Merge branch 'topic/christian/mmdb-fix'

* topic/christian/mmdb-fix: Move GeoIP availability test in btests to `zeek-config --have-geoip` Fix MMDB::Lookup() to check result status correctly Add btest for succeeding/failing IPv4/IPv6 lookups Add an IPv6 range to the test MMDB DBs
2025-10-02 06:38:20 +00:00 · 2024-01-26 17:13:53 -08:00 · 2024-01-26 17:13:53 -08:00 · 318f8295ea
commit 318f8295ea
parent 5efaae0a7e 173f5e7137
13 changed files with 66 additions and 8 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+6.2.0-dev.481 | 2024-01-26 17:13:53 -0800
+
+  * Move GeoIP availability test in btests to `zeek-config --have-geoip` (Christian Kreibich, Corelight)
+
+  * Fix MMDB::Lookup() to check result status correctly (Christian Kreibich, Corelight)
+
+  * Add btest for succeeding/failing IPv4/IPv6 lookups (Christian Kreibich, Corelight)
+
+  * Add an IPv6 range to the test MMDB DBs (Christian Kreibich, Corelight)
+
 6.2.0-dev.476 | 2024-01-26 15:08:37 -0700

  * Force Windows CI to use OpenSSL 3.1.1 (Tim Wojtulewicz)
--- a/2
+++ b/2
@ -1 +1 @@
-6.2.0-dev.476
+6.2.0-dev.481
--- a/src/MMDB.cc
+++ b/src/MMDB.cc
@ -148,7 +148,7 @@ bool MMDB::Lookup(const zeek::IPAddr& addr, MMDB_lookup_result_s& result) {
        return false;
    }

-    return true;
+    return result.found_entry;
 }

 // Check to see if the Maxmind DB should be closed and reopened.  This will
--- a/testing/btest/Baseline/core.mmdb.lookup/out.db
+++ b/testing/btest/Baseline/core.mmdb.lookup/out.db
@ -0,0 +1,9 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+2607:f140::1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+2607:f140::1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+10.0.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+10.0.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+fc00::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+fc00::1, asn, [number=<uninitialized>, organization=<uninitialized>]
--- a/testing/btest/Baseline/core.mmdb.lookup/out.nodb
+++ b/testing/btest/Baseline/core.mmdb.lookup/out.nodb
@ -0,0 +1,9 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+2607:f140::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+2607:f140::1, asn, [number=<uninitialized>, organization=<uninitialized>]
+10.0.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+10.0.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+fc00::1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+fc00::1, asn, [number=<uninitialized>, organization=<uninitialized>]
--- a/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb
+++ b/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb
--- a/testing/btest/Files/mmdb/GeoLite2-City.mmdb
+++ b/testing/btest/Files/mmdb/GeoLite2-City.mmdb
--- a/testing/btest/Files/mmdb/README
+++ b/testing/btest/Files/mmdb/README
@ -1,9 +1,10 @@
 These .mmdb databases were created with the mmdbwriter from MaxMind [1] for
 testing purposes. See the main.go file. They only contain information about
-LBL's network ranges:
+the following LBL/Berkeley network ranges:

    128.3.0.0/16
    131.243.0.0/16
+    2607:f140::/32

 Rebuild with:

--- a/testing/btest/Files/mmdb/main.go
+++ b/testing/btest/Files/mmdb/main.go
@ -44,12 +44,13 @@ func writeDB(fname, name string, record mmdbtype.Map, nets ...*net.IPNet) {
 func main() {
 	_, net1, _ := net.ParseCIDR("128.3.0.0/16")
 	_, net2, _ := net.ParseCIDR("131.243.0.0/16")
+	_, net3, _ := net.ParseCIDR("2607:f140::/32")

 	// The ASN record.
 	asnRecord := mmdbtype.Map{}
 	asnRecord["autonomous_system_number"] = mmdbtype.Uint32(16)
 	asnRecord["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory")
-	writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2)
+	writeDB("GeoLite2-ASN.mmdb", "My-ASN-DB", asnRecord, net1, net2, net3)

 	// The Location record.
 	locRecord := mmdbtype.Map{
@ -69,5 +70,5 @@ func main() {
 			},
 		},
 	}
-	writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2)
+	writeDB("GeoLite2-City.mmdb", "My-City-DB", locRecord, net1, net2, net3)
 }
--- a/testing/btest/core/mmdb/explicit-open.zeek
+++ b/testing/btest/core/mmdb/explicit-open.zeek
@ -3,7 +3,7 @@
 # Like other MMDB tests, this uses a pcap to use each packet as a driver to
 # touch the DBs involved upon each packet, triggering DB reloads.
 #
-# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
 #
 # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
 # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
--- a/testing/btest/core/mmdb/lookup.zeek
+++ b/testing/btest/core/mmdb/lookup.zeek
@ -0,0 +1,28 @@
+# @TEST-DOC: Test basic DB lookups for success/failure.
+#
+# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
+#
+# @TEST-EXEC: zeek -b %INPUT >out.nodb
+# @TEST-EXEC: btest-diff out.nodb
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: zeek -b %INPUT >out.db
+# @TEST-EXEC: btest-diff out.db
+
+redef mmdb_dir = "./mmdb";
+
+function do_lookups(a: addr)
+	{
+	print a, "location", lookup_location(a);
+	print a, "asn", lookup_autonomous_system(a);
+	}
+
+event zeek_init()
+	{
+	# Succeeding calls:
+	do_lookups(128.3.0.1);
+	do_lookups([2607:f140::1]);
+
+	# Failing ones:
+	do_lookups(10.0.0.1);
+	do_lookups([fc00::1]);
+	}
--- a/testing/btest/core/mmdb/reopen.zeek
+++ b/testing/btest/core/mmdb/reopen.zeek
@ -1,6 +1,6 @@
 # @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database.
 #
-# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
 #
 # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
 # @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
--- a/testing/btest/core/mmdb/temporary-error.zeek
+++ b/testing/btest/core/mmdb/temporary-error.zeek
@ -1,6 +1,6 @@
 # @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases).
 #
-# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+# @TEST-REQUIRES: $BUILD/zeek-config --have-geoip
 # @TEST-REQUIRES: command -v truncate
 #
 # @TEST-EXEC: cp -R $FILES/mmdb ./mmdb