diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-03-10 09:18:03 -0800 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2018-03-10 19:21:42 +0000 |
commit | 6a819d9950e41244b742073f0962e2c5a80eb735 (patch) | |
tree | d2e4c12c68b61f0dfcd13f4c788a4f6898226c8c | |
parent | 5564c222e27740166ec36f0cc1e858bcb429f68c (diff) |
MaxMindDB: Add country ISO codes.
Add and dissect country ISO codes. Prefer them when printing summary
information.
Change-Id: I3ce2bde88fa5ca2604c8bb745c42f239660252ff
Reviewed-on: https://code.wireshark.org/review/26415
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
-rw-r--r-- | epan/dissectors/packet-ip.c | 25 | ||||
-rw-r--r-- | epan/dissectors/packet-ipv6.c | 31 | ||||
-rw-r--r-- | epan/maxmind_db.c | 5 | ||||
-rw-r--r-- | epan/maxmind_db.h | 1 |
4 files changed, 59 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index 02432764f1..479ac64488 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -199,6 +199,7 @@ static int hf_ip_opt_time_stamp = -1; static int hf_ip_opt_time_stamp_addr = -1; static int hf_geoip_country = -1; +static int hf_geoip_country_iso = -1; static int hf_geoip_city = -1; static int hf_geoip_as_number = -1; static int hf_geoip_as_org = -1; @@ -206,6 +207,7 @@ static int hf_geoip_latitude = -1; static int hf_geoip_longitude = -1; static int hf_geoip_src_summary = -1; static int hf_geoip_src_country = -1; +static int hf_geoip_src_country_iso = -1; static int hf_geoip_src_city = -1; static int hf_geoip_src_as_number = -1; static int hf_geoip_src_as_org = -1; @@ -213,6 +215,7 @@ static int hf_geoip_src_latitude = -1; static int hf_geoip_src_longitude = -1; static int hf_geoip_dst_summary = -1; static int hf_geoip_dst_country = -1; +static int hf_geoip_dst_country_iso = -1; static int hf_geoip_dst_city = -1; static int hf_geoip_dst_as_number = -1; static int hf_geoip_dst_as_org = -1; @@ -575,7 +578,10 @@ add_geoip_info_entry(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 ip, i if (lookup->city) { wmem_strbuf_append(summary, lookup->city); } - if (lookup->country) { + if (lookup->country_iso) { + if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", "); + wmem_strbuf_append(summary, lookup->country_iso); + } else if (lookup->country) { if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", "); wmem_strbuf_append(summary, lookup->country); } @@ -612,6 +618,14 @@ add_geoip_info_entry(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 ip, i PROTO_ITEM_SET_GENERATED(item); } + if (lookup->country_iso) { + dir_hf = isdst ? hf_geoip_dst_country_iso : hf_geoip_src_country_iso; + item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->country_iso); + PROTO_ITEM_SET_GENERATED(item); + item = proto_tree_add_string(geoip_info_tree, hf_geoip_country_iso, tvb, addr_offset, 4, lookup->country_iso); + PROTO_ITEM_SET_GENERATED(item); + } + if (lookup->as_number > 0) { dir_hf = isdst ? hf_geoip_dst_as_number : hf_geoip_src_as_number; item = proto_tree_add_uint(geoip_info_tree, dir_hf, tvb, addr_offset, 4, lookup->as_number); @@ -2495,6 +2509,9 @@ proto_register_ip(void) { &hf_geoip_country, { "Source or Destination GeoIP Country", "ip.geoip.country", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, + { &hf_geoip_country_iso, + { "Source or Destination GeoIP ISO Two Letter Country Code", "ip.geoip.country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, { &hf_geoip_city, { "Source or Destination GeoIP City", "ip.geoip.city", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, @@ -2516,6 +2533,9 @@ proto_register_ip(void) { &hf_geoip_src_country, { "Source GeoIP Country", "ip.geoip.src_country", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, + { &hf_geoip_src_country_iso, + { "Source GeoIP ISO Two Letter Country Code", "ip.geoip.src_country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, { &hf_geoip_src_city, { "Source GeoIP City", "ip.geoip.src_city", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, @@ -2537,6 +2557,9 @@ proto_register_ip(void) { &hf_geoip_dst_country, { "Destination GeoIP Country", "ip.geoip.dst_country", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, + { &hf_geoip_dst_country_iso, + { "Destination GeoIP ISO Two Letter Country Code", "ip.geoip.dst_country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, { &hf_geoip_dst_city, { "Destination GeoIP City", "ip.geoip.dst_city", FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }}, diff --git a/epan/dissectors/packet-ipv6.c b/epan/dissectors/packet-ipv6.c index 40e11edd99..9b44774b5b 100644 --- a/epan/dissectors/packet-ipv6.c +++ b/epan/dissectors/packet-ipv6.c @@ -266,6 +266,7 @@ static int hf_ipv6_routing_srh_reserved = -1; static int hf_ipv6_routing_srh_addr = -1; static int hf_geoip_country = -1; +static int hf_geoip_country_iso = -1; static int hf_geoip_city = -1; static int hf_geoip_as_number = -1; static int hf_geoip_as_org = -1; @@ -273,6 +274,7 @@ static int hf_geoip_latitude = -1; static int hf_geoip_longitude = -1; static int hf_geoip_src_summary = -1; static int hf_geoip_src_country = -1; +static int hf_geoip_src_country_iso = -1; static int hf_geoip_src_city = -1; static int hf_geoip_src_as_number = -1; static int hf_geoip_src_as_org = -1; @@ -280,6 +282,7 @@ static int hf_geoip_src_latitude = -1; static int hf_geoip_src_longitude = -1; static int hf_geoip_dst_summary = -1; static int hf_geoip_dst_country = -1; +static int hf_geoip_dst_country_iso = -1; static int hf_geoip_dst_city = -1; static int hf_geoip_dst_as_number = -1; static int hf_geoip_dst_as_org = -1; @@ -712,7 +715,10 @@ add_geoip_info_entry(proto_tree *tree, tvbuff_t *tvb, gint offset, const ws_in6_ if (lookup->city) { wmem_strbuf_append(summary, lookup->city); } - if (lookup->country) { + if (lookup->country_iso) { + if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", "); + wmem_strbuf_append(summary, lookup->country_iso); + } else if (lookup->country) { if (wmem_strbuf_get_len(summary) > 0) wmem_strbuf_append(summary, ", "); wmem_strbuf_append(summary, lookup->country); } @@ -749,6 +755,14 @@ add_geoip_info_entry(proto_tree *tree, tvbuff_t *tvb, gint offset, const ws_in6_ PROTO_ITEM_SET_GENERATED(item); } + if (lookup->country_iso) { + dir_hf = isdst ? hf_geoip_dst_country_iso : hf_geoip_src_country_iso; + item = proto_tree_add_string(geoip_info_tree, dir_hf, tvb, addr_offset, 16, lookup->country_iso); + PROTO_ITEM_SET_GENERATED(item); + item = proto_tree_add_string(geoip_info_tree, hf_geoip_country_iso, tvb, addr_offset, 16, lookup->country_iso); + PROTO_ITEM_SET_GENERATED(item); + } + if (lookup->as_number > 0) { dir_hf = isdst ? hf_geoip_dst_as_number : hf_geoip_src_as_number; item = proto_tree_add_uint(geoip_info_tree, dir_hf, tvb, addr_offset, 16, lookup->as_number); @@ -2652,6 +2666,11 @@ proto_register_ipv6(void) FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL } }, + { &hf_geoip_country_iso, + { "Source or Destination GeoIP ISO Two Letter Country Code", "ipv6.geoip.country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, + NULL, HFILL } + }, { &hf_geoip_city, { "Source or Destination GeoIP City", "ipv6.geoip.city", FT_STRING, STR_UNICODE, NULL, 0x0, @@ -2687,6 +2706,11 @@ proto_register_ipv6(void) FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL } }, + { &hf_geoip_src_country_iso, + { "Source GeoIP ISO Two Letter Country Code", "ipv6.geoip.src_country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, + NULL, HFILL } + }, { &hf_geoip_src_city, { "Source GeoIP City", "ipv6.geoip.src_city", FT_STRING, STR_UNICODE, NULL, 0x0, @@ -2722,6 +2746,11 @@ proto_register_ipv6(void) FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL } }, + { &hf_geoip_dst_country_iso, + { "Destination GeoIP ISO Two Letter Country Code", "ipv6.geoip.dst_country_iso", + FT_STRING, STR_UNICODE, NULL, 0x0, + NULL, HFILL } + }, { &hf_geoip_dst_city, { "Destination GeoIP City", "ipv6.geoip.dst_city", FT_STRING, STR_UNICODE, NULL, 0x0, diff --git a/epan/maxmind_db.c b/epan/maxmind_db.c index 9e8b67a41d..93b5a15ce0 100644 --- a/epan/maxmind_db.c +++ b/epan/maxmind_db.c @@ -93,7 +93,7 @@ static void mmdb_resolve_stop(void); // Hopefully scanning a few lines asynchronously has less overhead than // reading in a child thread. #define RES_STATUS_ERROR "mmdbresolve.status: false" -#define RES_COUNTRY_ISO_CODE "country.iso_code" // Unused. +#define RES_COUNTRY_ISO_CODE "country.iso_code" #define RES_COUNTRY_NAMES_EN "country.names.en" #define RES_CITY_NAMES_EN "city.names.en" #define RES_ASN_ORG "autonomous_system_organization" @@ -162,6 +162,9 @@ process_mmdbr_stdout(void) { cur_addr[0] = '\0'; memset(&cur_lookup, 0, sizeof(cur_lookup)); mmdb_resolve_stop(); + } else if (val_start && g_str_has_prefix(line, RES_COUNTRY_ISO_CODE)) { + cur_lookup.found = TRUE; + cur_lookup.country_iso = chunkify_string(val_start); } else if (val_start && g_str_has_prefix(line, RES_COUNTRY_NAMES_EN)) { cur_lookup.found = TRUE; cur_lookup.country = chunkify_string(val_start); diff --git a/epan/maxmind_db.h b/epan/maxmind_db.h index 1b8e5fed0a..1c3ade02bc 100644 --- a/epan/maxmind_db.h +++ b/epan/maxmind_db.h @@ -24,6 +24,7 @@ extern "C" { typedef struct _mmdb_lookup_t { gboolean found; const char *country; + const char *country_iso; const char *city; unsigned int as_number; const char *as_org; |