diff --git a/CHANGES b/CHANGES index cb04c36f96..78e83d8b84 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,13 @@ +6.2.0-dev.481 | 2024-01-26 17:13:53 -0800 + + * Move GeoIP availability test in btests to `zeek-config --have-geoip` (Christian Kreibich, Corelight) + + * Fix MMDB::Lookup() to check result status correctly (Christian Kreibich, Corelight) + + * Add btest for succeeding/failing IPv4/IPv6 lookups (Christian Kreibich, Corelight) + + * Add an IPv6 range to the test MMDB DBs (Christian Kreibich, Corelight) + 6.2.0-dev.476 | 2024-01-26 15:08:37 -0700 * Force Windows CI to use OpenSSL 3.1.1 (Tim Wojtulewicz) diff --git a/VERSION b/VERSION index d62b95a2dc..a81e9ac420 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.2.0-dev.476 +6.2.0-dev.481 diff --git a/src/MMDB.cc b/src/MMDB.cc index 45b6b0052b..617f064d8b 100644 --- a/src/MMDB.cc +++ b/src/MMDB.cc @@ -148,7 +148,7 @@ bool MMDB::Lookup(const zeek::IPAddr& addr, MMDB_lookup_result_s& result) { return false; } - return true; + return result.found_entry; } // Check to see if the Maxmind DB should be closed and reopened. This will diff --git a/testing/btest/Baseline/core.mmdb.lookup/out.db b/testing/btest/Baseline/core.mmdb.lookup/out.db new file mode 100644 index 0000000000..d9fce7f5b6 --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.lookup/out.db @@ -0,0 +1,9 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +2607:f140::1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +2607:f140::1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +10.0.0.1, location, [country_code=, region=, city=, latitude=, longitude=] +10.0.0.1, asn, [number=, organization=] +fc00::1, location, [country_code=, region=, city=, latitude=, longitude=] +fc00::1, asn, [number=, organization=] diff --git a/testing/btest/Baseline/core.mmdb.lookup/out.nodb b/testing/btest/Baseline/core.mmdb.lookup/out.nodb new file mode 100644 index 0000000000..b90a148c49 --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.lookup/out.nodb @@ -0,0 +1,9 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +128.3.0.1, location, [country_code=, region=, city=, latitude=, longitude=] +128.3.0.1, asn, [number=, organization=] +2607:f140::1, location, [country_code=, region=, city=, latitude=, longitude=] +2607:f140::1, asn, [number=, organization=] +10.0.0.1, location, [country_code=, region=, city=, latitude=, longitude=] +10.0.0.1, asn, [number=, organization=] +fc00::1, location, [country_code=, region=, city=, latitude=, longitude=] +fc00::1, asn, [number=, organization=] diff --git a/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb b/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb index 65ade5917e..cd464eaed8 100644 Binary files a/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb and b/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb differ diff --git a/testing/btest/Files/mmdb/GeoLite2-City.mmdb b/testing/btest/Files/mmdb/GeoLite2-City.mmdb index 2f375e3bd6..6878bb697f 100644 Binary files a/testing/btest/Files/mmdb/GeoLite2-City.mmdb and b/testing/btest/Files/mmdb/GeoLite2-City.mmdb differ diff --git a/testing/btest/Files/mmdb/README b/testing/btest/Files/mmdb/README index 269a36c045..640424c852 100644 --- a/testing/btest/Files/mmdb/README +++ b/testing/btest/Files/mmdb/README @@ -1,9 +1,10 @@ These .mmdb databases were created with the mmdbwriter from MaxMind [1] for testing purposes. See the main.go file. They only contain information about -LBL's network ranges: +the following LBL/Berkeley network ranges: 128.3.0.0/16 131.243.0.0/16 + 2607:f140::/32 Rebuild with: diff --git a/testing/btest/Files/mmdb/main.go b/testing/btest/Files/mmdb/main.go index a95d857022..3caa96495a 100644 --- a/testing/btest/Files/mmdb/main.go +++ b/testing/btest/Files/mmdb/main.go @@ -44,12 +44,13 @@ func writeDB(fname, name string, record mmdbtype.Map, nets ...*net.IPNet) { func main() { _, net1, _ := net.ParseCIDR("128.3.0.0/16") _, net2, _ := net.ParseCIDR("131.243.0.0/16") + _, net3, _ := net.ParseCIDR("2607:f140::/32") // The ASN record. asnRecord := mmdbtype.Map{} asnRecord["autonomous_system_number"] = mmdbtype.Uint32(16) asnRecord["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory") - writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2) + writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2, net3) // The Location record. locRecord := mmdbtype.Map{ @@ -69,5 +70,5 @@ func main() { }, }, } - writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2) + writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2, net3) } diff --git a/testing/btest/core/mmdb/explicit-open.zeek b/testing/btest/core/mmdb/explicit-open.zeek index 9b8c6ddebb..8300ef1604 100644 --- a/testing/btest/core/mmdb/explicit-open.zeek +++ b/testing/btest/core/mmdb/explicit-open.zeek @@ -3,7 +3,7 @@ # Like other MMDB tests, this uses a pcap to use each packet as a driver to # touch the DBs involved upon each packet, triggering DB reloads. # -# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h +# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip # # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out diff --git a/testing/btest/core/mmdb/lookup.zeek b/testing/btest/core/mmdb/lookup.zeek new file mode 100644 index 0000000000..de819914a0 --- /dev/null +++ b/testing/btest/core/mmdb/lookup.zeek @@ -0,0 +1,28 @@ +# @TEST-DOC: Test basic DB lookups for success/failure. +# +# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip +# +# @TEST-EXEC: zeek -b %INPUT >out.nodb +# @TEST-EXEC: btest-diff out.nodb +# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb +# @TEST-EXEC: zeek -b %INPUT >out.db +# @TEST-EXEC: btest-diff out.db + +redef mmdb_dir = "./mmdb"; + +function do_lookups(a: addr) + { + print a, "location", lookup_location(a); + print a, "asn", lookup_autonomous_system(a); + } + +event zeek_init() + { + # Succeeding calls: + do_lookups(128.3.0.1); + do_lookups([2607:f140::1]); + + # Failing ones: + do_lookups(10.0.0.1); + do_lookups([fc00::1]); + } diff --git a/testing/btest/core/mmdb/reopen.zeek b/testing/btest/core/mmdb/reopen.zeek index f764097e85..5a11e8e0b1 100644 --- a/testing/btest/core/mmdb/reopen.zeek +++ b/testing/btest/core/mmdb/reopen.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database. # -# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h +# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip # # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out diff --git a/testing/btest/core/mmdb/temporary-error.zeek b/testing/btest/core/mmdb/temporary-error.zeek index 78dea4af2a..6399b50dd9 100644 --- a/testing/btest/core/mmdb/temporary-error.zeek +++ b/testing/btest/core/mmdb/temporary-error.zeek @@ -1,6 +1,6 @@ # @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases). # -# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h +# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip # @TEST-REQUIRES: command -v truncate # # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb