Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/christian/mmdb-fix'

Browse source 
* topic/christian/mmdb-fix:
  Move GeoIP availability test in btests to `zeek-config --have-geoip`
  Fix MMDB::Lookup() to check result status correctly
  Add btest for succeeding/failing IPv4/IPv6 lookups
  Add an IPv6 range to the test MMDB DBs
This commit is contained in:
Christian Kreibich 2024-01-26 17:13:53 -08:00
commit 318f8295ea
13 changed files with 66 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
CHANGES
View file

@ -1,3 +1,13 @@
6.2.0-dev.481 | 2024-01-26 17:13:53 -0800
* Move GeoIP availability test in btests to `zeek-config --have-geoip` (Christian Kreibich, Corelight)
* Fix MMDB::Lookup() to check result status correctly (Christian Kreibich, Corelight)
* Add btest for succeeding/failing IPv4/IPv6 lookups (Christian Kreibich, Corelight)
* Add an IPv6 range to the test MMDB DBs (Christian Kreibich, Corelight)
6.2.0-dev.476 | 2024-01-26 15:08:37 -0700 6.2.0-dev.476 | 2024-01-26 15:08:37 -0700
* Force Windows CI to use OpenSSL 3.1.1 (Tim Wojtulewicz) * Force Windows CI to use OpenSSL 3.1.1 (Tim Wojtulewicz)

2
VERSION
View file

@ -1 +1 @@
6.2.0-dev.476 6.2.0-dev.481

2
src/MMDB.cc
View file

@ -148,7 +148,7 @@ bool MMDB::Lookup(const zeek::IPAddr& addr, MMDB_lookup_result_s& result) {
return false; return false;
} }
return true; return result.found_entry;
} }
// Check to see if the Maxmind DB should be closed and reopened. This will // Check to see if the Maxmind DB should be closed and reopened. This will

9
testing/btest/Baseline/core.mmdb.lookup/out.db Normal file
View file

@ -0,0 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
2607:f140::1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
2607:f140::1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
10.0.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
10.0.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
fc00::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
fc00::1, asn, [number=<uninitialized>, organization=<uninitialized>]

9
testing/btest/Baseline/core.mmdb.lookup/out.nodb Normal file
View file

@ -0,0 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
2607:f140::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
2607:f140::1, asn, [number=<uninitialized>, organization=<uninitialized>]
10.0.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
10.0.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
fc00::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
fc00::1, asn, [number=<uninitialized>, organization=<uninitialized>]

BIN
testing/btest/Files/mmdb/GeoLite2-ASN.mmdb
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.8 KiB

After

Width:  |  Height:  |  Size: 3 KiB

Before After
Before After

BIN
testing/btest/Files/mmdb/GeoLite2-City.mmdb
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.9 KiB

After

Width:  |  Height:  |  Size: 3 KiB

Before After
Before After

3
testing/btest/Files/mmdb/README
View file

@ -1,9 +1,10 @@
These .mmdb databases were created with the mmdbwriter from MaxMind [1] for These .mmdb databases were created with the mmdbwriter from MaxMind [1] for
testing purposes. See the main.go file. They only contain information about testing purposes. See the main.go file. They only contain information about
LBL's network ranges: the following LBL/Berkeley network ranges:
128.3.0.0/16 128.3.0.0/16
131.243.0.0/16 131.243.0.0/16
2607:f140::/32
Rebuild with: Rebuild with:

5
testing/btest/Files/mmdb/main.go
View file

@ -44,12 +44,13 @@ func writeDB(fname, name string, record mmdbtype.Map, nets ...*net.IPNet) {
func main() { func main() {
_, net1, _ := net.ParseCIDR("128.3.0.0/16") _, net1, _ := net.ParseCIDR("128.3.0.0/16")
_, net2, _ := net.ParseCIDR("131.243.0.0/16") _, net2, _ := net.ParseCIDR("131.243.0.0/16")
_, net3, _ := net.ParseCIDR("2607:f140::/32")
// The ASN record. // The ASN record.
asnRecord := mmdbtype.Map{} asnRecord := mmdbtype.Map{}
asnRecord["autonomous_system_number"] = mmdbtype.Uint32(16) asnRecord["autonomous_system_number"] = mmdbtype.Uint32(16)
asnRecord["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory") asnRecord["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory")
writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2) writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2, net3)
// The Location record. // The Location record.
locRecord := mmdbtype.Map{ locRecord := mmdbtype.Map{
@ -69,5 +70,5 @@ func main() {
}, },
}, },
} }
writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2) writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2, net3)
} }

2
testing/btest/core/mmdb/explicit-open.zeek
View file

@ -3,7 +3,7 @@
# Like other MMDB tests, this uses a pcap to use each packet as a driver to # Like other MMDB tests, this uses a pcap to use each packet as a driver to
# touch the DBs involved upon each packet, triggering DB reloads. # touch the DBs involved upon each packet, triggering DB reloads.
# #
# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h # @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
# #
# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out

28
testing/btest/core/mmdb/lookup.zeek Normal file
View file

@ -0,0 +1,28 @@
# @TEST-DOC: Test basic DB lookups for success/failure.
#
# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
#
# @TEST-EXEC: zeek -b %INPUT >out.nodb
# @TEST-EXEC: btest-diff out.nodb
# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
# @TEST-EXEC: zeek -b %INPUT >out.db
# @TEST-EXEC: btest-diff out.db
redef mmdb_dir = "./mmdb";
function do_lookups(a: addr)
{
print a, "location", lookup_location(a);
print a, "asn", lookup_autonomous_system(a);
}
event zeek_init()
{
# Succeeding calls:
do_lookups(128.3.0.1);
do_lookups([2607:f140::1]);
# Failing ones:
do_lookups(10.0.0.1);
do_lookups([fc00::1]);
}

2
testing/btest/core/mmdb/reopen.zeek
View file

@ -1,6 +1,6 @@
# @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database. # @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database.
# #
# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h # @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
# #
# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out

2
testing/btest/core/mmdb/temporary-error.zeek
View file

@ -1,6 +1,6 @@
# @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases). # @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases).
# #
# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h # @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
# @TEST-REQUIRES: command -v truncate # @TEST-REQUIRES: command -v truncate
# #
# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb