# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r"^((?P<mode>[^:]+):\s)?in:(?P<InputInterface>[^,]+)\s+out:(?P<OutputInterface>[^,]+),\sconnection-state:(?P<ConnectionState>[^\s]+)\s+(?:src-mac\s+(?P<SourceMacAddress>[^,]+),\s+)?proto\s+(?P<Protocol>\w+)(?:\s+\((?P<Flags>[^)]+)\))?,\s+\[?(?P<SourceAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<SourcePort>\d+))?->\[?(?P<DestinationAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<DestinationPort>\d+))?,\s(NAT\s?\[?(?P<NatSourceAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<NatSourcePort>\d+))?->\(\[?(?P<NatExternalAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<NatExternalPort>\d+))?->\[?(?P<NatInternalAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<NatInternalPort>\d+))?\),\s)?len\s+(?P<Length>\d+)"
test_str = ("srcnat: in:(unknown 0) out:fbox, connection-state:new proto UDP, 82.62.133.323:123->224.0.1.1:123, len 96\n"
"srcnat: in:Interco out:WAN, connection-state:new src-mac 00:0c:49:16:06:aa, proto UDP, 10.1.40.1:59306->8.8.4.4:53, len 82\n"
"srcnat: in:Interco out:fbox, connection-state:new src-mac 00:0c:49:16:06:aa, proto ICMP (type 128, code 0), 2a0c:c621:151::2->2a0c:c621:151::1, len 192\n"
"output: in:(unknown 0) out:Interco, connection-state:established proto ICMP (type 128, code 0), 2a0c:b641:111::1->2a0c:b641:111::2, len 16\n"
"in:freebox out:Interco, connection-state:new,dnat src-mac 20:66:cf:18:cf:15, proto TCP (SYN), 18.130.12.138:51566->10.2.70.1:443, NAT 18.130.12.138:51566->(82.66.103.223:443->10.2.70.1:443), len 60\n"
"in:Wireguard-R0 out:(unknown 0), connection-state:established proto TCP (ACK,PSH), 10.255.1.1:179->10.255.1.2:34601, len 196\n"
"in:Wireguard-R0 out:(unknown 0), connection-state:established proto TCP (ACK), 10.255.1.1:179->10.255.1.2:34601, len 52\n"
"in:Wireguard-R0 out:(unknown 0), connection-state:established proto TCP (ACK,PSH), 10.255.1.1:179->10.255.1.2:34601, len 205\n"
"in:freebox out:Interco, connection-state:new,dnat src-mac 20:66:cf:18:cf:15, proto TCP (SYN), 18.130.12.138:39888->10.2.70.1:443, NAT 18.130.12.138:39888->(82.66.103.223:443->10.2.70.1:443), len 60\n"
"in:WAN out:Interco, connection-state:established,snat src-mac 80:2d:bf:8e:31:f7, proto UDP, [2620:2d:4000:1::41]:123->[2a0c:b641:112:20:250:56ff:fea9:578d]:41270, len 56\n"
"in:WAN out:Interco, connection-state:established,snat src-mac 80:2d:bf:39:f5:47, proto TCP (SYN,ACK), [2606:4700:4700::1111]:53->[2a0c:b641:112:40:20c:29ff:fe69:e5e7]:45257, len 40\n"
"srcnat: in:Interco out:WAN, connection-state:new src-mac 00:0c:29:16:06:aa, proto TCP (SYN), 10.1.40.1:34543->8.8.8.8:53, len 60\n")
matches = re.finditer(regex, test_str, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
print ("Match {matchNum} was found at {start}-{end}: {match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group()))
for groupNum in range(0, len(match.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = match.start(groupNum), end = match.end(groupNum), group = match.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html