Add missing ACK, other fixes

config.default.js

@@ -21,30 +21,9 @@ exports.MAIN = {
 
 /**
  * Generates a report submission to AbuseIPDB.
- * @param {Object} logData
- * @param {string|null} logData.timestamp
- * @param {string|null} logData.In
- * @param {string|null} logData.Out
- * @param {string|null} logData.srcIp
- * @param {string|null} logData.dstIp
- * @param {string|null} logData.res
- * @param {string|null} logData.tos
- * @param {string|null} logData.prec
- * @param {string|null} logData.ttl
- * @param {string|null} logData.id
- * @param {string|null} logData.proto
- * @param {string|null} logData.spt
- * @param {string|null} logData.dpt
- * @param {string|null} logData.len
- * @param {string|null} logData.urgp
- * @param {string|null} logData.mac
- * @param {string|null} logData.window
- * @param {boolean} logData.syn
- * @param {string|null} fullLog
- * @param {string|null} serverName
  * @returns {string} A formatted string report.
  */
-exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
+exports.REPORT_COMMENT = ({ timestamp, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) =>
 	`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt || 'N/A'}/${proto?.toLowerCase() || 'N/A'}]
 Source port: ${spt || 'N/A'}
 TTL: ${ttl || 'N/A'}

index.js

@@ -34,27 +34,28 @@ const reportToAbuseIPDb = async (logData, categories, comment) => {
 };
 
 const processLogLine = async line => {
-	if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring line: ${line}`);
+	if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring invalid line: ${line}`);
 
 	const logData = {
-		timestamp:    parseTimestamp(line),
+		timestamp: parseTimestamp(line), // Log timestamp
-		In:           line.match(/IN=([\d.]+)/)?.[1] || null,
+		srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, // Source IP address
-		Out:          line.match(/OUT=([\d.]+)/)?.[1] || null,
+		dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, // Destination IP address
-		srcIp:        line.match(/SRC=([\d.]+)/)?.[1] || null,
+		proto: line.match(/PROTO=(\S+)/)?.[1] || null, // Protocol (TCP, UDP, ICMP, etc.)
-		dstIp:        line.match(/DST=([\d.]+)/)?.[1] || null,
+		spt: line.match(/SPT=(\d+)/)?.[1] || null, // Source port
-		res:          line.match(/RES=(\S+)/)?.[1] || null,
+		dpt: line.match(/DPT=(\d+)/)?.[1] || null, // Destination port
-		tos:          line.match(/TOS=(\S+)/)?.[1] || null,
+		in: line.match(/IN=([\w]+)/)?.[1] || null, // Input interface
-		prec:         line.match(/PREC=(\S+)/)?.[1] || null,
+		out: line.match(/OUT=([\w]+)/)?.[1] || null, // Output interface
-		ttl:          line.match(/TTL=(\d+)/)?.[1] || null,
+		mac: line.match(/MAC=([\w:]+)/)?.[1] || null, // MAC address
-		id:           line.match(/ID=(\d+)/)?.[1] || null,
+		len: line.match(/LEN=(\d+)/)?.[1] || null, // Packet length
-		proto:        line.match(/PROTO=(\S+)/)?.[1] || null,
+		ttl: line.match(/TTL=(\d+)/)?.[1] || null, // Time to live
-		spt:          line.match(/SPT=(\d+)/)?.[1] || null,
+		id: line.match(/ID=(\d+)/)?.[1] || null, // Packet ID
-		dpt:          line.match(/DPT=(\d+)/)?.[1] || null,
+		tos: line.match(/TOS=(\S+)/)?.[1] || null, // Type of service
-		len:          line.match(/LEN=(\d+)/)?.[1] || null,
+		prec: line.match(/PREC=(\S+)/)?.[1] || null, // Precedence
-		urgp:         line.match(/URGP=(\d+)/)?.[1] || null,
+		res: line.match(/RES=(\S+)/)?.[1] || null, // Reserved bits
-		mac:          line.match(/MAC=([\w:]+)/)?.[1] || null,
+		window: line.match(/WINDOW=(\d+)/)?.[1] || null, // TCP Window size
-		window:       line.match(/WINDOW=(\d+)/)?.[1] || null,
+		urgp: line.match(/URGP=(\d+)/)?.[1] || null, // Urgent pointer
-		syn:          !!line.includes('SYN'),
+		ack: !!line.includes('ACK'), // ACK flag
+		syn: !!line.includes('SYN'), // SYN flag
 	};
 
 	const { srcIp, proto, dpt } = logData;