#!/usr/bin/perl

# ipchains format
# Apr 17 12:26:21 www kernel: Packet log: input - eth0 PROTO=17 192.38.71.100:1092 224.0.1.2:5136 L=61 S=0x00 I=43105 F=0x0000 T=4 (#35)
# May 16 00:00:36 osiris kernel: Packet log: input DENY eth1 PROTO=1 130.226.0.33:8 192.168.1.2:0 L=1500 S=0x00 I=59290 F=0x4000 T=249 (#17) 

# netfilter format
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=212.54.64.170 DST=192.168.1.2 LEN=145 TOS=0x00 PREC=0x00 TTL=59 ID=25931 PROTO=UDP SPT=53 DPT=54330 LEN=125 
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=206.251.19.88 DST=192.168.1.2 LEN=84 TOS=0x00 PREC=0xC0 TTL=52 ID=11339 PROTO=ICMP TYPE=8 CODE=0 ID=11339 SEQ=256 
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=206.251.19.88 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x00 TTL=239 ID=3812 PROTO=TCP SPT=2300 DPT=53 WINDOW=2048 RES=0x00 SYN URGP=0 

my $tcpmaxport = 65536;
my $udpmaxport = 65536;

while(<STDIN>) {
    /.*Packet log:.input.*eth1.PROTO=6\s(\d+).(\d+).(\d+).(\d+):(\d+).(\d+).(\d+).(\d+).(\d+):(\d+).*/ and do {

       my $remip = "$1.$2.$3.$4";
       my $remport = $5;
       my $locip = "$6.$7.$8.$9";
       my $locport = $10;

       if ( ($locport >= $tcpmaxport) ) {
          # Ignore them
       }
       else {
          print "$remip\t$locport/tcp\n";
       }
    };
    /.*Packet log:.input.*eth1.PROTO=17\s(\d+).(\d+).(\d+).(\d+):(\d+).(\d+).(\d+).(\d+).(\d+):(\d+).*/ and do {

       my $remip = "$1.$2.$3.$4";
       my $remport = $5;
       my $locip = "$6.$7.$8.$9";
       my $locport = $10;

       if ( ($locport >= $udpmaxport) ) {
          # Ignore them
       }
       else {
          print "$remip\t$locport/udp\n";
       }
    };
    /.*Packet log:.input.*eth1.PROTO=1\s(\d+).(\d+).(\d+).(\d+):(\d+).(\d+).(\d+).(\d+).(\d+):(\d+).*/ and do {

       my $remip = "$1.$2.$3.$4";
       my $icmptype = $5;
       my $locip = "$6.$7.$8.$9";
       my $icmpcode = $10;

       if ( ($icmptype == 0) or ($icmptype == 3) or ($icmptype == 11) ) {
          # Ignore them
       }
       else {
          print "$remip\t$icmptype:$icmpcode/icmp\n";
       }
    };
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=206.251.19.88 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x00 TTL=239 ID=3812 PROTO=TCP SPT=2300 DPT=53 WINDOW=2048 RES=0x00 SYN URGP=0 
   /.*IN=eth1.OUT=.MAC=.*SRC=(\d+).(\d+).(\d+).(\d+).DST=192.168.1.2.*PROTO=TCP.SPT=(\d+).DPT=(\d+).*/ and do {

       my $remip = "$1.$2.$3.$4";
       my $remport = $5;
       my $locport = $6;

       if ( ($locport >= $tcpmaxport) ) {
          # Ignore them
       }
       else {
          print "$remip\t$locport/tcp\n";
       }
   };
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=212.54.64.170 DST=192.168.1.2 LEN=145 TOS=0x00 PREC=0x00 TTL=59 ID=25931 PROTO=UDP SPT=53 DPT=54330 LEN=125 
   /.*IN=eth1.OUT=.MAC=.*SRC=(\d+).(\d+).(\d+).(\d+).DST=192.168.1.2.*PROTO=UDP.SPT=(\d+).DPT=(\d+).*/ and do {
       my $remip = "$1.$2.$3.$4";
       my $remport = $5;
       my $locport = $6;

       if ( ($locport >= $udpmaxport) ) {
          # Ignore them
       }
       else {
          print "$remip\t$locport/udp\n";
       }
   };
# May 16 00:00:36 osiris kernel: IN=eth1 OUT= MAC=00:00:b4:c7:46:06:00:e0:d0:13:de:fb:08:00 SRC=206.251.19.88 DST=192.168.1.2 LEN=84 TOS=0x00 PREC=0xC0 TTL=52 ID=11339 PROTO=ICMP TYPE=8 CODE=0 ID=11339 SEQ=256 
   /.*IN=eth1.OUT=.MAC=.*SRC=(\d+).(\d+).(\d+).(\d+).DST=192.168.1.2.*PROTO=ICMP.TYPE=(\d+).CODE=(\d+).*/ and do {
       my $remip = "$1.$2.$3.$4";
       my $icmptype = $5;
       my $icmpcode = $6;

       if ( ($icmptype == 0) or ($icmptype == 3) or ($icmptype == 11) ) {
          # Ignore them
       }
       else {
          print "$remip\t$icmptype:$icmpcode/icmp\n";
       }
   }
}