11 files changed, 74 insertions, 28 deletions

diff --git a/doc/dissection-options.adoc b/doc/dissection-options.adoc
index a1dad81950..b721b5b556 100644
--- a/doc/dissection-options.adoc
+++ b/doc/dissection-options.adoc
@@ -99,23 +99,27 @@ The argument is a string that may contain the letters:
 
 *d* to enable resolution from captured DNS packets
 
+*g* to enable IP address geolocation information lookup from configured
+MaxMind databases
+
 *m* to enable MAC address resolution
 
 *n* to enable network address resolution
 
 *N* to enable using external resolvers (e.g., DNS) for network address
 resolution; no effect without *n* also enabled.
-// tag::tshark[]
-[CAUTION]
-In tshark single-pass mode, external resolution is performed synchronously.
-For live captures, which are always in single-pass mode, this makes it
-more difficult for dissection to keep up with a busy network, possibly
-leading to dropped packets.
-// end::tshark[]
 
 *t* to enable transport-layer port number resolution
 
 *v* to enable VLAN IDs to names resolution
+
+// tag::tshark[]
+[CAUTION]
+In tshark single-pass mode, external resolution and geolocation lookup is
+performed synchronously. For live captures, which are always in single-pass
+mode, this makes it more difficult for dissection to keep up with a busy
+network, possibly leading to dropped packets.
+// end::tshark[]
 --
 
 -t  (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]::
diff --git a/docbook/release-notes.adoc b/docbook/release-notes.adoc
index 8cc90162fc..7b93c035cf 100644
--- a/docbook/release-notes.adoc
+++ b/docbook/release-notes.adoc
@@ -78,6 +78,11 @@ The following features are new (or have been significantly updated) since versio
 * The default interval between GUI updates when capturing has been decreased
 from 500ms to 100ms, and is now configurable.
 
+* The *-n* option also now disables IP address geolocation information lookup
+in configured MaxMind databases (and geolocation lookup can be enabled with
+*-Ng*.) This is most relevant for tshark, where geolocation lookups are
+synchronous.
+
 // === Removed Features and Support
 
 // === Removed Dissectors
diff --git a/docbook/wsug_src/wsug_advanced.adoc b/docbook/wsug_src/wsug_advanced.adoc
index ef198ba297..3334240108 100644
--- a/docbook/wsug_src/wsug_advanced.adoc
+++ b/docbook/wsug_src/wsug_advanced.adoc
@@ -1085,9 +1085,9 @@ displays segments in the expected order.
 Name resolution tries to convert some of the numerical address values into a
 human readable format. There are two possible ways to do these conversions,
 depending on the resolution to be done: calling system/network services (like
-the gethostname() function) and/or resolve from Wireshark specific configuration
-files. For details about the configuration files Wireshark uses for name
-resolution and alike, see <<AppFiles>>.
+the gethostname() function) and/or resolving from Wireshark specific
+configuration files. For details about the configuration files Wireshark uses
+for name resolution and alike, see <<AppFiles>>.
 
 The name resolution feature can be enabled individually for the protocol layers
 listed in the following sections.
diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c
index f32bb3b509..7887cf9d27 100644
--- a/epan/addr_resolv.c
+++ b/epan/addr_resolv.c
@@ -281,7 +281,8 @@ e_addr_resolve gbl_resolv_flags = {
     TRUE,   /* use_external_net_name_resolver */
     FALSE,  /* load_hosts_file_from_profile_only */
     FALSE,  /* vlan_name */
-    FALSE   /* ss7 point code names */
+    FALSE,  /* ss7 point code names */
+    TRUE,   /* maxmind_geoip */
 };
 static guint name_resolve_concurrency = 500;
 static gboolean resolve_synchronously = FALSE;
@@ -2936,6 +2937,7 @@ addr_resolve_pref_init(module_t *nameres)
 void addr_resolve_pref_apply(void)
 {
     c_ares_set_dns_servers();
+    maxmind_db_pref_apply();
 }
 
 void
@@ -2947,6 +2949,7 @@ disable_name_resolution(void) {
     gbl_resolv_flags.use_external_net_name_resolver     = FALSE;
     gbl_resolv_flags.vlan_name                          = FALSE;
     gbl_resolv_flags.ss7pc_name                         = FALSE;
+    gbl_resolv_flags.maxmind_geoip                      = FALSE;
 }
 
 gboolean
diff --git a/epan/addr_resolv.h b/epan/addr_resolv.h
index 1dc222fb40..abfdd59d9f 100644
--- a/epan/addr_resolv.h
+++ b/epan/addr_resolv.h
@@ -54,6 +54,7 @@ typedef struct _e_addr_resolve {
   gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */
   gboolean vlan_name;                         /**< Whether to resolve VLAN IDs to names */
   gboolean ss7pc_name;                        /**< Whether to resolve SS7 Point Codes to names */
+  gboolean maxmind_geoip;                     /**< Whether to lookup geolocation information with mmdbresolve */
 } e_addr_resolve;
 
 #define ADDR_RESOLV_MACADDR(at) \
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c
index ac70eca6b2..657e859534 100644
--- a/epan/dissectors/packet-ip.c
+++ b/epan/dissectors/packet-ip.c
@@ -75,9 +75,6 @@ static gboolean ip_tso_supported = TRUE;
 /* Use heuristics to determine subdissector */
 static gboolean try_heuristic_first = FALSE;
 
-/* Look up addresses via mmdbresolve */
-static gboolean ip_use_geoip = TRUE;
-
 /* Interpret the reserved flag as security flag (RFC 3514) */
 static gboolean ip_security_flag = FALSE;
 
@@ -2223,7 +2220,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
       proto_item_set_hidden(item);
     }
 
-    if (ip_use_geoip) {
+    if (gbl_resolv_flags.maxmind_geoip) {
       add_geoip_info(ip_tree, pinfo, tvb, offset, src32, dst32);
     }
   }
@@ -2992,10 +2989,8 @@ proto_register_ip(void)
     "Support packet-capture from IP TSO-enabled hardware",
     "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
     "captures, such as spoofing the IP packet length", &ip_tso_supported);
-  prefs_register_bool_preference(ip_module, "use_geoip",
-    "Enable IPv4 geolocation",
-    "Whether to look up IP addresses in each MaxMind database we have loaded",
-    &ip_use_geoip);
+
+  prefs_register_obsolete_preference(ip_module, "use_geoip");
   prefs_register_bool_preference(ip_module, "security_flag" ,
     "Interpret Reserved flag as Security flag (RFC 3514)",
     "Whether to interpret the originally reserved flag as security flag",
@@ -3005,6 +3000,10 @@ proto_register_ip(void)
     "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
     &try_heuristic_first);
 
+  prefs_register_static_text_preference(ip_module, "text_use_geoip",
+    "IP geolocation settings can be changed in the Name Resolution preferences",
+    "IP geolocation settings can be changed in the Name Resolution preferences");
+
   ip_handle = register_dissector("ip", dissect_ip, proto_ip);
   reassembly_table_register(&ip_reassembly_table,
                         &addresses_reassembly_table_functions);
diff --git a/epan/dissectors/packet-ipv6.c b/epan/dissectors/packet-ipv6.c
index 868ab26efc..53f24d596b 100644
--- a/epan/dissectors/packet-ipv6.c
+++ b/epan/dissectors/packet-ipv6.c
@@ -788,9 +788,6 @@ static gboolean ipv6_summary_in_tree = TRUE;
 /* Show expanded information about IPv6 address */
 static gboolean ipv6_address_detail = FALSE;
 
-/* Look up addresses via mmdbresolve */
-static gboolean ipv6_use_geoip = TRUE;
-
 /* Perform strict RFC adherence checking */
 static gboolean g_ipv6_rpl_srh_strict_rfc_checking = FALSE;
 
@@ -3652,7 +3649,7 @@ dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
         add_ipv6_address_embed_ipv4(pinfo, ipv6_tree, tvb, offset + IP6H_SRC, hf_ipv6_src_embed_ipv4);
         add_ipv6_address_embed_ipv4(pinfo, ipv6_tree, tvb, offset + IP6H_DST, hf_ipv6_dst_embed_ipv4);
 
-        if (ipv6_use_geoip) {
+        if (gbl_resolv_flags.maxmind_geoip) {
             add_geoip_info(ipv6_tree, pinfo, tvb, offset, ip6_src, ip6_dst);
         }
     }
@@ -5342,10 +5339,8 @@ proto_register_ipv6(void)
                                    "Show details about IPv6 addresses",
                                    "Whether to show extended information about IPv6 addresses",
                                    &ipv6_address_detail);
-    prefs_register_bool_preference(ipv6_module, "use_geoip" ,
-                                   "Enable IPv6 geolocation",
-                                   "Whether to look up IPv6 addresses in each MaxMind database we have loaded",
-                                   &ipv6_use_geoip);
+
+    prefs_register_obsolete_preference(ipv6_module, "use_geoip");
 
     /* RPL Strict Header Checking */
     prefs_register_bool_preference(ipv6_module, "perform_strict_rpl_srh_rfc_checking",
@@ -5373,6 +5368,10 @@ proto_register_ipv6(void)
                                     "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
                                     "captures, such as spoofing the IPv6 packet length", &ipv6_tso_supported);
 
+    prefs_register_static_text_preference(ipv6_module, "text_use_geoip" ,
+                                   "IP geolocation settings can be changed in the Name Resolution preferences",
+                                   "IP geolocation settings can be changed in the Name Resolution preferences");
+
     static uat_field_t nat64_uats_flds[] = {
         UAT_FLD_CSTRING_OTHER(nat64_prefix_uats, ipaddr, "NAT64 Prefix", nat64_prefix_uat_fld_ip_chk_cb, "IPv6 prefix address"),
         UAT_FLD_VS(nat64_prefix_uats, prefix_len, "Prefix length", nat64_prefix_length_vals, "IPv6 prefix address length"),
diff --git a/epan/maxmind_db.c b/epan/maxmind_db.c
index 2990543c45..7cef3cff66 100644
--- a/epan/maxmind_db.c
+++ b/epan/maxmind_db.c
@@ -595,7 +595,9 @@ static void maxmind_db_post_update_cb(void) {
         }
     }
 
-    mmdb_resolve_start();
+    if (gbl_resolv_flags.maxmind_geoip) {
+        mmdb_resolve_start();
+    }
 }
 
 /**
@@ -604,6 +606,12 @@ static void maxmind_db_post_update_cb(void) {
 void
 maxmind_db_pref_init(module_t *nameres)
 {
+    prefs_register_bool_preference(nameres,
+            "maxmind_geoip",
+            "Enable IP geolocation",
+            "Lookup geolocation information for IPv4 and IPv6 addresses with configured MaxMind databases",
+            &gbl_resolv_flags.maxmind_geoip);
+
     static uat_field_t maxmind_db_paths_fields[] = {
         UAT_FLD_DIRECTORYNAME(maxmind_mod, path, "MaxMind Database Directory", "The MaxMind database directory path"),
         UAT_END_FIELDS
@@ -638,6 +646,19 @@ void maxmind_db_pref_cleanup(void)
     mmdb_resolve_stop();
 }
 
+void maxmind_db_pref_apply(void)
+{
+    if (gbl_resolv_flags.maxmind_geoip) {
+        if (!mmdbr_pipe_valid()) {
+            mmdb_resolve_start();
+        }
+    } else {
+        if (mmdbr_pipe_valid()) {
+            mmdb_resolve_stop();
+        }
+    }
+}
+
 static void maxmind_db_pop_response(mmdb_response_t *response)
 {
     /* This is only called in the main thread */
@@ -708,6 +729,10 @@ gboolean maxmind_db_lookup_process(void)
 
 const mmdb_lookup_t *
 maxmind_db_lookup_ipv4(const ws_in4_addr *addr) {
+    if (!gbl_resolv_flags.maxmind_geoip) {
+        return &mmdb_not_found;
+    }
+
     mmdb_lookup_t *result = (mmdb_lookup_t *) wmem_map_lookup(mmdb_ipv4_map, GUINT_TO_POINTER(*addr));
 
     if (!result) {
@@ -731,6 +756,10 @@ maxmind_db_lookup_ipv4(const ws_in4_addr *addr) {
 
 const mmdb_lookup_t *
 maxmind_db_lookup_ipv6(const ws_in6_addr *addr) {
+    if (!gbl_resolv_flags.maxmind_geoip) {
+        return &mmdb_not_found;
+    }
+
     mmdb_lookup_t * result = (mmdb_lookup_t *) wmem_map_lookup(mmdb_ipv6_map, addr->bytes);
 
     if (!result) {
diff --git a/epan/maxmind_db.h b/epan/maxmind_db.h
index 51c08cad8a..ed4882438f 100644
--- a/epan/maxmind_db.h
+++ b/epan/maxmind_db.h
@@ -44,6 +44,8 @@ WS_DLL_LOCAL void maxmind_db_pref_init(module_t *nameres);
  */
 WS_DLL_LOCAL void maxmind_db_pref_cleanup(void);
 
+WS_DLL_LOCAL void maxmind_db_pref_apply(void);
+
 /**
  * Look up an IPv4 address in a database
  *
diff --git a/epan/prefs.c b/epan/prefs.c
index c4a0225a1d..d6c9c81f99 100644
--- a/epan/prefs.c
+++ b/epan/prefs.c
@@ -5116,6 +5116,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve)
     memset(name_resolve, 0, sizeof(e_addr_resolve));
     while ((c = *string++) != '\0') {
         switch (c) {
+        case 'g':
+            name_resolve->maxmind_geoip = TRUE;
+            break;
         case 'm':
             name_resolve->mac_name = TRUE;
             break;
diff --git a/ui/dissect_opts.c b/ui/dissect_opts.c
index c213aefdbb..8663332982 100644
--- a/ui/dissect_opts.c
+++ b/ui/dissect_opts.c
@@ -79,6 +79,7 @@ dissect_opts_handle_opt(int opt, char *optarg_str_p)
             cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
                        badopt);
             cmdarg_err_cont("\t'd' to enable address resolution from captured DNS packets\n"
+                            "\t'g' to enable address geolocation information from MaxMind databases\n"
                             "\t'm' to enable MAC address resolution\n"
                             "\t'n' to enable network address resolution\n"
                             "\t'N' to enable using external resolvers (e.g., DNS)\n"