diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-02-08 17:20:26 -0800 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2018-03-06 18:02:21 +0000 |
commit | a1da75c554881667dd92e11f098630f2d604872b (patch) | |
tree | b1d6a60a663bf93f1eede809a0c383544508d6e2 /docbook | |
parent | b2d3680558d19998c55b48e9807a26e145756eba (diff) |
Transition from GeoIP Legacy to MaxMindDB.
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'docbook')
-rw-r--r-- | docbook/release-notes.asciidoc | 2 | ||||
-rw-r--r-- | docbook/wsdg_src/WSDG_chapter_libraries.asciidoc | 23 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_customize.asciidoc | 41 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_statistics.asciidoc | 11 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_use.asciidoc | 7 |
5 files changed, 44 insertions, 40 deletions
diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index b2db89ff99..073d634a1d 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -40,6 +40,8 @@ The following features are new (or have been significantly updated) since version 2.5.0: * HTTP Referer statistics are now supported. +* Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite + Legacy databases has been removed. * The Windows packages are now built using Microsoft Visual Studio 2017. * The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed. diff --git a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc index 247649d5a7..c184f867cf 100644 --- a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc @@ -353,26 +353,19 @@ The PortAudio sources are downloaded from https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[] and compiled locally. -[[ChLibsGeoIP]] +[[ChLibsMaxMindDB]] -=== GeoIP (optional) +=== MaxMindDB (optional) -MaxMind Inc. publishes a GeoIP database for use in open source software. -It can be used to map IP addresses to geographical locations. +MaxMind Inc. publishes a set of IP geolocation databases and related +open source libraries. They can be used to map IP addresses to +geographical locations and other information. -[[ChLibsUnixGeoIP]] - -==== Unix - -If this library isn't already installed or available as a +If libmaxminddb library isn't already installed or available as a package for your platform, you can get it at -http://www.maxmind.com/app/c[]. +https://github.com/maxmind/libmaxminddb[]. -[[ChLibsWin32GeoIP]] - -==== Win32 MSVC - -We provide a package cross-compiled using MinGW32 at +We provide a package for Windows at https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[]. [[ChLibsWinSparkle]] diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc index 96e443468e..66ea7288da 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc @@ -746,7 +746,7 @@ Configuration files stored in the Profiles: * ESS Category Attributes (ess_category_attributes) (<<ChEssCategoryAttributes>>) -* GeoIP Database Paths (geoip_db_paths) (<<ChGeoIPDbPaths>>) +* MaxMind Database Paths (maxmind_db_paths) (<<ChMaxMindDbPaths>>) * K12 Protocols (k12_protos) (<<ChK12ProtocolsSection>>) @@ -876,28 +876,35 @@ The value (Label And Cert Value) representing the Category. Name:: The textual representation for the value. -[[ChGeoIPDbPaths]] +[[ChMaxMindDbPaths]] -=== GeoIP Database Paths +=== MaxMind Database Paths -If your copy of Wireshark supports link:http://www.maxmind.com/[MaxMind’s] -GeoIP library, you can use their databases to match IP addresses to countries, -cites, autonomous system numbers, ISPs, and other bits of information. Some -databases are link:http://www.maxmind.com/download/geoip/database/[available -at no cost], while others require a licensing fee. See -link:http://www.maxmind.com/app/ip-location[the MaxMind web site] for more -information. +If your copy of Wireshark supports +link:http://www.maxmind.com/[MaxMind’s] MaxMindDB library, you can use +their databases to match IP addresses to countries, cites, autonomous +system numbers, and other bits of information. Some databases are +link:https://dev.maxmind.com/geoip/geoip2/downloadable/[available at no +cost], while others require a licensing fee. See +link:http://www.maxmind.com/[the MaxMind web site] for more information. This table is handled by an <<ChUserTable>> with the following fields. Database pathname:: -This specifies a directory containing GeoIP data files. Any files beginning with -_Geo_ and ending with _.dat_ will be automatically loaded. A total of 8 files -can be loaded. -+ -The locations for your data files are up to you, but `/usr/share/GeoIP` (Linux), -`C:\GeoIP` (Windows), `C:\Program Files\Wireshark\GeoIP` (Windows) might be good -choices. +This specifies a directory containing MaxMind data files. Any files +ending with _.mmdb_ will be automatically loaded. + +The locations for your data files are up to you, but `/usr/share/GeoIP` +and `/var/lib/GeoIP` are common on Linux and `C:\ProgramData\GeoIP`, +`C:\Program Files\Wireshark\GeoIP` might be good choices on Windows. + +[[ChGeoIPDbPaths]] + +Previous versions of Wireshark supported MaxMind's original GeoIP Legacy +database format. They were configured similar to MaxMindDB files above, +except GeoIP files must begin with _Geo_ and end with _.dat_. They are +no longer supported and MaxMind stopped distributing GeoLite Legacy +databases in April 2018. [[ChIKEv2DecryptionSection]] diff --git a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc index 6580c5c090..607ccfc9d7 100644 --- a/docbook/wsug_src/WSUG_chapter_statistics.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_statistics.asciidoc @@ -255,11 +255,12 @@ related page can still be selected). Each row in the list shows the statistical values for exactly one endpoint. -_Name resolution_ will be done if selected in the window and if it is active for -the specific protocol layer (MAC layer for the selected Ethernet endpoints -page). _Limit to display filter_ will only show conversations matching the -current display filter. Note that in this example we have GeoIP configured which -gives us extra geographic columns. See <<ChGeoIPDbPaths>> for more information. +_Name resolution_ will be done if selected in the window and if it is +active for the specific protocol layer (MAC layer for the selected +Ethernet endpoints page). _Limit to display filter_ will only show +conversations matching the current display filter. Note that in this +example we have MaxMind DB configured which gives us extra geographic +columns. See <<ChMaxMindDbPaths>> for more information. The btn:[Copy] button will copy the list values to the clipboard in CSV (Comma Separated Values) or YAML format. diff --git a/docbook/wsug_src/WSUG_chapter_use.asciidoc b/docbook/wsug_src/WSUG_chapter_use.asciidoc index fd21e7afa2..1ea8d65038 100644 --- a/docbook/wsug_src/WSUG_chapter_use.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_use.asciidoc @@ -893,9 +893,10 @@ There is a context menu (right mouse click) available. See details in Some protocol fields have special meanings. * *Generated fields.* Wireshark itself will generate additional protocol - information which isn’t present in the captured data. This information is - enclosed in square brackets (“[” and “]”). Generated information includes - response times, TCP analysis, GeoIP information, and checksum validation. + information which isn’t present in the captured data. This information + is enclosed in square brackets (“[” and “]”). Generated information + includes response times, TCP analysis, IP geolocation information, and + checksum validation. * *Links.* If Wireshark detects a relationship to another packet in the capture file it will generate a link to that packet. Links are underlined and |