Transition from GeoIP Legacy to MaxMindDB.

MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.

Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.

Migrate the preferences and documentation to MaxMindDB.

Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.

Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
pespin/amr
Gerald Combs 2018-02-08 17:20:26 -08:00
parent b2d3680558
commit a1da75c554
55 changed files with 1539 additions and 1518 deletions

View File

@ -923,6 +923,11 @@ if(BUILD_wireshark)
endif()
endif()
# MaxMind DB address resolution
if(BUILD_mmdbresolve)
set(PACKAGELIST ${PACKAGELIST} MaxMindDB)
endif()
# SMI SNMP
if(ENABLE_SMI)
set(PACKAGELIST ${PACKAGELIST} SMI)
@ -991,11 +996,6 @@ if(ENABLE_LUA)
set(PACKAGELIST ${PACKAGELIST} LUA)
endif()
# GeoIP address resolving
if(ENABLE_GEOIP)
set(PACKAGELIST ${PACKAGELIST} GEOIP)
endif()
if(ENABLE_NETLINK)
set(PACKAGELIST ${PACKAGELIST} NL)
endif()
@ -1117,8 +1117,8 @@ endif()
if(HAVE_LIBKERBEROS)
set(HAVE_KERBEROS 1)
endif()
if(HAVE_LIBGEOIP)
set(HAVE_GEOIP 1)
if(MAXMINDDB_FOUND)
set(HAVE_MAXMINDDB 1)
endif()
if(LIBSSH_FOUND)
set(HAVE_LIBSSH 1)
@ -1648,6 +1648,10 @@ set(INSTALL_FILES
${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
)
if(MAXMINDDB_FOUND)
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
endif()
if (BUILD_corbaidl2wrs)
list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
endif()
@ -2919,6 +2923,20 @@ if(BUILD_randpktdump)
add_dependencies(extcaps randpktdump)
endif()
if (MAXMINDDB_FOUND)
set(mmdbresolve_LIBS
# Note: libmaxminddb is not GPL-2 compatible.
${MAXMINDDB_LIBRARY}
)
set(mmdbresolve_FILES
mmdbresolve.c
)
add_executable(mmdbresolve ${mmdbresolve_FILES})
set_extra_executable_properties(mmdbresolve "Executables")
target_link_libraries(mmdbresolve ${mmdbresolve_LIBS})
install(TARGETS mmdbresolve RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
endif()
if(ENABLE_APPLICATION_BUNDLE)
add_custom_target(app_bundle)
set_target_properties(app_bundle PROPERTIES FOLDER "Copy Tasks")
@ -2990,7 +3008,7 @@ set(CLEAN_C_FILES
${androiddump_FILES}
${sshdump_FILES}
${ciscodump_FILES}
${udpdump_FILES}
${mmdbresolve_FILES}
)
# Make sure we don't pass /WX to rc.exe. Rc doesn't have a /WX flag,

View File

@ -24,6 +24,7 @@ option(BUILD_randpktdump "Build randpktdump" ON)
option(BUILD_udpdump "Build udpdump" ON)
option(BUILD_sharkd "Build sharkd" ON)
option(BUILD_fuzzshark "Build fuzzshark" ON)
option(BUILD_mmdbresolve "Build MaxMind DB resolver" ON)
option(DISABLE_WERROR "Do not treat warnings as errors" OFF)
option(DISABLE_FRAME_LARGER_THAN_WARNING "Disable warning if the size of a function frame is large" OFF)
@ -67,7 +68,6 @@ option(ENABLE_NGHTTP2 "Build with HTTP/2 header decompression support" ON)
option(ENABLE_LUA "Build with Lua dissector support" ON)
option(ENABLE_SMI "Build with libsmi snmp support" ON)
option(ENABLE_GNUTLS "Build with GNU TLS support" ON)
option(ENABLE_GEOIP "Build with GeoIP support" ON)
if(WIN32)
option(ENABLE_WINSPARKLE "Enable WinSparkle support" ON)
endif()

View File

@ -43,7 +43,7 @@ bin_PROGRAMS = \
@randpkt_bin@ \
@dumpcap_bin@ \
@reordercap_bin@ \
@rawshark_bin@ \
@mmdbresolve_bin@ \
@sharkd_bin@
noinst_PROGRAMS = \
@ -52,7 +52,7 @@ noinst_PROGRAMS = \
EXTRA_PROGRAMS = wireshark-gtk wireshark tshark tfshark capinfos captype \
editcap mergecap dftest randpkt text2pcap dumpcap reordercap \
rawshark sharkd fuzzshark
mmdbresolve rawshark sharkd fuzzshark
#
# Wireshark configuration files are put in $(pkgdatadir).
@ -531,6 +531,11 @@ rawshark_LDADD = \
@PCAP_LIBS@ \
${EPAN_EXTRA_LIBS}
mmdbresolve_SOURCES = mmdbresolve.c
mmdbresolve_CPPFLAGS = $(AM_CPPFLAGS)
mmdbresolve_LDFLAGS = $(AM_LDFLAGS)
mmdbresolve_LDADD = @MAXMINDDB_LIBS@
sharkd_SOURCES = \
$(SHARK_COMMON_SRC) \
sharkd.c \

View File

@ -149,13 +149,6 @@ Newer versions don't have this problem, but still fail to build on Lion
if a universal build is attempted. The tools/macos-setup.sh script
downloads a newer version, and also suppresses the universal build.
GeoIP - Their man pages "helpfully" have an ISO 8859-1 copyright symbol
in the copyright notice, but macOS's default character encoding is
UTF-8. sed on Mountain Lion barfs at the "illegal character sequence"
represented by an ISO 8859-1 copyright symbol, as it's not a valid UTF-8
sequence. The tools/macos-setup.sh script uses iconv to convert the man
page files from ISO 8859-1 to UTF-8.
If you want to build Wireshark installer packages on a system that
doesn't include Xcode 3.x or earlier, you will need to install some
additional tools. From the Xcode menu, select the Open Developer Tool

View File

@ -1162,36 +1162,24 @@ AC_DEFUN([AC_WIRESHARK_KRB5_CHECK],
])
#
# AC_WIRESHARK_GEOIP_CHECK
# AC_WIRESHARK_MAXMINDDB_CHECK
#
AC_DEFUN([AC_WIRESHARK_GEOIP_CHECK],
AC_DEFUN([AC_WIRESHARK_MAXMINDDB_CHECK],
[
want_geoip=defaultyes
want_maxminddb=defaultyes
if test "x$want_geoip" = "xdefaultyes"; then
want_geoip=yes
if test "x$want_maxminddb" = "xdefaultyes"; then
want_maxminddb=yes
fi
if test "x$want_geoip" = "xyes"; then
AC_CHECK_LIB(GeoIP, GeoIP_new,
if test "x$want_maxminddb" = "xyes"; then
AC_CHECK_LIB(maxminddb, MMDB_open,
[
GEOIP_LIBS=-lGeoIP
AC_DEFINE(HAVE_GEOIP, 1, [Define to use GeoIP library])
have_good_geoip=yes
MAXMINDDB_LIBS=-lmaxminddb
AC_DEFINE(HAVE_MAXMINDDB, 1, [Define to use MaxMind DB library])
have_good_maxminddb=yes
],,
)
if test "x$have_good_geoip" = "xyes"; then
AC_CHECK_LIB(GeoIP, GeoIP_country_name_by_ipnum_v6,
[
AC_DEFINE(HAVE_GEOIP_V6, 1, [Define if GeoIP supports IPv6 (GeoIP 1.4.5 and later)])
],,
)
AC_CHECK_LIB(GeoIP, GeoIP_free,
[
AC_DEFINE(HAVE_GEOIP_FREE, 1, [Define if GeoIP has GeoIP_free])
],,
)
fi
else
AC_MSG_RESULT(not required)
fi

View File

@ -1,74 +0,0 @@
#
# - Find GeoIP
# Find the native GEOIP includes and library
#
# GEOIP_INCLUDE_DIRS - where to find GeoIP.h, etc.
# GEOIP_LIBRARIES - List of libraries when using GeoIP.
# GEOIP_FOUND - True if GeoIP found.
# GEOIP_DLL_DIR - (Windows) Path to the GeoIP DLL.
# GEOIP_DLL - (Windows) Name of the GeoIP DLL.
IF (GEOIP_INCLUDE_DIRS)
# Already in cache, be silent
SET(GEOIP_FIND_QUIETLY TRUE)
ENDIF (GEOIP_INCLUDE_DIRS)
INCLUDE(FindWSWinLibs)
FindWSWinLibs("GeoIP-.*" "GEOIP_HINTS")
IF (NOT WIN32)
find_package(PkgConfig)
pkg_search_module(GEOIP geoip)
endif()
FIND_PATH(GEOIP_INCLUDE_DIR GeoIP.h
HINTS
"${GEOIP_INCLUDEDIR}"
"${GEOIP_HINTS}/include"
)
SET(GEOIP_NAMES GeoIP libGeoIP-1)
FIND_LIBRARY(GEOIP_LIBRARY NAMES ${GEOIP_NAMES}
HINTS
"${GEOIP_LIBDIR}"
"${GEOIP_HINTS}/lib"
)
# handle the QUIETLY and REQUIRED arguments and set GEOIP_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GEOIP DEFAULT_MSG GEOIP_LIBRARY GEOIP_INCLUDE_DIR)
IF(GEOIP_FOUND)
INCLUDE(CMakePushCheckState)
CMAKE_PUSH_CHECK_STATE()
SET(GEOIP_LIBRARIES ${GEOIP_LIBRARY} )
SET(GEOIP_INCLUDE_DIRS ${GEOIP_INCLUDE_DIR} )
INCLUDE(CheckFunctionExists)
SET(CMAKE_REQUIRED_INCLUDES ${GEOIP_INCLUDE_DIRS})
SET(CMAKE_REQUIRED_LIBRARIES ${GEOIP_LIBRARIES})
CHECK_FUNCTION_EXISTS("GeoIP_country_name_by_ipnum_v6" HAVE_GEOIP_V6)
CHECK_FUNCTION_EXISTS("GeoIP_free" HAVE_GEOIP_FREE)
CMAKE_POP_CHECK_STATE()
if (WIN32)
set ( GEOIP_DLL_DIR "${GEOIP_HINTS}/bin"
CACHE PATH "Path to the GeoIP DLL"
)
file( GLOB _geoip_dll RELATIVE "${GEOIP_DLL_DIR}"
"${GEOIP_DLL_DIR}/libGeoIP-*.dll"
)
set ( GEOIP_DLL ${_geoip_dll}
# We're storing filenames only. Should we use STRING instead?
CACHE FILEPATH "GeoIP DLL file name"
)
mark_as_advanced( GEOIP_DLL_DIR GEOIP_DLL )
endif()
ELSE(GEOIP_FOUND)
SET(GEOIP_LIBRARIES )
SET(GEOIP_INCLUDE_DIRS )
SET(GEOIP_DLL_DIR )
SET(GEOIP_DLL )
ENDIF(GEOIP_FOUND)
MARK_AS_ADVANCED( GEOIP_LIBRARIES GEOIP_INCLUDE_DIRS )

View File

@ -0,0 +1,74 @@
#
# - Try to find libmaxminddb.
# Once done this will define
# MAXMINDDB_FOUND - System has libmaxminddb
# MAXMINDDB_INCLUDE_DIRS - The libmaxminddb include directories
# MAXMINDDB_LIBRARIES - The libraries needed to use libmaxminddb
# MAXMINDDB_DEFINITIONS - Compiler switches required for using libmaxminddb
# MAXMINDDB_DLL_DIR - (Windows) Path to the MaxMindDB DLL.
# MAXMINDDB_DLL - (Windows) Name of the MaxMindDB DLL.
IF (MAXMINDDB_INCLUDE_DIRS)
# Already in cache, be silent
SET(MAXMINDDB_FIND_QUIETLY TRUE)
ENDIF (MAXMINDDB_INCLUDE_DIRS)
INCLUDE(FindWSWinLibs)
FindWSWinLibs("MaxMindDB-.*" "MAXMINDDB_HINTS")
IF (NOT WIN32)
find_package(PkgConfig)
pkg_check_modules(PC_LIBMAXMINDDB QUIET libmaxminddb)
set(MAXMINDDB_DEFINITIONS ${PC_LIBMAXMINDDB_CFLAGS_OTHER})
endif()
FIND_PATH(MAXMINDDB_INCLUDE_DIR maxminddb.h
HINTS
${PC_LIBMAXMINDDB_INCLUDEDIR} ${PC_LIBMAXMINDDB_INCLUDE_DIRS}
PATH_SUFFIXES maxminddb
)
find_library(MAXMINDDB_LIBRARY
NAMES
maxminddb libmaxminddb
HINTS
${PC_LIBMAXMINDDB_LIBDIR} ${PC_LIBMAXMINDDB_LIBRARY_DIRS}
"${MAXMINDDB_HINTS}/lib"
)
include(FindPackageHandleStandardArgs)
# handle the QUIETLY and REQUIRED arguments and set MAXMINDDB_FOUND to TRUE
# if all listed variables are TRUE
find_package_handle_standard_args(MaxMindDB DEFAULT_MSG
MAXMINDDB_LIBRARY MAXMINDDB_INCLUDE_DIR)
IF(MAXMINDDB_FOUND)
INCLUDE(CMakePushCheckState)
CMAKE_PUSH_CHECK_STATE()
SET(MAXMINDDB_LIBRARIES ${MAXMINDDB_LIBRARY} )
SET(MAXMINDDB_INCLUDE_DIRS ${MAXMINDDB_INCLUDE_DIR} )
INCLUDE(CheckFunctionExists)
SET(CMAKE_REQUIRED_INCLUDES ${MAXMINDDB_INCLUDE_DIRS})
SET(CMAKE_REQUIRED_LIBRARIES ${MAXMINDDB_LIBRARIES})
CMAKE_POP_CHECK_STATE()
if (WIN32)
set ( MAXMINDDB_DLL_DIR "${MAXMINDDB_HINTS}/bin"
CACHE PATH "Path to the MaxMindDB DLL"
)
file( GLOB _MAXMINDDB_dll RELATIVE "${MAXMINDDB_DLL_DIR}"
"${MAXMINDDB_DLL_DIR}/libmaxminddb*.dll"
)
set ( MAXMINDDB_DLL ${_MAXMINDDB_dll}
# We're storing filenames only. Should we use STRING instead?
CACHE FILEPATH "MaxMindDB DLL file name"
)
mark_as_advanced( MAXMINDDB_DLL_DIR MAXMINDDB_DLL )
endif()
ELSE(MAXMINDDB_FOUND)
SET(MAXMINDDB_LIBRARIES )
SET(MAXMINDDB_INCLUDE_DIRS )
SET(MAXMINDDB_DLL_DIR )
SET(MAXMINDDB_DLL )
ENDIF(MAXMINDDB_FOUND)
MARK_AS_ADVANCED( MAXMINDDB_LIBRARIES MAXMINDDB_INCLUDE_DIRS )

View File

@ -62,14 +62,8 @@
/* Define to 1 if you have the <fcntl.h> header file. */
#cmakedefine HAVE_FCNTL_H 1
/* Define to use GeoIP library */
#cmakedefine HAVE_GEOIP 1
/* Define if GeoIP supports IPv6 (GeoIP 1.4.5 and later) */
#cmakedefine HAVE_GEOIP_V6 1
/* Define if GeoIP has GeoIP_free */
#cmakedefine HAVE_GEOIP_FREE 1
/* Define to use the MaxMind DB library */
#cmakedefine HAVE_MAXMINDDB 1
/* Define to 1 if you have the <ifaddrs.h> header file. */
#cmakedefine HAVE_IFADDRS_H 1

View File

@ -2183,30 +2183,40 @@ else
fi
AC_SUBST(C_ARES_LIBS)
dnl GEOIP Check
GEOIP_LIBS=''
AC_MSG_CHECKING(whether to use the GeoIP IP address mapping library if available)
dnl MaxMind DB Check
MAXMINDDB_LIBS=''
AC_MSG_CHECKING(whether to use the MaxMind DB IP address mapping library if available)
AC_ARG_WITH(geoip,
AC_HELP_STRING( [--with-geoip@<:@=DIR@:>@],
[use GeoIP (located in directory DIR, if supplied) @<:@default=yes, if present@:>@]),
AC_ARG_WITH(maxminddb,
AC_HELP_STRING( [--with-maxminddb@<:@=DIR@:>@],
[use MaxMind DB (located in directory DIR, if supplied) @<:@default=yes, if present@:>@]),
[
if test "x$withval" = "xno"; then
want_geoip=no
want_maxminddb=no
elif test "x$withval" = "xyes"; then
want_geoip=yes
want_maxminddb=yes
elif test -d "$withval"; then
want_geoip=yes
want_maxminddb=yes
AC_WIRESHARK_ADD_DASH_L(WS_LDFLAGS, ${withval}/lib)
fi
])
if test "x$want_geoip" = "xno"; then
if test "x$want_maxminddb" = "xno"; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
AC_WIRESHARK_GEOIP_CHECK
AC_WIRESHARK_MAXMINDDB_CHECK
fi
AC_SUBST(GEOIP_LIBS)
AC_SUBST(MAXMINDDB_LIBS)
if test "x$have_good_maxminddb" = "xyes" ; then
mmdbresolve_bin="mmdbresolve\$(EXEEXT)"
mmdbresolve_man="mmdbresolve.1"
else
mmdbresolve_bin=""
mmdbresolve_man=""
fi
AC_SUBST(mmdbresolve_bin)
AC_SUBST(mmdbresolve_man)
dnl LIBSSH Check
LIBSSH=''
@ -2901,10 +2911,10 @@ else
libcap_message="no"
fi
if test "x$have_good_geoip" = "xyes" ; then
geoip_message="yes"
if test "x$have_good_maxminddb" = "xyes" ; then
maxminddb_message="yes"
else
geoip_message="no"
maxminddb_message="no"
fi
if test "x$have_good_libssh" = "xyes" ; then
@ -2969,6 +2979,7 @@ echo " Build sshdump : $enable_sshdump"
echo " Build ciscodump : $enable_ciscodump"
echo " Build randpktdump : $enable_randpktdump"
echo " Build udpdump : $enable_udpdump"
echo " Build MaxMind DB resolver : $maxminddb_message"
echo " Build User's Guide : $wsug_message"
echo ""
echo " Save files as pcapng by default : $enable_pcap_ng_default"
@ -2987,7 +2998,6 @@ echo " Use SMI MIB library : $have_libsmi"
echo " Use GNU gcrypt library : yes"
echo " Use GnuTLS library : $tls_message"
echo " Use POSIX capabilities library : $libcap_message"
echo " Use GeoIP library : $geoip_message"
echo " Use libssh library : ${libssh_message}${ssh_userauth_agent_message}"
echo " Use nl library : $libnl_message"
echo " Use SBC codec library : $have_sbc"

4
debian/control vendored
View File

@ -19,7 +19,7 @@ Build-Depends: libgtk-3-dev, lsb-release,
# enable backports-compatible libgnutls-dev
libgnutls-dev,
libgcrypt-dev, portaudio19-dev, libkrb5-dev, liblua5.2-dev, libsmi2-dev,
libgeoip-dev, dpkg-dev (>= 1.16.1~),
libmaxminddb-dev, dpkg-dev (>= 1.16.1~),
libnl-genl-3-dev [linux-any], libnl-route-3-dev [linux-any], asciidoctor,
cmake (>= 2.8.12), libsbc-dev, libnghttp2-dev, libssh-gcrypt-dev,
liblz4-dev, libsnappy-dev, libspandsp-dev, libxml2-dev
@ -198,7 +198,7 @@ Multi-Arch: foreign
Depends: ${misc:Depends}
Conflicts: wireshark-common (<< 1.4.0~rc2-1)
Replaces: wireshark-common (<< 1.4.0~rc2-1)
Recommends: geoip-database, geoip-database-extra
#Recommends: geoip-database-contrib # Only includes legacy?
Suggests: snmp-mibs-downloader
Description: network packet dissection library -- data files
The libwireshark library provides the network packet dissection services

View File

@ -1,3 +1,3 @@
usr/share/wireshark/*
etc/wireshark/init.lua
debian/geoip_db_paths /usr/share/wireshark
debian/maxmind_db_paths /usr/share/wireshark

View File

@ -699,12 +699,6 @@ libwireshark.so.0 libwireshark0 #MINVER#
gcamel_StatSRT@Base 1.9.1
gcp_cmd_type@Base 1.9.1
gcp_term_types@Base 1.9.1
geoip_db_get_paths@Base 1.9.1
geoip_db_lookup_ipv4@Base 1.9.1
geoip_db_lookup_ipv6@Base 1.9.1
geoip_db_name@Base 1.9.1
geoip_db_num_dbs@Base 1.9.1
geoip_db_type@Base 1.9.1
get_8859_1_string@Base 1.12.0~rc1
get_CDR_any@Base 1.9.1
get_CDR_boolean@Base 1.9.1
@ -902,6 +896,9 @@ libwireshark.so.0 libwireshark0 #MINVER#
make_printable_string@Base 1.9.1
manually_resolve_cleanup@Base 1.12.0~rc1
mark_frame_as_depended_upon@Base 1.9.1
maxmind_db_get_paths@Base 2.5.0
maxmind_db_lookup_ipv4@Base 2.5.0
maxmind_db_lookup_ipv6@Base 2.5.0
mbim_register_uuid_ext@Base 1.12.0~rc1
memory_usage_component_register@Base 1.12.0~rc1
memory_usage_gc@Base 1.12.0~rc1

View File

@ -57,10 +57,12 @@ else()
)
endif()
pod2manhtml(${CMAKE_CURRENT_BINARY_DIR}/wireshark 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/androiddump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/udpdump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/capinfos 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/captype 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/ciscodump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dftest 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dumpcap 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/editcap 1)
@ -70,14 +72,17 @@ pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpktdump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/rawshark 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/reordercap 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sshdump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/ciscodump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/text2pcap 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/tshark 1)
pod2manhtml(${CMAKE_CURRENT_BINARY_DIR}/wireshark 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/udpdump 1)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/extcap 4)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark-filter 4)
if(MAXMINDDB_FOUND)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mmdbresolve 1)
endif()
if (BUILD_corbaidl2wrs)
pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2wrs 1)
endif()
@ -88,10 +93,10 @@ endif()
set(MAN1_INSTALL_FILES
${CMAKE_CURRENT_BINARY_DIR}/androiddump.1
${CMAKE_CURRENT_BINARY_DIR}/udpdump.1
${CMAKE_CURRENT_BINARY_DIR}/capinfos.1
${CMAKE_CURRENT_BINARY_DIR}/captype.1
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
${CMAKE_CURRENT_BINARY_DIR}/dftest.1
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.1
${CMAKE_CURRENT_BINARY_DIR}/editcap.1
@ -101,12 +106,16 @@ set(MAN1_INSTALL_FILES
${CMAKE_CURRENT_BINARY_DIR}/rawshark.1
${CMAKE_CURRENT_BINARY_DIR}/reordercap.1
${CMAKE_CURRENT_BINARY_DIR}/sshdump.1
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.1
${CMAKE_CURRENT_BINARY_DIR}/tshark.1
${CMAKE_CURRENT_BINARY_DIR}/udpdump.1
${CMAKE_CURRENT_BINARY_DIR}/wireshark.1
)
if(MAXMINDDB_FOUND)
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.1)
endif()
if (BUILD_corbaidl2wrs)
list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.1)
endif()
@ -132,10 +141,10 @@ add_custom_target(manpages DEPENDS
set(HTML_INSTALL_FILES
${CMAKE_CURRENT_BINARY_DIR}/androiddump.html
${CMAKE_CURRENT_BINARY_DIR}/udpdump.html
${CMAKE_CURRENT_BINARY_DIR}/capinfos.html
${CMAKE_CURRENT_BINARY_DIR}/captype.html
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
${CMAKE_CURRENT_BINARY_DIR}/dftest.html
${CMAKE_CURRENT_BINARY_DIR}/dumpcap.html
${CMAKE_CURRENT_BINARY_DIR}/editcap.html
@ -146,13 +155,17 @@ set(HTML_INSTALL_FILES
${CMAKE_CURRENT_BINARY_DIR}/rawshark.html
${CMAKE_CURRENT_BINARY_DIR}/reordercap.html
${CMAKE_CURRENT_BINARY_DIR}/sshdump.html
${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
${CMAKE_CURRENT_BINARY_DIR}/text2pcap.html
${CMAKE_CURRENT_BINARY_DIR}/tshark.html
${CMAKE_CURRENT_BINARY_DIR}/wireshark.html
${CMAKE_CURRENT_BINARY_DIR}/udpdump.html
${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.html
${CMAKE_CURRENT_BINARY_DIR}/wireshark.html
)
if(MAXMINDDB_FOUND)
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.html)
endif()
if (BUILD_corbaidl2wrs)
list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.html)
endif()

View File

@ -65,7 +65,8 @@ man1_MANS = \
@ciscodump_man@ \
@sshdump_man@ \
@randpktdump_man@ \
@udpdump_man@
@udpdump_man@ \
@mmdbresolve_man@
man4_MANS = \
@extcap_man@ \
@ -81,7 +82,7 @@ pkgdata_DATA = AUTHORS-SHORT $(top_srcdir)/docbook/ws.css wireshark.html \
tshark.html wireshark-filter.html capinfos.html captype.html ciscodump.html \
editcap.html mergecap.html reordercap.html text2pcap.html dumpcap.html \
androiddump.html sshdump.html randpktdump.html rawshark.html dftest.html \
randpkt.html extcap.html udpdump.html
randpkt.html extcap.html udpdump.html mmdbresolve.html
#
# Build the short version of the authors file for the about dialog
@ -278,6 +279,13 @@ udpdump.html: udpdump.pod ../config.h $(top_srcdir)/docbook/ws.css
--noindex \
$(srcdir)/udpdump.pod > udpdump.html
mmdbresolve.html: mmdbresolve.pod ../config.h $(top_srcdir)/docbook/ws.css
$(AM_V_POD2HTML)$(POD2HTML) \
--title="mmdbresolve - The Wireshark Network Analyzer $(VERSION)" \
--css=$(POD_CSS_URL) \
--noindex \
$(srcdir)/mmdbresolve.pod > mmdbresolve.html
CLEANFILES = \
wireshark.pod \
*.1 \
@ -340,6 +348,7 @@ EXTRA_DIST = \
text2pcap.pod \
tshark.pod \
udpdump.pod \
mmdbresolve.pod \
wireshark-filter.pod \
wireshark.pod.template \
CMakeLists.txt

69
doc/mmdbresolve.pod Normal file
View File

@ -0,0 +1,69 @@
=head1 NAME
mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
=head1 SYNOPSIS
B<mmdbresolve>
S<B<-f E<lt>dbfileE<gt>>>
S<[ B<-f E<lt>dbfileE<gt>> ]>
I<...>
=head1 DESCRIPTION
B<mmdbresolve> reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
on stdout. Each input line must contain exactly one address. Output is in INI format, with a section
delimiter named after the query address followed by a set of "key: value" pairs. A comment
beginning with "# End" is appended to each section.
At startup an "[init]" section is printed that shows the status of each datbase and of mmdbresolve
itself.
=head1 OPTIONS
=over 4
=item -f
Path to a MaxMind Database file. Multiple databases may be specified.
=back
=head1 EXAMPLES
To resolve a single address:
echo 4.4.4.4 | mmdbresolve -f /usr/share/GeoIP/GeoLite2-City.mmdb
Example output:
[init]
db.0.path: /usr/share/GeoIP/GeoLite2-City.mmdb
db.0.status: OK
mmdbresolve.status: true
# End init
[4.4.4.4]
# GeoLite2-City
country.iso_code: US
country.names.en: United States
location.latitude: 37.751000
location.longitude: -97.822000
# End 4.4.4.4
=head1 SEE ALSO
wireshark(1), tshark(1)
=head1 NOTES
B<mmdbresolve> is part of the B<Wireshark> distribution. The latest version
of B<Wireshark> can be found at L<https://www.wireshark.org>.
HTML versions of the Wireshark project man pages are available at:
L<https://www.wireshark.org/docs/man-pages>.
=head1 AUTHORS
Original Author
---------------
Gerald Combs <gerald[AT]wireshark.org>

View File

@ -40,6 +40,8 @@ The following features are new (or have been significantly updated)
since version 2.5.0:
* HTTP Referer statistics are now supported.
* Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite
Legacy databases has been removed.
* The Windows packages are now built using Microsoft Visual Studio 2017.
* The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.

View File

@ -353,26 +353,19 @@ The PortAudio sources are downloaded from
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[] and compiled
locally.
[[ChLibsGeoIP]]
[[ChLibsMaxMindDB]]
=== GeoIP (optional)
=== MaxMindDB (optional)
MaxMind Inc. publishes a GeoIP database for use in open source software.
It can be used to map IP addresses to geographical locations.
MaxMind Inc. publishes a set of IP geolocation databases and related
open source libraries. They can be used to map IP addresses to
geographical locations and other information.
[[ChLibsUnixGeoIP]]
==== Unix
If this library isn't already installed or available as a
If libmaxminddb library isn't already installed or available as a
package for your platform, you can get it at
http://www.maxmind.com/app/c[].
https://github.com/maxmind/libmaxminddb[].
[[ChLibsWin32GeoIP]]
==== Win32 MSVC
We provide a package cross-compiled using MinGW32 at
We provide a package for Windows at
https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
[[ChLibsWinSparkle]]

View File

@ -746,7 +746,7 @@ Configuration files stored in the Profiles:
* ESS Category Attributes (ess_category_attributes)
(<<ChEssCategoryAttributes>>)
* GeoIP Database Paths (geoip_db_paths) (<<ChGeoIPDbPaths>>)
* MaxMind Database Paths (maxmind_db_paths) (<<ChMaxMindDbPaths>>)
* K12 Protocols (k12_protos) (<<ChK12ProtocolsSection>>)
@ -876,28 +876,35 @@ The value (Label And Cert Value) representing the Category.
Name::
The textual representation for the value.
[[ChGeoIPDbPaths]]
[[ChMaxMindDbPaths]]
=== GeoIP Database Paths
=== MaxMind Database Paths
If your copy of Wireshark supports link:http://www.maxmind.com/[MaxMinds]
GeoIP library, you can use their databases to match IP addresses to countries,
cites, autonomous system numbers, ISPs, and other bits of information. Some
databases are link:http://www.maxmind.com/download/geoip/database/[available
at no cost], while others require a licensing fee. See
link:http://www.maxmind.com/app/ip-location[the MaxMind web site] for more
information.
If your copy of Wireshark supports
link:http://www.maxmind.com/[MaxMinds] MaxMindDB library, you can use
their databases to match IP addresses to countries, cites, autonomous
system numbers, and other bits of information. Some databases are
link:https://dev.maxmind.com/geoip/geoip2/downloadable/[available at no
cost], while others require a licensing fee. See
link:http://www.maxmind.com/[the MaxMind web site] for more information.
This table is handled by an <<ChUserTable>> with the following fields.
Database pathname::
This specifies a directory containing GeoIP data files. Any files beginning with
_Geo_ and ending with _.dat_ will be automatically loaded. A total of 8 files
can be loaded.
+
The locations for your data files are up to you, but `/usr/share/GeoIP` (Linux),
`C:\GeoIP` (Windows), `C:\Program Files\Wireshark\GeoIP` (Windows) might be good
choices.
This specifies a directory containing MaxMind data files. Any files
ending with _.mmdb_ will be automatically loaded.
The locations for your data files are up to you, but `/usr/share/GeoIP`
and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`,
`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows.
[[ChGeoIPDbPaths]]
Previous versions of Wireshark supported MaxMind's original GeoIP Legacy
database format. They were configured similar to MaxMindDB files above,
except GeoIP files must begin with _Geo_ and end with _.dat_. They are
no longer supported and MaxMind stopped distributing GeoLite Legacy
databases in April 2018.
[[ChIKEv2DecryptionSection]]

View File

@ -255,11 +255,12 @@ related page can still be selected).
Each row in the list shows the statistical values for exactly one endpoint.
_Name resolution_ will be done if selected in the window and if it is active for
the specific protocol layer (MAC layer for the selected Ethernet endpoints
page). _Limit to display filter_ will only show conversations matching the
current display filter. Note that in this example we have GeoIP configured which
gives us extra geographic columns. See <<ChGeoIPDbPaths>> for more information.
_Name resolution_ will be done if selected in the window and if it is
active for the specific protocol layer (MAC layer for the selected
Ethernet endpoints page). _Limit to display filter_ will only show
conversations matching the current display filter. Note that in this
example we have MaxMind DB configured which gives us extra geographic
columns. See <<ChMaxMindDbPaths>> for more information.
The btn:[Copy] button will copy the list values to the clipboard in CSV
(Comma Separated Values) or YAML format.

View File

@ -893,9 +893,10 @@ There is a context menu (right mouse click) available. See details in
Some protocol fields have special meanings.
* *Generated fields.* Wireshark itself will generate additional protocol
information which isnt present in the captured data. This information is
enclosed in square brackets (“[” and “]”). Generated information includes
response times, TCP analysis, GeoIP information, and checksum validation.
information which isnt present in the captured data. This information
is enclosed in square brackets (“[” and “]”). Generated information
includes response times, TCP analysis, IP geolocation information, and
checksum validation.
* *Links.* If Wireshark detects a relationship to another packet in the capture
file it will generate a link to that packet. Links are underlined and

View File

@ -105,7 +105,7 @@ set(LIBWIRESHARK_PUBLIC_HEADERS
frame_data_sequence.h
funnel.h
garrayfix.h
geoip_db.h
#geoip_db.h
golay.h
guid-utils.h
iana_charsets.h
@ -117,6 +117,7 @@ set(LIBWIRESHARK_PUBLIC_HEADERS
ipv6.h
lapd_sapi.h
llcsaps.h
maxmind_db.h
media_params.h
next_tvb.h
nlpid.h
@ -208,12 +209,13 @@ set(LIBWIRESHARK_NONGENERATED_FILES
frame_data.c
frame_data_sequence.c
funnel.c
geoip_db.c
#geoip_db.c
golay.c
guid-utils.c
iana_charsets.c
in_cksum.c
ipproto.c
maxmind_db.c
media_params.c
next_tvb.c
oids.c
@ -278,8 +280,9 @@ set(epan_LIBS
wsutil
${CARES_LIBRARIES}
${GCRYPT_LIBRARIES}
${GEOIP_LIBRARIES}
#${GEOIP_LIBRARIES}
${GLIB2_LIBRARIES}
${GIO2_LIBRARIES}
${GTHREAD2_LIBRARIES}
${GNUTLS_LIBRARIES}
${KERBEROS_LIBRARIES}

View File

@ -31,8 +31,8 @@ SUBDIRS = crypt ftypes dfilter dissectors wmem $(wslua_dir)
AM_CPPFLAGS = $(INCLUDEDIRS) $(WS_CPPFLAGS) \
$(GLIB_CFLAGS) $(PCAP_CFLAGS) $(LUA_CFLAGS) $(LIBGNUTLS_CFLAGS) \
$(LIBGCRYPT_CFLAGS) $(LIBSMI_CFLAGS) $(LIBGEOIP_CFLAGS) \
$(LZ4_CFLAGS) $(KRB5_CFLAGS) $(SNAPPY_CFLAGS) $(LIBXML2_CFLAGS)
$(LIBGCRYPT_CFLAGS) $(LIBSMI_CFLAGS) $(LZ4_CFLAGS) $(KRB5_CFLAGS) \
$(SNAPPY_CFLAGS) $(LIBXML2_CFLAGS)
lib_LTLIBRARIES = libwireshark.la
@ -71,12 +71,12 @@ LIBWIRESHARK_NONGENERATED_SRC = \
frame_data.c \
frame_data_sequence.c \
funnel.c \
geoip_db.c \
golay.c \
guid-utils.c \
iana_charsets.c \
in_cksum.c \
ipproto.c \
maxmind_db.c \
media_params.c \
next_tvb.c \
oids.c \
@ -212,7 +212,6 @@ LIBWIRESHARK_INCLUDES_PUBLIC = \
frame_data_sequence.h \
funnel.h \
garrayfix.h \
geoip_db.h \
golay.h \
guid-utils.h \
iana_charsets.h \
@ -224,6 +223,7 @@ LIBWIRESHARK_INCLUDES_PUBLIC = \
ipv6.h \
lapd_sapi.h \
llcsaps.h \
maxmind_db.h \
media_params.h \
next_tvb.h \
nlpid.h \
@ -321,7 +321,6 @@ libwireshark_la_LIBADD = \
${top_builddir}/wiretap/libwiretap.la \
${top_builddir}/wsutil/libwsutil.la \
@C_ARES_LIBS@ \
@GEOIP_LIBS@ \
@KRB5_LIBS@ \
@LIBGCRYPT_LIBS@ \
@LIBGNUTLS_LIBS@ \

View File

@ -92,6 +92,7 @@
#include <epan/strutil.h>
#include <epan/to_str-int.h>
#include <epan/maxmind_db.h>
#include <epan/prefs.h>
#define ENAME_HOSTS "hosts"
@ -245,12 +246,12 @@ static void add_serv_port_cb(const guint32 port, gpointer ptr);
/* http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx#existing
* One-at-a-Time hash
*/
static guint32
guint
ipv6_oat_hash(gconstpointer key)
{
int len = 16;
const unsigned char *p = (const unsigned char *)key;
guint32 h = 0;
guint h = 0;
int i;
for ( i = 0; i < len; i++ ) {
@ -266,7 +267,7 @@ ipv6_oat_hash(gconstpointer key)
return h;
}
static gboolean
gboolean
ipv6_equal(gconstpointer v1, gconstpointer v2)
{
@ -2519,6 +2520,7 @@ host_name_lookup_process(void) {
wmem_list_frame_t* head;
new_resolved_objects = FALSE;
nro |= maxmind_db_lookup_process();
if (!async_dns_initialized)
/* c-ares not initialized. Bail out and cancel timers. */
@ -2579,6 +2581,8 @@ host_name_lookup_process(void) {
new_resolved_objects = FALSE;
nro |= maxmind_db_lookup_process();
return nro;
}

View File

@ -381,6 +381,12 @@ gboolean str_to_ip(const char *str, void *dst);
WS_DLL_PUBLIC
gboolean str_to_ip6(const char *str, void *dst);
WS_DLL_LOCAL
guint ipv6_oat_hash(gconstpointer key);
WS_DLL_LOCAL
gboolean ipv6_equal(gconstpointer v1, gconstpointer v2);
#ifdef __cplusplus
}
#endif /* __cplusplus */

View File

@ -22,7 +22,7 @@ include $(top_srcdir)/Makefile.am.inc
AM_CPPFLAGS = $(INCLUDEDIRS) -I$(top_srcdir)/epan $(WS_CPPFLAGS) \
$(GLIB_CFLAGS) $(LIBGNUTLS_CFLAGS) $(LIBGCRYPT_CFLAGS) \
$(LIBGEOIP_CFLAGS) $(KRB5_CFLAGS) $(LIBXML2_CFLAGS)
$(KRB5_CFLAGS) $(LIBXML2_CFLAGS)
include Custom.common

View File

@ -18,6 +18,7 @@
#include <epan/packet.h>
#include <epan/capture_dissectors.h>
#include <epan/addr_resolv.h>
#include <epan/maxmind_db.h>
#include <epan/ipproto.h>
#include <epan/expert.h>
#include <epan/ip_opts.h>
@ -48,11 +49,6 @@
#include "packet-mpls.h"
#include "packet-nsh.h"
#ifdef HAVE_GEOIP
#include <GeoIP.h>
#include <epan/geoip_db.h>
#endif /* HAVE_GEOIP */
void proto_register_ip(void);
void proto_reg_handoff_ip(void);
@ -76,10 +72,8 @@ static gboolean ip_tso_supported = TRUE;
/* Use heuristics to determine subdissector */
static gboolean try_heuristic_first = FALSE;
#ifdef HAVE_GEOIP
/* Look up addresses in GeoIP */
/* Look up addresses via mmdbresolve */
static gboolean ip_use_geoip = TRUE;
#endif /* HAVE_GEOIP */
/* Interpret the reserved flag as security flag (RFC 3514) */
static gboolean ip_security_flag = FALSE;
@ -204,29 +198,26 @@ static int hf_ip_cipso_doi = -1;
static int hf_ip_opt_time_stamp = -1;
static int hf_ip_opt_time_stamp_addr = -1;
#ifdef HAVE_GEOIP
static int hf_geoip_country = -1;
static int hf_geoip_city = -1;
static int hf_geoip_org = -1;
static int hf_geoip_isp = -1;
static int hf_geoip_asnum = -1;
static int hf_geoip_lat = -1;
static int hf_geoip_lon = -1;
static int hf_geoip_as_number = -1;
static int hf_geoip_as_org = -1;
static int hf_geoip_latitude = -1;
static int hf_geoip_longitude = -1;
static int hf_geoip_src_summary = -1;
static int hf_geoip_src_country = -1;
static int hf_geoip_src_city = -1;
static int hf_geoip_src_org = -1;
static int hf_geoip_src_isp = -1;
static int hf_geoip_src_asnum = -1;
static int hf_geoip_src_lat = -1;
static int hf_geoip_src_lon = -1;
static int hf_geoip_src_as_number = -1;
static int hf_geoip_src_as_org = -1;
static int hf_geoip_src_latitude = -1;
static int hf_geoip_src_longitude = -1;
static int hf_geoip_dst_summary = -1;
static int hf_geoip_dst_country = -1;
static int hf_geoip_dst_city = -1;
static int hf_geoip_dst_org = -1;
static int hf_geoip_dst_isp = -1;
static int hf_geoip_dst_asnum = -1;
static int hf_geoip_dst_lat = -1;
static int hf_geoip_dst_lon = -1;
#endif /* HAVE_GEOIP */
static int hf_geoip_dst_as_number = -1;
static int hf_geoip_dst_as_org = -1;
static int hf_geoip_dst_latitude = -1;
static int hf_geoip_dst_longitude = -1;
static gint ett_ip = -1;
static gint ett_ip_dsfield = -1;
@ -271,9 +262,7 @@ static expert_field ei_ip_bogus_ip_version = EI_INIT;
static dissector_handle_t ip_handle;
static dissector_table_t ip_option_table;
#ifdef HAVE_GEOIP
static gint ett_geoip_info = -1;
#endif /* HAVE_GEOIP */
static const fragment_items ip_frag_items = {
&ett_ip_fragment,
@ -576,110 +565,93 @@ capture_ip(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo,
return try_capture_dissector("ip.proto", pd[offset + 9], pd, offset+IPH_MIN_LEN, len, cpinfo, pseudo_header);
}
#ifdef HAVE_GEOIP
static void
add_geoip_info_entry(proto_tree *geoip_info_tree, proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
add_geoip_info_entry(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
{
guint num_dbs = geoip_db_num_dbs();
guint item_cnt = 0;
guint dbnum;
const mmdb_lookup_t *lookup = maxmind_db_lookup_ipv4(ip);
if (!lookup->found) return;
for (dbnum = 0; dbnum < num_dbs; dbnum++) {
char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
int db_type = geoip_db_type(dbnum);
int geoip_hf, geoip_local_hf;
switch (db_type) {
case GEOIP_COUNTRY_EDITION:
geoip_hf = hf_geoip_country;
geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
break;
case GEOIP_CITY_EDITION_REV0:
geoip_hf = hf_geoip_city;
geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
break;
case GEOIP_CITY_EDITION_REV1:
geoip_hf = hf_geoip_city;
geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
break;
case GEOIP_ORG_EDITION:
geoip_hf = hf_geoip_org;
geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
break;
case GEOIP_ISP_EDITION:
geoip_hf = hf_geoip_isp;
geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
break;
case GEOIP_ASNUM_EDITION:
geoip_hf = hf_geoip_asnum;
geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
break;
case WS_LAT_FAKE_EDITION:
geoip_hf = hf_geoip_lat;
geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
break;
case WS_LON_FAKE_EDITION:
geoip_hf = hf_geoip_lon;
geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
break;
default:
continue;
}
if (geoip_str) {
proto_item *item;
if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
/* Convert latitude, longitude to double. Fix bug #5077 */
item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
PROTO_ITEM_SET_GENERATED(item);
PROTO_ITEM_SET_HIDDEN(item);
} else {
item = proto_tree_add_string(geoip_info_tree, geoip_local_hf,
tvb, offset, 4, geoip_str);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(geoip_info_tree, geoip_hf,
tvb, offset, 4, geoip_str);
PROTO_ITEM_SET_GENERATED(item);
PROTO_ITEM_SET_HIDDEN(item);
}
item_cnt++;
proto_item_append_text(geoip_info_item, "%s%s",
plurality(item_cnt, "", ", "), geoip_str);
wmem_free(NULL, geoip_str);
}
wmem_strbuf_t *summary = wmem_strbuf_new(wmem_packet_scope(), "");
if (lookup->city) {
wmem_strbuf_append(summary, lookup->city);
}
if (lookup->country) {
if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
wmem_strbuf_append(summary, lookup->country);
}
if (lookup->as_number > 0) {
if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
wmem_strbuf_append_printf(summary, "ASN %u", lookup->as_number);
}
if (lookup->as_org) {
if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", ");
wmem_strbuf_append(summary, lookup->as_org);
}
if (item_cnt == 0)
proto_item_append_text(geoip_info_item, "Unknown");
int addr_offset = offset + isdst ? IPH_DST : IPH_SRC;
int dir_hf = isdst ? hf_geoip_dst_summary : hf_geoip_src_summary;
proto_item *geoip_info_item = proto_tree_add_string(tree, dir_hf, tvb, addr_offset, 4, wmem_strbuf_finalize(summary));
PROTO_ITEM_SET_GENERATED(geoip_info_item);
proto_tree *geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
proto_item *item;
if (lookup->city) {
dir_hf = isdst ? hf_geoip_dst_city : hf_geoip_src_city;
item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->city);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(geoip_info_tree, hf_geoip_city, tvb, addr_offset, 4, lookup->city);
PROTO_ITEM_SET_GENERATED(item);
}
if (lookup->country) {
dir_hf = isdst ? hf_geoip_dst_country : hf_geoip_src_country;
item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country);
PROTO_ITEM_SET_GENERATED(item);
item = proto_tree_add_string(geoip_info_tree, hf_geoip_country, tvb, addr_offset, 4, lookup->country);
PROTO_ITEM_SET_GENERATED(item);
}
if (lookup->as_number > 0) {