Transition from GeoIP Legacy to MaxMindDB.

MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.

Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.

Migrate the preferences and documentation to MaxMindDB.

Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.

Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

5 files changed, 44 insertions, 40 deletions

diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc
index b2db89ff99..073d634a1d 100644
--- a/docbook/release-notes.asciidoc
+++ b/docbook/release-notes.asciidoc
@@ -40,6 +40,8 @@ The following features are new (or have been significantly updated)
 since version 2.5.0:
 
 * HTTP Referer statistics are now supported.
+* Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite
+  Legacy databases has been removed.
 * The Windows packages are now built using Microsoft Visual Studio 2017.
 * The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.
 
diff --git a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
index 247649d5a7..c184f867cf 100644
--- a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
+++ b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
@@ -353,26 +353,19 @@ The PortAudio sources are downloaded from
 https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[] and compiled
 locally.
 
-[[ChLibsGeoIP]]
+[[ChLibsMaxMindDB]]
 
-=== GeoIP (optional)
+=== MaxMindDB (optional)
 
-MaxMind Inc. publishes a GeoIP database for use in open source software.
-It can be used to map IP addresses to geographical locations.
+MaxMind Inc. publishes a set of IP geolocation databases and related
+open source libraries. They can be used to map IP addresses to
+geographical locations and other information.
 
-[[ChLibsUnixGeoIP]]
-
-==== Unix
-
-If this library isn't already installed or available as a
+If libmaxminddb library isn't already installed or available as a
 package for your platform, you can get it at
-http://www.maxmind.com/app/c[].
+https://github.com/maxmind/libmaxminddb[].
 
-[[ChLibsWin32GeoIP]]
-
-==== Win32 MSVC
-
-We provide a package cross-compiled using MinGW32 at
+We provide a package for Windows at
 https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[].
 
 [[ChLibsWinSparkle]]
diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc
index 96e443468e..66ea7288da 100644
--- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc
+++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc
@@ -746,7 +746,7 @@ Configuration files stored in the Profiles:
 * ESS Category Attributes (ess_category_attributes)
   (<<ChEssCategoryAttributes>>)
 
-* GeoIP Database Paths (geoip_db_paths) (<<ChGeoIPDbPaths>>)
+* MaxMind Database Paths (maxmind_db_paths) (<<ChMaxMindDbPaths>>)
 
 * K12 Protocols (k12_protos) (<<ChK12ProtocolsSection>>)
 
@@ -876,28 +876,35 @@ The value (Label And Cert Value) representing the Category.
 Name::
 The textual representation for the value.
 
-[[ChGeoIPDbPaths]]
+[[ChMaxMindDbPaths]]
 
-=== GeoIP Database Paths
+=== MaxMind Database Paths
 
-If your copy of Wireshark supports link:http://www.maxmind.com/[MaxMind’s]
-GeoIP library, you can use their databases to match IP addresses to countries,
-cites, autonomous system numbers, ISPs, and other bits of information. Some
-databases are link:http://www.maxmind.com/download/geoip/database/[available
-at no cost], while others require a licensing fee. See
-link:http://www.maxmind.com/app/ip-location[the MaxMind web site] for more
-information.
+If your copy of Wireshark supports
+link:http://www.maxmind.com/[MaxMind’s] MaxMindDB library, you can use
+their databases to match IP addresses to countries, cites, autonomous
+system numbers, and other bits of information. Some databases are
+link:https://dev.maxmind.com/geoip/geoip2/downloadable/[available at no
+cost], while others require a licensing fee. See
+link:http://www.maxmind.com/[the MaxMind web site] for more information.
 
 This table is handled by an <<ChUserTable>> with the following fields.
 
 Database pathname::
-This specifies a directory containing GeoIP data files. Any files beginning with
-_Geo_ and ending with _.dat_ will be automatically loaded. A total of 8 files
-can be loaded.
-+
-The locations for your data files are up to you, but `/usr/share/GeoIP` (Linux),
-`C:\GeoIP` (Windows), `C:\Program Files\Wireshark\GeoIP` (Windows) might be good
-choices.
+This specifies a directory containing MaxMind data files. Any files
+ending with _.mmdb_ will be automatically loaded.
+
+The locations for your data files are up to you, but `/usr/share/GeoIP`
+and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`,
+`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows.
+
+[[ChGeoIPDbPaths]]
+
+Previous versions of Wireshark supported MaxMind's original GeoIP Legacy
+database format. They were configured similar to MaxMindDB files above,
+except GeoIP files must begin with _Geo_ and end with _.dat_. They are
+no longer supported and MaxMind stopped distributing GeoLite Legacy
+databases in April 2018.
 
 [[ChIKEv2DecryptionSection]]
 
diff --git a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc
index 6580c5c090..607ccfc9d7 100644
--- a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc
+++ b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc
@@ -255,11 +255,12 @@ related page can still be selected).
 
 Each row in the list shows the statistical values for exactly one endpoint.
 
-_Name resolution_ will be done if selected in the window and if it is active for
-the specific protocol layer (MAC layer for the selected Ethernet endpoints
-page). _Limit to display filter_ will only show conversations matching the
-current display filter. Note that in this example we have GeoIP configured which
-gives us extra geographic columns. See <<ChGeoIPDbPaths>> for more information.
+_Name resolution_ will be done if selected in the window and if it is
+active for the specific protocol layer (MAC layer for the selected
+Ethernet endpoints page). _Limit to display filter_ will only show
+conversations matching the current display filter. Note that in this
+example we have MaxMind DB configured which gives us extra geographic
+columns. See <<ChMaxMindDbPaths>> for more information.
 
 The btn:[Copy] button will copy the list values to the clipboard in CSV
 (Comma Separated Values) or YAML format.
diff --git a/docbook/wsug_src/WSUG_chapter_use.asciidoc b/docbook/wsug_src/WSUG_chapter_use.asciidoc
index fd21e7afa2..1ea8d65038 100644
--- a/docbook/wsug_src/WSUG_chapter_use.asciidoc
+++ b/docbook/wsug_src/WSUG_chapter_use.asciidoc
@@ -893,9 +893,10 @@ There is a context menu (right mouse click) available. See details in
 Some protocol fields have special meanings.
 
 * *Generated fields.* Wireshark itself will generate additional protocol
-  information which isn’t present in the captured data. This information is
-  enclosed in square brackets (“[” and “]”). Generated information includes
-  response times, TCP analysis, GeoIP information, and checksum validation.
+  information which isn’t present in the captured data. This information
+  is enclosed in square brackets (“[” and “]”). Generated information
+  includes response times, TCP analysis, IP geolocation information, and
+  checksum validation.
 
 * *Links.* If Wireshark detects a relationship to another packet in the capture
   file it will generate a link to that packet. Links are underlined and