Add support for the GeoIP library. Using different database files,

GeoIP can map IP addresses to Countries, Cities, AS numbers, ISPs,
etc. If any library paths are defined AND any database files are found,
corresponding columns are added to the endpoint tables in the GUI.

To do:
  - Add columns to the conversation list
  - Add GeoIP info to "-z conv,..."
  - Create a default UAT file.

svn path=/trunk/; revision=26571

3 files changed, 168 insertions, 78 deletions

diff --git a/gtk/hostlist_table.c b/gtk/hostlist_table.c
index 6ab18bc58b..45034f7e16 100644
--- a/gtk/hostlist_table.c
+++ b/gtk/hostlist_table.c
@@ -38,6 +38,9 @@
 #include <epan/to_str.h>
 #include <epan/addr_resolv.h>
 #include <epan/tap.h>
+#ifdef HAVE_GEOIP
+#include <epan/geoip.h>
+#endif
 
 #include "../simple_dialog.h"
 #include "../globals.h"
@@ -56,7 +59,6 @@
 #include "image/clist_descend.xpm"
 
 
-#define NUM_COLS 8
 #define HOST_PTR_KEY "hostlist-pointer"
 #define NB_PAGES_KEY "notebook-pages"
 
@@ -240,40 +242,37 @@ hostlist_win_destroy_cb(GtkWindow *win _U_, gpointer data)
 static gint
 hostlist_sort_column(GtkCList *clist, gconstpointer ptr1, gconstpointer ptr2)
 {
-	char *text1 = NULL;
-	char *text2 = NULL;
-	guint64 i1, i2;
-
-	const GtkCListRow *row1 = ptr1;
-	const GtkCListRow *row2 = ptr2;
-
-	text1 = GTK_CELL_TEXT (row1->cell[clist->sort_column])->text;
-	text2 = GTK_CELL_TEXT (row2->cell[clist->sort_column])->text;
-
-	switch(clist->sort_column){
-	case 0: /* Address */
-	case 1: /* (Port) */
-		return strcmp (text1, text2);
-	case 2: /* Packets */
-	case 3: /* Bytes */
-	case 4: /* Tx Packets */
-	case 5: /* Tx Bytes */
-	case 6: /* Rx Packets */
-	case 7: /* Rx Bytes */
-		sscanf(text1, "%" G_GINT64_MODIFIER "u", &i1);
-		sscanf(text2, "%" G_GINT64_MODIFIER "u", &i2);
-        /* XXX - this might cause trouble because of overflow problems */
-        /* XXX - is this correct anyway? Subtracting two unsigned values will still be an unsigned value, which will never become negative */
-		return (gint) (i1-i2);
-	}
-	g_assert_not_reached();
+    char *text1 = NULL;
+    char *text2 = NULL;
+    guint64 i1, i2;
+
+    const GtkCListRow *row1 = ptr1;
+    const GtkCListRow *row2 = ptr2;
+
+    text1 = GTK_CELL_TEXT (row1->cell[clist->sort_column])->text;
+    text2 = GTK_CELL_TEXT (row2->cell[clist->sort_column])->text;
+
+    if (clist->sort_column < 2 || clist->sort_column > 7) { /* Integers */
+        sscanf(text1, "%" G_GINT64_MODIFIER "u", &i1);
+        sscanf(text2, "%" G_GINT64_MODIFIER "u", &i2);
+        if (i1 > i2) {
+            return 1;
+        } else if (i1 < i2) {
+            return -1;
+        } else {
+            return 0;
+        }
+    } else { /* Strings */
+        return strcmp (text1, text2);
+    }
+    g_assert_not_reached();
 
-	/* Allow clist to redraw */
+    /* Allow clist to redraw */
 
-	gtk_clist_thaw(clist);
-	gtk_clist_freeze(clist);
+    gtk_clist_thaw(clist);
+    gtk_clist_freeze(clist);
 
-	return 0;
+    return 0;
 }
 
 static void
@@ -282,7 +281,7 @@ hostlist_click_column_cb(GtkCList *clist, gint column, gpointer data)
 	column_arrows *col_arrows = (column_arrows *) data;
 	int i;
 
-	for (i = 0; i < NUM_COLS; i++) {
+	for (i = 0; i < NUM_HOSTLIST_COLS; i++) {
 		gtk_widget_hide(col_arrows[i].ascend_pm);
 		gtk_widget_hide(col_arrows[i].descend_pm);
 	}
@@ -444,7 +443,7 @@ draw_hostlist_table_address(hostlist_table *hl, int hostlist_idx)
     else
         entry=get_addr_name(&hl->hosts[hostlist_idx].address);
 
-		gtk_clist_set_text(hl->table, rownum, 0, entry);
+    gtk_clist_set_text(hl->table, rownum, 0, entry);
 
     pt = hl->hosts[hostlist_idx].port_type;
     if(!hl->resolve_names) pt = PT_NONE;
@@ -583,22 +582,33 @@ copy_as_csv_cb(GtkWindow *copy_bt, gpointer data _U_)
 static gboolean
 init_hostlist_table_page(hostlist_table *hosttable, GtkWidget *vbox, gboolean hide_ports, const char *table_name, const char *tap_name, const char *filter, tap_packet_cb packet_func)
 {
-    int i;
+    guint i;
     column_arrows *col_arrows;
     GtkStyle *win_style;
     GtkWidget *column_lb;
     GString *error_string;
     char title[256];
 
-    hosttable->num_columns=NUM_COLS;
-    hosttable->default_titles[0] = "Address";
-    hosttable->default_titles[1] = "Port";
-    hosttable->default_titles[2] = "Packets";
-    hosttable->default_titles[3] = "Bytes";
-    hosttable->default_titles[4] = "Tx Packets";
-    hosttable->default_titles[5] = "Tx Bytes";
-    hosttable->default_titles[6] = "Rx Packets";
-    hosttable->default_titles[7] = "Rx Bytes";
+    hosttable->num_columns=NUM_HOSTLIST_COLS;
+    hosttable->default_titles[0]  = "Address";
+    hosttable->default_titles[1]  = "Port";
+    hosttable->default_titles[2]  = "Packets";
+    hosttable->default_titles[3]  = "Bytes";
+    hosttable->default_titles[4]  = "Tx Packets";
+    hosttable->default_titles[5]  = "Tx Bytes";
+    hosttable->default_titles[6]  = "Rx Packets";
+    hosttable->default_titles[7]  = "Rx Bytes";
+
+#ifdef HAVE_GEOIP
+    for (i = 0; i < NUM_GEOIP_COLS; i++) {
+        if (i < geoip_num_dbs()) {
+            hosttable->default_titles[NUM_BUILTIN_COLS + i]  = geoip_db_name(i);
+        } else {
+            hosttable->default_titles[NUM_BUILTIN_COLS + i]  = "";
+        }
+    }
+#endif /* HAVE_GEOIP */
+
     if (strcmp(table_name, "NCP")==0) {
         hosttable->default_titles[1] = "Connection";
     }
@@ -615,11 +625,11 @@ init_hostlist_table_page(hostlist_table *hosttable, GtkWidget *vbox, gboolean hi
     hosttable->scrolled_window=scrolled_window_new(NULL, NULL);
     gtk_box_pack_start(GTK_BOX(vbox), hosttable->scrolled_window, TRUE, TRUE, 0);
 
-    hosttable->table=(GtkCList *)gtk_clist_new(NUM_COLS);
+    hosttable->table=(GtkCList *)gtk_clist_new(NUM_HOSTLIST_COLS);
 
-    col_arrows = (column_arrows *) g_malloc(sizeof(column_arrows) * NUM_COLS);
+    col_arrows = (column_arrows *) g_malloc(sizeof(column_arrows) * NUM_HOSTLIST_COLS);
     win_style = gtk_widget_get_style(hosttable->scrolled_window);
-    for (i = 0; i < NUM_COLS; i++) {
+    for (i = 0; i < NUM_HOSTLIST_COLS; i++) {
         col_arrows[i].table = gtk_table_new(2, 2, FALSE);
         gtk_table_set_col_spacings(GTK_TABLE(col_arrows[i].table), 5);
         column_lb = gtk_label_new(hosttable->default_titles[i]);
@@ -643,7 +653,7 @@ init_hostlist_table_page(hostlist_table *hosttable, GtkWidget *vbox, gboolean hi
     gtk_clist_set_sort_column(hosttable->table, 4);
     gtk_clist_set_sort_type(hosttable->table, GTK_SORT_DESCENDING);
 
-    for (i = 0; i < NUM_COLS; i++) {
+    for (i = 0; i < NUM_HOSTLIST_COLS; i++) {
         gtk_clist_set_column_auto_resize(hosttable->table, i, TRUE);
     }
 
@@ -661,6 +671,13 @@ init_hostlist_table_page(hostlist_table *hosttable, GtkWidget *vbox, gboolean hi
         gtk_clist_set_column_visibility(hosttable->table, 1, FALSE);
     }
 
+#ifdef HAVE_GEOIP
+    /* Hide all of the GeoIP columns initially */
+    for (i = 0; i < NUM_GEOIP_COLS; i++) {
+        gtk_clist_set_column_visibility(hosttable->table, NUM_BUILTIN_COLS + i, FALSE);
+    }
+#endif /* HAVE_GEOIP */
+
     /* create popup menu for this table */
     hostlist_create_popup_menu(hosttable);
 
@@ -927,8 +944,9 @@ init_hostlist_notebook_cb(GtkWidget *w _U_, gpointer d _U_)
     while(current_table) {
         registered = current_table->data;
         page_lb = gtk_label_new("");
-        hosttable = init_hostlist_notebook_page_cb(registered->hide_ports, registered->table_name, registered->tap_name,
-            registered->filter, registered->packet_func);
+        hosttable = init_hostlist_notebook_page_cb(registered->hide_ports,
+                registered->table_name, registered->tap_name,
+                registered->filter, registered->packet_func);
         g_object_set_data(G_OBJECT(hosttable->win), HOST_PTR_KEY, hosttable);
         gtk_notebook_append_page(GTK_NOTEBOOK(nb), hosttable->win, page_lb);
         hosttable->win = win;
@@ -1057,8 +1075,12 @@ add_hostlist_table_data(hostlist_table *hl, const address *addr, guint32 port, g
 
     /* if this was a new talker we have to create a clist row for it */
     if(new_talker){
-        char *entries[NUM_COLS];
+        char *entries[NUM_HOSTLIST_COLS];
         char frames[16],bytes[16],txframes[16],txbytes[16],rxframes[16],rxbytes[16];
+#ifdef HAVE_GEOIP
+        char geoip[NUM_GEOIP_COLS][16];
+        guint i;
+#endif /* HAVE_GEOIP */
 
         /* these values will be filled by call to draw_hostlist_table_addresses() below */
         entries[0]="";
@@ -1079,6 +1101,19 @@ add_hostlist_table_data(hostlist_table *hl, const address *addr, guint32 port, g
         g_snprintf(rxbytes, 16, "%" G_GINT64_MODIFIER "u", talker->rx_bytes);
         entries[7]=rxbytes;
 
+#ifdef HAVE_GEOIP
+        /* Filled in from the GeoIP config, if any */
+        for (i = 0; i < NUM_GEOIP_COLS; i++) {
+            if (i < geoip_num_dbs() && talker->address.type == AT_IPv4) {
+                g_snprintf(geoip[i], 16, "%s", geoip_db_lookup_ipv4(i, *(guint32*)talker->address.data));
+                entries[NUM_BUILTIN_COLS + i] = geoip[i];
+                gtk_clist_set_column_visibility(hl->table, NUM_BUILTIN_COLS + i, TRUE);
+            } else {
+                entries[NUM_BUILTIN_COLS + i] = "";
+            }
+        }
+#endif /* HAVE_GEOIP */
+
         gtk_clist_insert(hl->table, talker_idx, entries);
         gtk_clist_set_row_data(hl->table, talker_idx, (gpointer)(long) talker_idx);
 
diff --git a/gtk/hostlist_table.h b/gtk/hostlist_table.h
index 561445548f..1a0e4ca644 100644
--- a/gtk/hostlist_table.h
+++ b/gtk/hostlist_table.h
@@ -7,17 +7,17 @@
  * Wireshark - Network traffic analyzer
  * By Gerald Combs <gerald@wireshark.org>
  * Copyright 1998 Gerald Combs
- * 
+ *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
  * of the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
@@ -42,6 +42,14 @@ typedef struct _hostlist_talker_t {
 	guint64 tx_bytes;       /**< number of transmitted bytes */
 } hostlist_talker_t;
 
+#define NUM_BUILTIN_COLS 8
+#ifdef HAVE_GEOIP
+# define NUM_GEOIP_COLS 8
+#else
+# define NUM_GEOIP_COLS 0
+#endif
+#define NUM_HOSTLIST_COLS (NUM_BUILTIN_COLS + NUM_GEOIP_COLS)
+
 /** Hostlist widget */
 typedef struct _hostlist_table {
 	const char          *name;              /**< the name of the table */
@@ -53,7 +61,7 @@ typedef struct _hostlist_table {
 	GtkWidget           *scrolled_window;   /**< the scrolled window */
 	GtkCList            *table;             /**< the GTK table */
 	guint32             num_columns;        /**< number of columns in the above table */
-	const char          *default_titles[8]; /**< Column headers */
+	const char          *default_titles[NUM_HOSTLIST_COLS]; /**< Column headers */
 	GtkWidget           *menu;              /**< context menu */
 	gboolean            has_ports;          /**< table has ports */
 	guint32             num_hosts;          /**< number of hosts (0 or 1) */
diff --git a/gtk/prefs_nameres.c b/gtk/prefs_nameres.c
index cc1f16529a..c52e0b5e97 100644
--- a/gtk/prefs_nameres.c
+++ b/gtk/prefs_nameres.c
@@ -45,28 +45,48 @@
 #define M_RESOLVE_KEY	"m_resolve"
 #define N_RESOLVE_KEY	"n_resolve"
 #define T_RESOLVE_KEY	"t_resolve"
+
 #if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS)
 # define C_RESOLVE_KEY	"c_resolve"
 # define RESOLVE_CONCURRENCY_KEY "resolve_concurrency"
 #endif /* HAVE_C_ARES || HAVE_GNU_ADNS */
+
 #ifdef HAVE_LIBSMI
-#define SP_RESOLVE_KEY	"sp_resolve"
-#define SM_RESOLVE_KEY	"sm_resolve"
-#endif
+# define SP_RESOLVE_KEY	"sp_resolve"
+# define SM_RESOLVE_KEY	"sm_resolve"
+#endif /* HAVE_LIBSMI */
+
+#ifdef HAVE_GEOIP
+# define GEOIP_RESOLVE_KEY "geoip_resolve"
+#endif /* HAVE_GEOIP */
+
+#define BASE_TABLE_ROWS 3
 
 #if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS)
-# ifdef HAVE_LIBSMI
-#  define RESOLV_TABLE_ROWS 7
-# else
-#  define RESOLV_TABLE_ROWS 5
-# endif
+# define ASYNC_TABLE_ROWS 2
 #else
-# ifdef HAVE_LIBSMI
-#  define RESOLV_TABLE_ROWS 5
-# else
-#  define RESOLV_TABLE_ROWS 3
-# endif
-#endif /* HAVE_C_ARES || HAVE_GNU_ADNS */
+# define ASYNC_TABLE_ROWS 0
+#endif
+
+#ifdef HAVE_LIBSMI
+# define SMI_TABLE_ROWS 2
+#else
+# define SMI_TABLE_ROWS 0
+#endif
+
+#ifdef HAVE_GEOIP
+# define GEOIP_TABLE_ROWS 1
+#else
+# define GEOIP_TABLE_ROWS 0
+#endif
+
+#define RESOLV_TABLE_ROWS (\
+	BASE_TABLE_ROWS + \
+	ASYNC_TABLE_ROWS + \
+	SMI_TABLE_ROWS + \
+	GEOIP_TABLE_ROWS \
+	)
+
 GtkWidget*
 nameres_prefs_show(void)
 {
@@ -79,10 +99,14 @@ nameres_prefs_show(void)
 	char		concur_str[10+1];
 #endif /* HAVE_C_ARES || HAVE_GNU_ADNS */
 #ifdef HAVE_LIBSMI
-	GtkWidget	*sp_resolv_cb, *sm_resolv_cb;
+	GtkWidget	*sp_resolv_bt, *sm_resolv_bt;
 	uat_t *smi_paths_uat;
 	uat_t *smi_modules_uat;
 #endif
+#ifdef HAVE_GEOIP
+	GtkWidget	*geoip_resolv_bt;
+	uat_t		*geoip_db_paths_uat;
+#endif
 	/*
 	 * XXX - it would be nice if the current setting of the resolver
 	 * flags could be different from the preference flags, so that
@@ -147,26 +171,43 @@ nameres_prefs_show(void)
 	smi_paths_uat = uat_get_table_by_name("SMI Paths");
 	if (smi_paths_uat) {
 		table_row++;
-		sp_resolv_cb = create_preference_uat(main_tb, table_row,
+		sp_resolv_bt = create_preference_uat(main_tb, table_row,
 		    "SMI (MIB and PIB) paths",
                     "Search paths for SMI (MIB and PIB) modules. You must\n"
                     "restart Wireshark for these changes to take effect.",
                     smi_paths_uat);
-		g_object_set_data(G_OBJECT(main_vb), SP_RESOLVE_KEY, sp_resolv_cb);
+		g_object_set_data(G_OBJECT(main_vb), SP_RESOLVE_KEY, sp_resolv_bt);
 	}
 
 	/* SMI modules UAT */
 	smi_modules_uat = uat_get_table_by_name("SMI Modules");
 	if (smi_modules_uat) {
 		table_row++;
-		sm_resolv_cb = create_preference_uat(main_tb, table_row,
+		sm_resolv_bt = create_preference_uat(main_tb, table_row,
 		    "SMI (MIB and PIB) modules",
                     "List of enabled SMI (MIB and PIB) modules. You must\n"
                     "restart Wireshark for these changes to take effect.",
                     smi_modules_uat);
-		g_object_set_data(G_OBJECT(main_vb), SM_RESOLVE_KEY, sm_resolv_cb);
+		g_object_set_data(G_OBJECT(main_vb), SM_RESOLVE_KEY, sm_resolv_bt);
 	}
-#endif
+#endif /* HAVE_LIBSMI */
+
+#ifdef HAVE_GEOIP
+	/* GeoIP databases http://www.maxmind.com/app/api */
+	geoip_db_paths_uat = uat_get_table_by_name("GeoIP Database Paths");
+g_warning("gdu: %p", geoip_db_paths_uat);
+	if (geoip_db_paths_uat) {
+		table_row++;
+		geoip_resolv_bt = create_preference_uat(main_tb, table_row,
+		    "GeoIP database search paths",
+		    "Paths to GeoIP address mapping databases. Database\n"
+		    "names must begin with \"Geo\" and in with \".dat\".\n"
+		    "You must restart Wireshark for these changes to take\n"
+		    "effect.",
+                    geoip_db_paths_uat);
+		g_object_set_data(G_OBJECT(main_vb), GEOIP_RESOLVE_KEY, geoip_resolv_bt);
+	}
+#endif /* HAVE_GEOIP */
 
 	/* Show 'em what we got */
 	gtk_widget_show_all(main_vb);
@@ -182,7 +223,10 @@ nameres_prefs_fetch(GtkWidget *w)
 	GtkWidget *c_resolv_cb, *resolv_concurrency_te;
 #endif /* HAVE_C_ARES || HAVE_GNU_ADNS */
 #ifdef HAVE_LIBSMI
-	GtkWidget *sp_resolv_cb, *sm_resolv_cb;
+	GtkWidget *sp_resolv_bt, *sm_resolv_bt;
+#endif
+#ifdef HAVE_GEOIP
+	GtkWidget *geoip_resolv_bt;
 #endif
 
 	m_resolv_cb = (GtkWidget *)g_object_get_data(G_OBJECT(w), M_RESOLVE_KEY);
@@ -194,8 +238,11 @@ nameres_prefs_fetch(GtkWidget *w)
 	resolv_concurrency_te = (GtkWidget *)g_object_get_data(G_OBJECT(w), RESOLVE_CONCURRENCY_KEY);
 #endif /* HAVE_C_ARES || HAVE_GNU_ADNS */
 #ifdef HAVE_LIBSMI
-	sp_resolv_cb = (GtkWidget *)g_object_get_data(G_OBJECT(w), SP_RESOLVE_KEY);
-	sm_resolv_cb = (GtkWidget *)g_object_get_data(G_OBJECT(w), SM_RESOLVE_KEY);
+	sp_resolv_bt = (GtkWidget *)g_object_get_data(G_OBJECT(w), SP_RESOLVE_KEY);
+	sm_resolv_bt = (GtkWidget *)g_object_get_data(G_OBJECT(w), SM_RESOLVE_KEY);
+#endif
+#ifdef HAVE_GEOIP
+	geoip_resolv_bt = (GtkWidget *)g_object_get_data(G_OBJECT(w), GEOIP_RESOLVE_KEY);
 #endif
 
 	prefs.name_resolve = RESOLV_NONE;