++;
}
# extract ipv4 and ipv6 address
elsif (($_ =~
/SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($_ =~ /SRC=(([0-9a-fA -F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) {
my $srcaddr=$1;
my $ccode = $gi
->country_code_by_name($srcaddr);
if($ccode eq $country){
# or srcaddr matches country code $log[$lines] = $_; $lines++;
} }
}
}
} } close (FILE); }
@@ -308,32 +332,45 @@ $lines = 0; foreach $_ (@slice) { $a = $_;
- /^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/;
- # If ipv6 uses bridge, use PHYSIN otherwise use IN
- if (/^... (..) (..:..:..) [\w-]+ kernel:(.*)(PHYSIN=.*)$/) {}
- elsif (/^... (..) (..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/) {}; my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){
$iface="";}
- $packet =~ /SRC=([\d.]+)/; my $srcaddr=$1;
- my $iface = '';
- # If ipv6 uses bridge, use PHYSIN otherwise use IN
- if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~
/IN=(\w+)/) { $iface = $1 }
- if ( $1 =~ /2./ ){ $iface="";}
- my $srcaddr = '';
- # Extract ipv4 and ipv6 addresses
- if (($packet =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or
($packet =~ /SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) {
$srcaddr = $1
};
if($iface eq $country || $srcaddr ne '') {
- my $ccode;
- my $ccode=''; if($iface ne $country) { $ccode = $gi->country_code_by_name($srcaddr); } if($iface eq $country || $ccode eq $country) {
my $chain = '';
my $chain = ''; my $in = '-'; my $out = '-'; my $srcaddr = ''; my $dstaddr = ''; my $protostr = ''; my $srcport = ''; my $dstport = '';
$_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, the use PHYSIN otherwise use IN
if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3;
if ($a =~ /IN\=(\w+)/) { $iface = $1; }
if ($a =~ /OUT\=(\w+)/) { $out = $1; }
if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use
IN and OUT
if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
/IN=(\w+)/) { $iface = $1 }
if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
/OUT=(\w+)/) { $out = $1 }
# Extract ipv4 and ipv6 addresses
if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
/SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~
/DST=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT=([\d.]+)/){ $srcport = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi -bin/logs.cgi/showrequestfromip.dat index 09a60b5..94e795c 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromip.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat @@ -155,7 +155,7 @@ if (!$skip) while (<FILE>) { if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/)
or ($_ =~ /SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { if($1 eq $ip){ $log[$lines] = $_; $lines++; @@ -182,12 +182,12 @@ if ($multifile) { if (!$skip) { while (<FILE>) { if (/(^${monthstr} ${daystr} ..:..:..) [\w-]+ kernel:.*(IN=.*)$/) {
if($_ =~ /SRC\=([\d\.]+)/){
if($1 eq $ip){
if (($_ =~
/SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($_ =~ /SRC=(([0-9a-fA -F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){ $log[$lines] = $_; $lines++;
}
}
}
} } } close (FILE);
@@ -293,7 +293,8 @@ $lines = 0; foreach $_ (@slice) { $a = $_;
- if($_ =~ /SRC=([\d.]+)/){
- # Check whether valid ipv4 or ipv6 address
- if (($_ =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($_ =~
/SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { if($1 eq $ip){ my $chain = ''; my $in = '-'; my $out = '-'; @@ -301,15 +302,19 @@ foreach $_ (@slice) my $protostr = ''; my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/;
- # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/)
{}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
{} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT=(\w+)/) { $out = $1; }
- if ($a =~ /SRC=([\d.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST=([\d.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
use IN and OUT
if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~
/IN=(\w+)/) { $iface = $1 }
if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~
/OUT=(\w+)/) { $out = $1 }
# Detect ipv4 and ipv6 addresses
- if (($a =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($a =~
/SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
- if (($a =~ /DST=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($a =~
/DST=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT=([\d.]+)/){ $srcport = $1; } diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi -bin/logs.cgi/showrequestfromport.dat index ad9823c..af7779a 100644 --- a/html/cgi-bin/logs.cgi/showrequestfromport.dat +++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat @@ -307,15 +307,19 @@ foreach $_ (@slice) my $protostr = ''; my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w-]+ kernel:(.*)(IN=.*)$/;
# If ipv6 uses bridge, the use PHYSIN, otherwise use IN
- if ($_ =~ /(^.* ..:..:..) [\w-]+ kernel:(.*)(PHYSIN=.*)$/) {}
elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/)
{} my $timestamp = $1; my $chain = $2; my $packet = $3; $timestamp =~ /(...) (..) (..:..:..)/; my $month = $1; my $day = $2; my $time = $3; my $iface;
- if ($a =~ /IN=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT=(\w+)/) { $out = $1; }
- if ($a =~ /SRC=([\d.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST=([\d.]+)/) { $dstaddr = $1; }
# If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise
use IN and OUT
- if ($a =~ /PHYSIN=(\w+)/) { $iface = $1; } elsif ($a =~
/IN=(\w+)/) { $iface = $1; }
if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~
/OUT=(\w+)/) { $out = $1; }
- # Detect ipv4 and ipv6 addresses
- if (($a =~ /SRC=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($a =~
/SRC=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
- if (($a =~ /DST=(([\d]{1,3})(.([\d]{1,3})){3})/) or ($a =~
/DST=(([0-9a-fA-F]{0,4})(:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; } if ($a =~ /PROTO=(\w+)/) { $protostr = $1; } my $protostrlc = lc($protostr); if ($a =~ /SPT=([\d.]+)/){ $srcport = $1; }