From fb6079dbaf63aa994d8039788d60dac48eb99986 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 25 Jan 2013 16:40:52 -0500
Subject: Try a little harder to find the protocol rather than giving up. Fixes
 #2751

---
 etc/inc/filter_log.inc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'etc/inc/filter_log.inc')

diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc
index d989fa1..974dcdf 100644
--- a/etc/inc/filter_log.inc
+++ b/etc/inc/filter_log.inc
@@ -170,7 +170,17 @@ function parse_filter_line($line) {
 		$flags = preg_split('/[, ]/', $leftovers);
 		$flent['tcpflags'] = str_replace(".", "A", substr($flags[1], 1, -1));
 	} elseif ($flent['proto'] == "Options") {
-		$flent['proto'] = "none";
+		/* Then there must be some info we missed */
+		if (!(strpos($leftovers, 'sum ok] ') === FALSE)) {
+			preg_match("/.*\ssum ok]\s(.*)\,\s.*/", $leftovers, $proto);
+		} elseif (!(strpos($line, 'sum ok] ') === FALSE)) {
+			preg_match("/.*\ssum ok]\s(.*)\,\s.*/", $line, $proto);
+		}
+		$proto = explode(" ", trim($proto[1]));
+		$flent['proto'] = rtrim($proto[0], ",");
+		/* If it's still 'Options', then just ignore it. */
+		if ($flent['proto'] == "Options")
+			$flent['proto'] = "none";
 	}
 
 	/* If there is a src, a dst, and a time, then the line should be usable/good */
-- 
cgit v1.1