Fixes again

config.default.js

@@ -23,7 +23,7 @@ exports.MAIN = {
  * Generates a report submission to AbuseIPDB.
  * @returns {string} A formatted string report.
  */
-exports.REPORT_COMMENT = ({ timestamp, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) =>
+exports.REPORT_COMMENT = ({ date, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) =>
 	`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt || 'N/A'}/${proto?.toLowerCase() || 'N/A'}]
 Source port: ${spt || 'N/A'}
 TTL: ${ttl || 'N/A'}
@@ -34,7 +34,7 @@ This report was generated by:
 https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not delete this URL. I would be very grateful, thank you! 💙
 
 // Alternative version:
-// exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
+// exports.REPORT_COMMENT = ({ date, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
 // 	`Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`;
 
 

index.js

@@ -9,7 +9,7 @@ const parseTimestamp = require('./scripts/utils/parseTimestamp.js');
 const { reportedIPs, loadReportedIPs, saveReportedIPs, isIPReportedRecently, markIPAsReported } = require('./scripts/services/cache.js');
 const log = require('./scripts/utils/log.js');
 const axios = require('./scripts/services/axios.js');
-const serverAddress = require('./scripts/services/fetchServerIP.js');
+const { refreshServerIPs, getServerIPs } = require('./scripts/services/ipFetcher.js');
 const discordWebhooks = require('./scripts/services/discord.js');
 const config = require('./config.js');
 const { version } = require('./package.json');
@@ -33,56 +33,60 @@ const reportToAbuseIPDb = async (logData, categories, comment) => {
 	}
 };
 
-const processLogLine = async line => {
+const toNumber = (str, regex) => {
+	const parsed = str.match(regex)?.[1];
+	return parsed ? Number(parsed) : parsed;
+};
+
+const processLogLine = async (line, test = false) => {
 	if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring invalid line: ${line}`);
 
 	const logData = {
-		timestamp: parseTimestamp(line), // Log timestamp
+		date: parseTimestamp(line), // Log timestamp
 		srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, // Source IP address
 		dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, // Destination IP address
 		proto: line.match(/PROTO=(\S+)/)?.[1] || null, // Protocol (TCP, UDP, ICMP, etc.)
-		spt: line.match(/SPT=(\d+)/)?.[1] || null, // Source port
-		dpt: line.match(/DPT=(\d+)/)?.[1] || null, // Destination port
+		spt: toNumber(line, /SPT=(\d+)/), // Source port
+		dpt: toNumber(line, /DPT=(\d+)/), // Destination port
 		in: line.match(/IN=(\w+)/)?.[1] || null, // Input interface
 		out: line.match(/OUT=(\w+)/)?.[1] || null, // Output interface
 		mac: line.match(/MAC=([\w:]+)/)?.[1] || null, // MAC address
-		len: line.match(/LEN=(\d+)/)?.[1] || null, // Packet length
-		ttl: line.match(/TTL=(\d+)/)?.[1] || null, // Time to live
-		id: line.match(/ID=(\d+)/)?.[1] || null, // Packet ID
+		len: toNumber(line, /LEN=(\d+)/), // Packet length
+		ttl: toNumber(line, /TTL=(\d+)/), // Time to live
+		id: toNumber(line, /ID=(\d+)/), // Packet ID
 		tos: line.match(/TOS=(\S+)/)?.[1] || null, // Type of service
 		prec: line.match(/PREC=(\S+)/)?.[1] || null, // Precedence
 		res: line.match(/RES=(\S+)/)?.[1] || null, // Reserved bits
-		window: line.match(/WINDOW=(\d+)/)?.[1] || null, // TCP Window size
-		urgp: line.match(/URGP=(\d+)/)?.[1] || null, // Urgent pointer
+		window: toNumber(line, /WINDOW=(\d+)/), // TCP Window size
+		urgp: toNumber(line, /URGP=(\d+)/), // Urgent pointer
 		ack: !!line.includes('ACK'), // ACK flag
 		syn: !!line.includes('SYN'), // SYN flag
 	};
 
 	const { srcIp, proto, dpt } = logData;
 	if (!srcIp) {
-		return log(1, `Missing SRC in log line: ${line}`);
+		return log(1, `Missing SRC in the log line: ${line}`);
 	}
 
-	if (serverAddress().includes(srcIp)) {
-		return log(0, `Ignoring own IP address: ${srcIp}`);
-	}
-
-	const ips = serverAddress();
+	const ips = getServerIPs();
 	if (!Array.isArray(ips)) {
 		return log(1, 'For some reason, \'ips\' is not an array');
 	}
 
 	if (ips.includes(srcIp)) {
-		return log(0, `Ignoring own IP address: ${srcIp}`);
+		return log(1, `Ignoring own IP address! PROTO=${proto?.toLowerCase()} SRC=${srcIp} DPT=${dpt} ID=${logData.id}`);
 	}
 
 	// Report MUST NOT be of an attack where the source address is likely spoofed i.e. SYN floods and UDP floods.
 	// TCP connections can only be reported if they complete the three-way handshake. UDP connections cannot be reported.
-	// More: https://www.abuseipdb.com/reporting-policy
+	// Read more: https://www.abuseipdb.com/reporting-policy
 	if (proto === 'UDP') {
 		return log(0, `Skipping UDP traffic: SRC=${srcIp} DPT=${dpt}`);
 	}
 
+	// Testing
+	if (test) return logData;
+
 	if (isIPReportedRecently(srcIp)) {
 		const lastReportedTime = reportedIPs.get(srcIp);
 		const elapsedTime = Math.floor(Date.now() / 1000 - lastReportedTime);
@@ -116,6 +120,7 @@ const processLogLine = async line => {
 	log(0, `v${version} (https://github.com/sefinek/UFW-AbuseIPDB-Reporter)`);
 
 	loadReportedIPs();
+	await refreshServerIPs();
 
 	if (!fs.existsSync(UFW_LOG_FILE)) {
 		log(2, `Log file ${UFW_LOG_FILE} does not exist.`);
@@ -152,4 +157,6 @@ const processLogLine = async line => {
 	log(0, '=====================================================================');
 
 	process.send && process.send('ready');
-})();
+})();
+
+module.exports = processLogLine;

scripts

@@ -1 +1 @@
-Subproject commit d3be07cbc6e21f2420473bf97719e572fc6f9f38
+Subproject commit c550075d2dd7b115bc2ee9f19fdf89e23eec997f