diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat
index 5a584d60d..42c9612e5 100644
--- a/html/cgi-bin/logs.cgi/firewalllog.dat
+++ b/html/cgi-bin/logs.cgi/firewalllog.dat
@@ -328,7 +328,10 @@ END
$lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information
+ # otherwise use IN=
+ if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $day = $1;
$day =~ tr / /0/;
my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ;
@@ -336,9 +339,12 @@ foreach $_ (@log)
my $packet = $4;
my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport);
- $iface=$1 if $packet =~ /IN=(\w+)/;
- $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/;
- $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/;
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1}
+ # Identify whether ipv4 or ipv6. Both are mutally exclusive.
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1 }
+ if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1 }
+ if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1 }
+ if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1 }
$macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/;
$proto=$1 if $packet =~ /PROTO=(\w+)/;
$srcport=$1 if $packet =~ /SPT=(\d+)/;
diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
index f998a6201..2661ddd01 100644
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -261,7 +261,6 @@ if( $cgiparams{'pienumber'} != 0){$pienumber=$cgiparams{'pienumber'};}
if( $cgiparams{'otherspie'} != 0){$otherspie=$cgiparams{'otherspie'};}
if( $cgiparams{'showpie'} != 0){$showpie=$cgiparams{'showpie'};}
if( $cgiparams{'sortcolumn'} != 0){$sortcolumn=$cgiparams{'sortcolumn'};}
-
print <
@@ -294,15 +293,24 @@ $lines = 0;
foreach $_ (@log)
{
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN for iface, otherwise IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ if ( $1 =~ /2./ ) { $iface=''; }
+ my $srcaddr = '';
+ # Find ipv4 and ipv6 addresses
+ if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr = $1 }
+ elsif ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr = $1 }
if($iface eq $red_interface) {
+ # Traffic from red
if($srcaddr ne '') {
+ # srcaddr is set
my $ccode = $gi->country_code_by_name($srcaddr);
- if( $ccode eq '') {
+ if ($ccode eq '') {
$ccode = 'unknown';
}
$tabjc{$ccode} = $tabjc{$ccode} + 1 ;
@@ -311,11 +319,16 @@ foreach $_ (@log)
}
}
else {
+ # Traffic not from red
if($iface ne '') {
$tabjc{$iface} = $tabjc{$iface} + 1 ;
if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
}
+ else {
+ # What to do with empty iface lines?
+ # This probably is traffic from ipfire itself (IN= OUT=XY)?
+ }
}
}
@@ -423,7 +436,6 @@ if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) {
print "
";
print "";
}
-
print <
@@ -448,10 +460,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
$color++;
print "
";
@@ -466,8 +476,11 @@ for($s=0;$s<$lines;$s++)
print"";
print"";
}
-
- if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') {
+ elsif ($key[$s] eq 'unknown') {
+ print "unknown";
+ }
+ # Looks dangerous to use hardcoded interface names here. Probably needs fixing.
+ if ($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0' ) {
print "| $key[$s] | ";
}
else {
@@ -489,10 +502,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "
";
diff --git a/html/cgi-bin/logs.cgi/firewalllogip.dat b/html/cgi-bin/logs.cgi/firewalllogip.dat
index 7d82d20e7..6fc34223e 100644
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -291,7 +291,8 @@ if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber =
$lines = 0;
foreach $_ (@log)
{
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Extract ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
$tabjc{$1} = $tabjc{$1} + 1 ;
if(($tabjc{$1} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; }
$linesjc++;
@@ -428,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "
";
@@ -459,10 +458,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "
";
diff --git a/html/cgi-bin/logs.cgi/firewalllogport.dat b/html/cgi-bin/logs.cgi/firewalllogport.dat
index 5b0db6231..583c1b3d3 100644
--- a/html/cgi-bin/logs.cgi/firewalllogport.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogport.dat
@@ -429,10 +429,8 @@ for($s=0;$s<$lines;$s++)
$percent = $value[$s] * 100 / $linesjc;
$percent = sprintf("%.f", $percent);
$total = $total + $value[$s];
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "
";
@@ -446,10 +444,8 @@ for($s=0;$s<$lines;$s++)
if($cgiparams{'otherspie'} == 2 ){}
else{
- my $colorIndex = $color % 10;
- if($colorIndex == 0) {
- $colorIndex = 10;
- }
+ # colors are numbered 1 to 10
+ my $colorIndex = ($color % 10) + 1;
$col="bgcolor='$color{\"color$colorIndex\"}'";
print "
";
diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
index 5283c426b..0784ab941 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat
@@ -158,23 +158,35 @@ if (!$skip)
{
while ()
{
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- my $packet = $2;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ # First check whether valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ # If ipv6 uses bridge, then use PHYSIN otherwise use IN
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(PHYSIN=.*)$/) {}
+ elsif (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {}
+ my $packet = $2;
+ my $iface = '';
+ my $srcaddr = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1
+ };
if($iface eq $country) {
+ # iface matches country code
$log[$lines] = $_;
$lines++;
}
elsif($srcaddr ne '') {
+ # or srcaddr matches country code
my $ccode = $gi->country_code_by_name($srcaddr);
if($ccode eq $country){
$log[$lines] = $_;
$lines++;
}
}
- }
+ }
}
close (FILE);
}
@@ -194,16 +206,28 @@ if ($multifile) {
}
if (!$skip) {
while () {
- if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- my $srcaddr=$1;
- my $ccode = $gi->country_code_by_name($srcaddr);
- if($ccode eq $country){
+ # Check if valid log line (date, day)
+ if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
+ my $iface = '';
+ # If ipv6 uses bridge, then use PHYSIN otherwise IN
+ if ($_ =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($_ =~ /IN=(\w+)/) { $iface = $1 }
+
+ if($iface eq $country) {
+ # iface matches country code
+ $log[$lines] = $_;
+ $lines++;
+ }
+ # extract ipv4 and ipv6 address
+ elsif (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ my $srcaddr=$1;
+ my $ccode = $gi->country_code_by_name($srcaddr);
+ if($ccode eq $country){
+ # or srcaddr matches country code
$log[$lines] = $_;
$lines++;
+ }
}
- }
- }
+ }
}
close (FILE);
}
@@ -308,32 +332,45 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif (/^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {};
my $packet = $4;
- $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";}
- $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1;
+ my $iface = '';
+ # If ipv6 uses bridge, use PHYSIN otherwise use IN
+ if ($packet =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($packet =~ /IN=(\w+)/) { $iface = $1 }
+ if ( $1 =~ /2./ ){ $iface="";}
+ my $srcaddr = '';
+ # Extract ipv4 and ipv6 addresses
+ if (($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ $srcaddr = $1
+ };
if($iface eq $country || $srcaddr ne '') {
- my $ccode;
+ my $ccode='';
if($iface ne $country) {
$ccode = $gi->country_code_by_name($srcaddr);
}
if($iface eq $country || $ccode eq $country) {
- my $chain = '';
+ my $chain = '';
my $in = '-'; my $out = '-';
my $srcaddr = ''; my $dstaddr = '';
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
+ # Extract ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromip.dat b/html/cgi-bin/logs.cgi/showrequestfromip.dat
index 09a60b519..94e795c6d 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromip.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromip.dat
@@ -155,7 +155,7 @@ if (!$skip)
while ()
{
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
$log[$lines] = $_;
$lines++;
@@ -182,12 +182,12 @@ if ($multifile) {
if (!$skip) {
while () {
if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) {
- if($_ =~ /SRC\=([\d\.]+)/){
- if($1 eq $ip){
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
+ if($1 eq $ip){
$log[$lines] = $_;
$lines++;
- }
- }
+ }
+ }
}
}
close (FILE);
@@ -293,7 +293,8 @@ $lines = 0;
foreach $_ (@slice)
{
$a = $_;
- if($_ =~ /SRC\=([\d\.]+)/){
+ # Check whether valid ipv4 or ipv6 address
+ if (($_ =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($_ =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) {
if($1 eq $ip){
my $chain = '';
my $in = '-'; my $out = '-';
@@ -301,15 +302,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN=(\w+)/) { $iface = $1 } elsif ($a =~ /IN=(\w+)/) { $iface = $1 }
+ if ($a =~ /PHYSOUT=(\w+)/) { $out = $1 } elsif ($a =~ /OUT=(\w+)/) { $out = $1 }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }
diff --git a/html/cgi-bin/logs.cgi/showrequestfromport.dat b/html/cgi-bin/logs.cgi/showrequestfromport.dat
index ad9823cde..af7779a87 100644
--- a/html/cgi-bin/logs.cgi/showrequestfromport.dat
+++ b/html/cgi-bin/logs.cgi/showrequestfromport.dat
@@ -307,15 +307,19 @@ foreach $_ (@slice)
my $protostr = '';
my $srcport = ''; my $dstport = '';
- $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/;
+ # If ipv6 uses bridge, the use PHYSIN, otherwise use IN
+ if ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(PHYSIN=.*)$/) {}
+ elsif ($_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) {}
my $timestamp = $1; my $chain = $2; my $packet = $3;
$timestamp =~ /(...) (..) (..:..:..)/;
my $month = $1; my $day = $2; my $time = $3; my $iface;
- if ($a =~ /IN\=(\w+)/) { $iface = $1; }
- if ($a =~ /OUT\=(\w+)/) { $out = $1; }
- if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; }
- if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; }
+ # If ipv6 uses bridge, the use PHYSIN and PHYSOUT, otherwise use IN and OUT
+ if ($a =~ /PHYSIN\=(\w+)/) { $iface = $1; } elsif ($a =~ /IN\=(\w+)/) { $iface = $1; }
+ if ($a =~ /PHYSOUT\=(\w+)/) { $out = $1; } elsif ($a =~ /OUT\=(\w+)/) { $out = $1; }
+ # Detect ipv4 and ipv6 addresses
+ if (($a =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $srcaddr = $1; }
+ if (($a =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) or ($a =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/)) { $dstaddr = $1; }
if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; }
my $protostrlc = lc($protostr);
if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; }