diff options
-rw-r--r-- | doc/dissection-options.adoc | 18 | ||||
-rw-r--r-- | docbook/release-notes.adoc | 5 | ||||
-rw-r--r-- | docbook/wsug_src/wsug_advanced.adoc | 6 | ||||
-rw-r--r-- | epan/addr_resolv.c | 5 | ||||
-rw-r--r-- | epan/addr_resolv.h | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-ip.c | 15 | ||||
-rw-r--r-- | epan/dissectors/packet-ipv6.c | 15 | ||||
-rw-r--r-- | epan/maxmind_db.c | 31 | ||||
-rw-r--r-- | epan/maxmind_db.h | 2 | ||||
-rw-r--r-- | epan/prefs.c | 3 | ||||
-rw-r--r-- | ui/dissect_opts.c | 1 |
11 files changed, 74 insertions, 28 deletions
diff --git a/doc/dissection-options.adoc b/doc/dissection-options.adoc index a1dad81950..b721b5b556 100644 --- a/doc/dissection-options.adoc +++ b/doc/dissection-options.adoc @@ -99,23 +99,27 @@ The argument is a string that may contain the letters: *d* to enable resolution from captured DNS packets +*g* to enable IP address geolocation information lookup from configured +MaxMind databases + *m* to enable MAC address resolution *n* to enable network address resolution *N* to enable using external resolvers (e.g., DNS) for network address resolution; no effect without *n* also enabled. -// tag::tshark[] -[CAUTION] -In tshark single-pass mode, external resolution is performed synchronously. -For live captures, which are always in single-pass mode, this makes it -more difficult for dissection to keep up with a busy network, possibly -leading to dropped packets. -// end::tshark[] *t* to enable transport-layer port number resolution *v* to enable VLAN IDs to names resolution + +// tag::tshark[] +[CAUTION] +In tshark single-pass mode, external resolution and geolocation lookup is +performed synchronously. For live captures, which are always in single-pass +mode, this makes it more difficult for dissection to keep up with a busy +network, possibly leading to dropped packets. +// end::tshark[] -- -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]:: diff --git a/docbook/release-notes.adoc b/docbook/release-notes.adoc index 8cc90162fc..7b93c035cf 100644 --- a/docbook/release-notes.adoc +++ b/docbook/release-notes.adoc @@ -78,6 +78,11 @@ The following features are new (or have been significantly updated) since versio * The default interval between GUI updates when capturing has been decreased from 500ms to 100ms, and is now configurable. +* The *-n* option also now disables IP address geolocation information lookup +in configured MaxMind databases (and geolocation lookup can be enabled with +*-Ng*.) This is most relevant for tshark, where geolocation lookups are +synchronous. + // === Removed Features and Support // === Removed Dissectors diff --git a/docbook/wsug_src/wsug_advanced.adoc b/docbook/wsug_src/wsug_advanced.adoc index ef198ba297..3334240108 100644 --- a/docbook/wsug_src/wsug_advanced.adoc +++ b/docbook/wsug_src/wsug_advanced.adoc @@ -1085,9 +1085,9 @@ displays segments in the expected order. Name resolution tries to convert some of the numerical address values into a human readable format. There are two possible ways to do these conversions, depending on the resolution to be done: calling system/network services (like -the gethostname() function) and/or resolve from Wireshark specific configuration -files. For details about the configuration files Wireshark uses for name -resolution and alike, see <<AppFiles>>. +the gethostname() function) and/or resolving from Wireshark specific +configuration files. For details about the configuration files Wireshark uses +for name resolution and alike, see <<AppFiles>>. The name resolution feature can be enabled individually for the protocol layers listed in the following sections. diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c index f32bb3b509..7887cf9d27 100644 --- a/epan/addr_resolv.c +++ b/epan/addr_resolv.c @@ -281,7 +281,8 @@ e_addr_resolve gbl_resolv_flags = { TRUE, /* use_external_net_name_resolver */ FALSE, /* load_hosts_file_from_profile_only */ FALSE, /* vlan_name */ - FALSE /* ss7 point code names */ + FALSE, /* ss7 point code names */ + TRUE, /* maxmind_geoip */ }; static guint name_resolve_concurrency = 500; static gboolean resolve_synchronously = FALSE; @@ -2936,6 +2937,7 @@ addr_resolve_pref_init(module_t *nameres) void addr_resolve_pref_apply(void) { c_ares_set_dns_servers(); + maxmind_db_pref_apply(); } void @@ -2947,6 +2949,7 @@ disable_name_resolution(void) { gbl_resolv_flags.use_external_net_name_resolver = FALSE; gbl_resolv_flags.vlan_name = FALSE; gbl_resolv_flags.ss7pc_name = FALSE; + gbl_resolv_flags.maxmind_geoip = FALSE; } gboolean diff --git a/epan/addr_resolv.h b/epan/addr_resolv.h index 1dc222fb40..abfdd59d9f 100644 --- a/epan/addr_resolv.h +++ b/epan/addr_resolv.h @@ -54,6 +54,7 @@ typedef struct _e_addr_resolve { gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */ gboolean vlan_name; /**< Whether to resolve VLAN IDs to names */ gboolean ss7pc_name; /**< Whether to resolve SS7 Point Codes to names */ + gboolean maxmind_geoip; /**< Whether to lookup geolocation information with mmdbresolve */ } e_addr_resolve; #define ADDR_RESOLV_MACADDR(at) \ diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index ac70eca6b2..657e859534 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -75,9 +75,6 @@ static gboolean ip_tso_supported = TRUE; /* Use heuristics to determine subdissector */ static gboolean try_heuristic_first = FALSE; -/* Look up addresses via mmdbresolve */ -static gboolean ip_use_geoip = TRUE; - /* Interpret the reserved flag as security flag (RFC 3514) */ static gboolean ip_security_flag = FALSE; @@ -2223,7 +2220,7 @@ dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* proto_item_set_hidden(item); } - if (ip_use_geoip) { + if (gbl_resolv_flags.maxmind_geoip) { add_geoip_info(ip_tree, pinfo, tvb, offset, src32, dst32); } } @@ -2992,10 +2989,8 @@ proto_register_ip(void) "Support packet-capture from IP TSO-enabled hardware", "Whether to correct for TSO-enabled (TCP segmentation offload) hardware " "captures, such as spoofing the IP packet length", &ip_tso_supported); - prefs_register_bool_preference(ip_module, "use_geoip", - "Enable IPv4 geolocation", - "Whether to look up IP addresses in each MaxMind database we have loaded", - &ip_use_geoip); + + prefs_register_obsolete_preference(ip_module, "use_geoip"); prefs_register_bool_preference(ip_module, "security_flag" , "Interpret Reserved flag as Security flag (RFC 3514)", "Whether to interpret the originally reserved flag as security flag", @@ -3005,6 +3000,10 @@ proto_register_ip(void) "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port", &try_heuristic_first); + prefs_register_static_text_preference(ip_module, "text_use_geoip", + "IP geolocation settings can be changed in the Name Resolution preferences", + "IP geolocation settings can be changed in the Name Resolution preferences"); + ip_handle = register_dissector("ip", dissect_ip, proto_ip); reassembly_table_register(&ip_reassembly_table, &addresses_reassembly_table_functions); diff --git a/epan/dissectors/packet-ipv6.c b/epan/dissectors/packet-ipv6.c index 868ab26efc..53f24d596b 100644 --- a/epan/dissectors/packet-ipv6.c +++ b/epan/dissectors/packet-ipv6.c @@ -788,9 +788,6 @@ static gboolean ipv6_summary_in_tree = TRUE; /* Show expanded information about IPv6 address */ static gboolean ipv6_address_detail = FALSE; -/* Look up addresses via mmdbresolve */ -static gboolean ipv6_use_geoip = TRUE; - /* Perform strict RFC adherence checking */ static gboolean g_ipv6_rpl_srh_strict_rfc_checking = FALSE; @@ -3652,7 +3649,7 @@ dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_ add_ipv6_address_embed_ipv4(pinfo, ipv6_tree, tvb, offset + IP6H_SRC, hf_ipv6_src_embed_ipv4); add_ipv6_address_embed_ipv4(pinfo, ipv6_tree, tvb, offset + IP6H_DST, hf_ipv6_dst_embed_ipv4); - if (ipv6_use_geoip) { + if (gbl_resolv_flags.maxmind_geoip) { add_geoip_info(ipv6_tree, pinfo, tvb, offset, ip6_src, ip6_dst); } } @@ -5342,10 +5339,8 @@ proto_register_ipv6(void) "Show details about IPv6 addresses", "Whether to show extended information about IPv6 addresses", &ipv6_address_detail); - prefs_register_bool_preference(ipv6_module, "use_geoip" , - "Enable IPv6 geolocation", - "Whether to look up IPv6 addresses in each MaxMind database we have loaded", - &ipv6_use_geoip); + + prefs_register_obsolete_preference(ipv6_module, "use_geoip"); /* RPL Strict Header Checking */ prefs_register_bool_preference(ipv6_module, "perform_strict_rpl_srh_rfc_checking", @@ -5373,6 +5368,10 @@ proto_register_ipv6(void) "Whether to correct for TSO-enabled (TCP segmentation offload) hardware " "captures, such as spoofing the IPv6 packet length", &ipv6_tso_supported); + prefs_register_static_text_preference(ipv6_module, "text_use_geoip" , + "IP geolocation settings can be changed in the Name Resolution preferences", + "IP geolocation settings can be changed in the Name Resolution preferences"); + static uat_field_t nat64_uats_flds[] = { UAT_FLD_CSTRING_OTHER(nat64_prefix_uats, ipaddr, "NAT64 Prefix", nat64_prefix_uat_fld_ip_chk_cb, "IPv6 prefix address"), UAT_FLD_VS(nat64_prefix_uats, prefix_len, "Prefix length", nat64_prefix_length_vals, "IPv6 prefix address length"), diff --git a/epan/maxmind_db.c b/epan/maxmind_db.c index 2990543c45..7cef3cff66 100644 --- a/epan/maxmind_db.c +++ b/epan/maxmind_db.c @@ -595,7 +595,9 @@ static void maxmind_db_post_update_cb(void) { } } - mmdb_resolve_start(); + if (gbl_resolv_flags.maxmind_geoip) { + mmdb_resolve_start(); + } } /** @@ -604,6 +606,12 @@ static void maxmind_db_post_update_cb(void) { void maxmind_db_pref_init(module_t *nameres) { + prefs_register_bool_preference(nameres, + "maxmind_geoip", + "Enable IP geolocation", + "Lookup geolocation information for IPv4 and IPv6 addresses with configured MaxMind databases", + &gbl_resolv_flags.maxmind_geoip); + static uat_field_t maxmind_db_paths_fields[] = { UAT_FLD_DIRECTORYNAME(maxmind_mod, path, "MaxMind Database Directory", "The MaxMind database directory path"), UAT_END_FIELDS @@ -638,6 +646,19 @@ void maxmind_db_pref_cleanup(void) mmdb_resolve_stop(); } +void maxmind_db_pref_apply(void) +{ + if (gbl_resolv_flags.maxmind_geoip) { + if (!mmdbr_pipe_valid()) { + mmdb_resolve_start(); + } + } else { + if (mmdbr_pipe_valid()) { + mmdb_resolve_stop(); + } + } +} + static void maxmind_db_pop_response(mmdb_response_t *response) { /* This is only called in the main thread */ @@ -708,6 +729,10 @@ gboolean maxmind_db_lookup_process(void) const mmdb_lookup_t * maxmind_db_lookup_ipv4(const ws_in4_addr *addr) { + if (!gbl_resolv_flags.maxmind_geoip) { + return &mmdb_not_found; + } + mmdb_lookup_t *result = (mmdb_lookup_t *) wmem_map_lookup(mmdb_ipv4_map, GUINT_TO_POINTER(*addr)); if (!result) { @@ -731,6 +756,10 @@ maxmind_db_lookup_ipv4(const ws_in4_addr *addr) { const mmdb_lookup_t * maxmind_db_lookup_ipv6(const ws_in6_addr *addr) { + if (!gbl_resolv_flags.maxmind_geoip) { + return &mmdb_not_found; + } + mmdb_lookup_t * result = (mmdb_lookup_t *) wmem_map_lookup(mmdb_ipv6_map, addr->bytes); if (!result) { diff --git a/epan/maxmind_db.h b/epan/maxmind_db.h index 51c08cad8a..ed4882438f 100644 --- a/epan/maxmind_db.h +++ b/epan/maxmind_db.h @@ -44,6 +44,8 @@ WS_DLL_LOCAL void maxmind_db_pref_init(module_t *nameres); */ WS_DLL_LOCAL void maxmind_db_pref_cleanup(void); +WS_DLL_LOCAL void maxmind_db_pref_apply(void); + /** * Look up an IPv4 address in a database * diff --git a/epan/prefs.c b/epan/prefs.c index c4a0225a1d..d6c9c81f99 100644 --- a/epan/prefs.c +++ b/epan/prefs.c @@ -5116,6 +5116,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve) memset(name_resolve, 0, sizeof(e_addr_resolve)); while ((c = *string++) != '\0') { switch (c) { + case 'g': + name_resolve->maxmind_geoip = TRUE; + break; case 'm': name_resolve->mac_name = TRUE; break; diff --git a/ui/dissect_opts.c b/ui/dissect_opts.c index c213aefdbb..8663332982 100644 --- a/ui/dissect_opts.c +++ b/ui/dissect_opts.c @@ -79,6 +79,7 @@ dissect_opts_handle_opt(int opt, char *optarg_str_p) cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:", badopt); cmdarg_err_cont("\t'd' to enable address resolution from captured DNS packets\n" + "\t'g' to enable address geolocation information from MaxMind databases\n" "\t'm' to enable MAC address resolution\n" "\t'n' to enable network address resolution\n" "\t'N' to enable using external resolvers (e.g., DNS)\n" |