2 * GeoIP database support
4 * Copyright 2008, Gerald Combs <gerald@wireshark.org>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 * We currently return a single string for each database. Some databases,
27 * e.g. GeoIPCity, can return other info such as area codes.
34 #include <epan/wmem/wmem.h>
38 #include <GeoIPCity.h>
40 #include <epan/geoip_db.h>
42 #include <epan/prefs.h>
43 #include <epan/value_string.h>
45 #include <wsutil/report_message.h>
46 #include <wsutil/file_util.h>
48 /* This needs to match NUM_GEOIP_COLS in hostlist_table.h */
49 #define MAX_GEOIP_DBS 13
51 #ifndef HAVE_GEOIP_FREE
52 #define GeoIP_free free
55 /* Column names for each database type */
56 value_string geoip_type_name_vals[] = {
57 { GEOIP_COUNTRY_EDITION, "Country" },
58 { GEOIP_REGION_EDITION_REV0, "Region" },
59 { GEOIP_CITY_EDITION_REV0, "City"},
60 { GEOIP_ORG_EDITION, "Organization" },
61 { GEOIP_ISP_EDITION, "ISP" },
62 { GEOIP_CITY_EDITION_REV1, "City" },
63 { GEOIP_REGION_EDITION_REV1, "Region" },
64 { GEOIP_PROXY_EDITION, "Proxy" },
65 { GEOIP_ASNUM_EDITION, "AS Number" },
66 { GEOIP_NETSPEED_EDITION, "Speed" },
67 { GEOIP_DOMAIN_EDITION, "Domain" },
69 { GEOIP_COUNTRY_EDITION_V6, "Country" },
70 /* This is the closest thing to a version that GeoIP.h seems to provide. */
71 #if NUM_DB_TYPES > 31 /* 1.4.7 */
72 { GEOIP_CITY_EDITION_REV0_V6, "City"},
73 { GEOIP_CITY_EDITION_REV1_V6, "City"},
74 { GEOIP_ASNUM_EDITION_V6, "AS Number" },
75 { GEOIP_ISP_EDITION_V6, "ISP" },
76 { GEOIP_ORG_EDITION_V6, "Organization" },
77 { GEOIP_DOMAIN_EDITION_V6, "Domain" },
78 #endif /* NUM_DB_TYPES > 31 */
79 #if NUM_DB_TYPES > 32 /* 1.4.8 */
80 { GEOIP_NETSPEED_EDITION_REV1_V6, "Speed" },
81 #endif /* NUM_DB_TYPES > 32 */
82 #endif /* HAVE_GEOIP_V6 */
83 { WS_LAT_FAKE_EDITION, "Latitude" }, /* fake database */
84 { WS_LON_FAKE_EDITION, "Longitude" }, /* fake database */
88 static GArray *geoip_dat_arr = NULL;
90 /* UAT definitions. Copied from oids.c */
91 typedef struct _geoip_db_path_t {
95 static geoip_db_path_t *geoip_db_paths = NULL;
96 static guint num_geoip_db_paths = 0;
97 static const geoip_db_path_t geoip_db_system_paths[] = {
99 { "/usr/share/GeoIP" },
103 static uat_t *geoip_db_paths_uat = NULL;
104 UAT_DIRECTORYNAME_CB_DEF(geoip_mod, path, geoip_db_path_t)
108 * Scan a directory for GeoIP databases and load them
111 geoip_dat_scan_dir(const char *dirname) {
118 if ((dir = ws_dir_open(dirname, 0, NULL)) != NULL) {
119 while ((file = ws_dir_read_name(dir)) != NULL) {
120 name = ws_dir_get_name(file);
121 if (g_str_has_prefix(file, "Geo") && g_str_has_suffix(file, ".dat")) {
122 datname = g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", dirname, name);
123 gi = GeoIP_open(datname, GEOIP_MEMORY_CACHE);
125 g_array_append_val(geoip_dat_arr, gi);
135 static void* geoip_db_path_copy_cb(void* dest, const void* orig, size_t len _U_) {
136 const geoip_db_path_t *m = (const geoip_db_path_t *)orig;
137 geoip_db_path_t *d = (geoip_db_path_t *)dest;
139 d->path = g_strdup(m->path);
144 static void geoip_db_path_free_cb(void* p) {
145 geoip_db_path_t *m = (geoip_db_path_t *)p;
149 static void geoip_dat_cleanup(void) {
153 /* If we have old data, clear out the whole thing
154 * and start again. TODO: Just update the ones that
155 * have changed for efficiency's sake. */
157 /* skip the last two, as they are fake */
158 for (i = 0; i < geoip_db_num_dbs() - 2; i++) {
159 gi = g_array_index(geoip_dat_arr, GeoIP *, i);
164 /* don't use GeoIP_delete() on the two fake
165 * databases as they weren't created by GeoIP_new()
167 gi = g_array_index(geoip_dat_arr, GeoIP *, i);
169 gi = g_array_index(geoip_dat_arr, GeoIP *, i+1);
171 /* finally, free the array itself */
172 g_array_free(geoip_dat_arr, TRUE);
173 geoip_dat_arr = NULL;
177 /* called every time the user presses "Apply" or "OK in the list of
178 * GeoIP directories, and also once on startup */
179 static void geoip_db_post_update_cb(void) {
185 /* allocate the array */
186 geoip_dat_arr = g_array_new(FALSE, FALSE, sizeof(GeoIP *));
188 /* First try the system paths */
189 for (i = 0; geoip_db_system_paths[i].path != NULL; i++) {
190 geoip_dat_scan_dir(geoip_db_system_paths[i].path);
193 /* Walk all the directories */
194 for (i = 0; i < num_geoip_db_paths; i++) {
195 if (geoip_db_paths[i].path) {
196 geoip_dat_scan_dir(geoip_db_paths[i].path);
200 /* add fake databases for latitude and longitude
201 * (using "City" in reality) */
204 gi = (GeoIP *)g_malloc(sizeof (GeoIP));
205 gi->databaseType = WS_LAT_FAKE_EDITION;
206 g_array_append_val(geoip_dat_arr, gi);
209 gi = (GeoIP *)g_malloc(sizeof (GeoIP));
210 gi->databaseType = WS_LON_FAKE_EDITION;
211 g_array_append_val(geoip_dat_arr, gi);
214 static void geoip_db_cleanup(void)
220 * Initialize GeoIP lookups
223 geoip_db_pref_init(module_t *nameres)
225 static uat_field_t geoip_db_paths_fields[] = {
226 UAT_FLD_DIRECTORYNAME(geoip_mod, path, "GeoIP Database Directory", "The GeoIP database directory path"),
230 geoip_db_paths_uat = uat_new("GeoIP Database Paths",
231 sizeof(geoip_db_path_t),
234 (void**)&geoip_db_paths,
236 /* affects dissection of packets (as the GeoIP database is
237 used when dissecting), but not set of named fields */
238 UAT_AFFECTS_DISSECTION,
240 geoip_db_path_copy_cb,
242 geoip_db_path_free_cb,
243 geoip_db_post_update_cb,
245 geoip_db_paths_fields);
247 prefs_register_uat_preference(nameres,
249 "GeoIP database directories",
250 "Search paths for GeoIP address mapping databases."
251 " Wireshark will look in each directory for files beginning"
252 " with \"Geo\" and ending with \".dat\".",
257 geoip_db_num_dbs(void) {
258 return (geoip_dat_arr == NULL) ? 0 : geoip_dat_arr->len;
262 geoip_db_name(guint dbnum) {
265 gi = g_array_index(geoip_dat_arr, GeoIP *, dbnum);
267 return (val_to_str_const(gi->databaseType, geoip_type_name_vals, "Unknown database"));
269 return "Invalid database";
273 geoip_db_type(guint dbnum) {
276 gi = g_array_index(geoip_dat_arr, GeoIP *, dbnum);
278 return (gi->databaseType);
284 geoip_db_lookup_latlon4(guint32 addr, float *lat, float *lon) {
289 for (i = 0; i < geoip_db_num_dbs(); i++) {
290 gi = g_array_index(geoip_dat_arr, GeoIP *, i);
292 switch (gi->databaseType) {
293 case GEOIP_CITY_EDITION_REV0:
294 case GEOIP_CITY_EDITION_REV1:
295 gir = GeoIP_record_by_ipnum(gi, addr);
297 *lat = gir->latitude;
298 *lon = gir->longitude;
299 GeoIPRecord_delete(gir);
314 * GeoIP 1.4.3 and later provide GeoIP_set_charset(), but in versions
315 * 1.4.3 to 1.4.6 that only applies to the City databases. I.e., it's
316 * possible to produce invalid UTF-8 sequences even if GeoIP_set_charset()
320 /* Ensure that a given db value is UTF-8 */
322 db_val_to_utf_8(const char *val, GeoIP *gi) {
324 if (GeoIP_charset(gi) == GEOIP_CHARSET_ISO_8859_1) {
326 utf8_val = g_convert(val, -1, "UTF-8", "ISO-8859-1", NULL, NULL, NULL);
328 char *ret_val = wmem_strdup(NULL, utf8_val);
333 return wmem_strdup(NULL, val);
337 geoip_db_lookup_ipv4(guint dbnum, guint32 addr, const char *not_found) {
342 char *val, *ret = NULL;
344 if (dbnum > geoip_db_num_dbs()) {
345 if (not_found == NULL)
348 return wmem_strdup(NULL, not_found);
350 gi = g_array_index(geoip_dat_arr, GeoIP *, dbnum);
352 switch (gi->databaseType) {
353 case GEOIP_COUNTRY_EDITION:
354 country = GeoIP_country_name_by_ipnum(gi, addr);
356 ret = db_val_to_utf_8(country, gi);
360 case GEOIP_CITY_EDITION_REV0:
361 case GEOIP_CITY_EDITION_REV1:
362 gir = GeoIP_record_by_ipnum(gi, addr);
363 if (gir && gir->city && gir->region) {
364 val = wmem_strdup_printf(NULL, "%s, %s", gir->city, gir->region);
365 ret = db_val_to_utf_8(val, gi);
366 wmem_free(NULL, val);
367 } else if (gir && gir->city) {
368 ret = db_val_to_utf_8(gir->city, gi);
371 GeoIPRecord_delete(gir);
374 case GEOIP_ORG_EDITION:
375 case GEOIP_ISP_EDITION:
376 case GEOIP_ASNUM_EDITION:
377 name = GeoIP_name_by_ipnum(gi, addr);
379 ret = db_val_to_utf_8(name, gi);
384 case WS_LAT_FAKE_EDITION:
389 if(geoip_db_lookup_latlon4(addr, &lat, &lon) == 0) {
390 val = wmem_strdup_printf(NULL, "%f", lat);
391 c = strchr(val, ',');
392 if (c != NULL) *c = '.';
398 case WS_LON_FAKE_EDITION:
403 if(geoip_db_lookup_latlon4(addr, &lat, &lon) == 0) {
404 val = wmem_strdup_printf(NULL, "%f", lon);
405 c = strchr(val, ',');
406 if (c != NULL) *c = '.';
418 if (not_found == NULL)
421 return wmem_strdup(NULL, not_found);
430 #if NUM_DB_TYPES > 31 /* 1.4.7 */
431 geoip_db_lookup_latlon6(geoipv6_t addr, float *lat, float *lon) {
436 for (i = 0; i < geoip_db_num_dbs(); i++) {
437 gi = g_array_index(geoip_dat_arr, GeoIP *, i);
439 switch (gi->databaseType) {
440 case GEOIP_CITY_EDITION_REV0_V6:
441 case GEOIP_CITY_EDITION_REV1_V6:
442 gir = GeoIP_record_by_ipnum_v6(gi, addr);
444 *lat = gir->latitude;
445 *lon = gir->longitude;
458 #else /* NUM_DB_TYPES */
459 geoip_db_lookup_latlon6(geoipv6_t addr _U_, float *lat _U_, float *lon _U_) {
462 #endif /* NUM_DB_TYPES */
465 geoip_db_lookup_ipv6(guint dbnum, ws_in6_addr addr, const char *not_found) {
470 char *val, *ret = NULL;
471 #if NUM_DB_TYPES > 31
474 if (dbnum > geoip_db_num_dbs()) {
475 if (not_found == NULL)
478 return wmem_strdup(NULL, not_found);
481 memcpy(&gaddr, &addr, sizeof(addr));
483 gi = g_array_index(geoip_dat_arr, GeoIP *, dbnum);
485 switch (gi->databaseType) {
486 case GEOIP_COUNTRY_EDITION_V6:
487 country = GeoIP_country_name_by_ipnum_v6(gi, gaddr);
489 ret = db_val_to_utf_8(country, gi);
493 #if NUM_DB_TYPES > 31
494 case GEOIP_CITY_EDITION_REV0_V6:
495 case GEOIP_CITY_EDITION_REV1_V6:
496 gir = GeoIP_record_by_ipnum_v6(gi, gaddr);
497 if (gir && gir->city && gir->region) {
498 val = wmem_strdup_printf(NULL, "%s, %s", gir->city, gir->region);
499 ret = db_val_to_utf_8(val, gi);
500 wmem_free(NULL, val);
501 } else if (gir && gir->city) {
502 ret = db_val_to_utf_8(gir->city, gi);
506 case GEOIP_ORG_EDITION_V6:
507 case GEOIP_ISP_EDITION_V6:
508 case GEOIP_ASNUM_EDITION_V6:
509 name = GeoIP_name_by_ipnum_v6(gi, gaddr);
511 ret = db_val_to_utf_8(name, gi);
515 #endif /* NUM_DB_TYPES */
517 case WS_LAT_FAKE_EDITION:
522 if(geoip_db_lookup_latlon6(gaddr, &lat, &lon) == 0) {
523 val = wmem_strdup_printf(NULL, "%f", lat);
524 c = strchr(val, ',');
525 if (c != NULL) *c = '.';
531 case WS_LON_FAKE_EDITION:
536 if(geoip_db_lookup_latlon6(gaddr, &lat, &lon) == 0) {
537 val = wmem_strdup_printf(NULL, "%f", lon);
538 c = strchr(val, ',');
539 if (c != NULL) *c = '.';
551 if (not_found == NULL)
554 return wmem_strdup(NULL, not_found);
560 #else /* HAVE_GEOIP_V6 */
563 geoip_db_lookup_ipv6(guint dbnum _U_, ws_in6_addr addr _U_, const char *not_found) {
564 if (not_found == NULL)
567 return wmem_strdup(NULL, not_found);
570 #endif /* HAVE_GEOIP_V6 */
573 geoip_db_get_paths(void) {
574 GString* path_str = NULL;
577 path_str = g_string_new("");
579 for (i = 0; geoip_db_system_paths[i].path != NULL; i++) {
580 g_string_append_printf(path_str,
581 "%s" G_SEARCHPATH_SEPARATOR_S, geoip_db_system_paths[i].path);
584 for (i = 0; i < num_geoip_db_paths; i++) {
585 if (geoip_db_paths[i].path) {
586 g_string_append_printf(path_str,
587 "%s" G_SEARCHPATH_SEPARATOR_S, geoip_db_paths[i].path);
591 g_string_truncate(path_str, path_str->len-1);
593 return g_string_free(path_str, FALSE);
596 #else /* HAVE_GEOIP */
598 geoip_db_num_dbs(void) {
603 geoip_db_name(guint dbnum _U_) {
604 return "Unsupported";
608 geoip_db_type(guint dbnum _U_) {
613 geoip_db_lookup_ipv4(guint dbnum _U_, guint32 addr _U_, const char *not_found) {
614 if (not_found == NULL)
617 return (char *)wmem_strdup(NULL, not_found);
621 geoip_db_lookup_ipv6(guint dbnum _U_, guint32 addr _U_, const char *not_found) {
622 if (not_found == NULL)
625 return (char *)wmem_strdup(NULL, not_found);
629 geoip_db_get_paths(void) {
633 #endif /* HAVE_GEOIP */
641 * indent-tabs-mode: nil
644 * ex: set shiftwidth=4 tabstop=8 expandtab:
645 * :indentSize=4:tabSize=8:noTabs=true: