Topic/christian/mmdb configurability

scripts/base/init-bare.zeek

@@ -1107,6 +1107,25 @@ type geo_autonomous_system: record {
 ## The directory containing MaxMind DB (.mmdb) files to use for GeoIP support.
 const mmdb_dir: string = "" &redef;
 
+## Default name of the MaxMind City database file:
+const mmdb_city_db: string = "GeoLite2-City.mmdb" &redef;
+## Default name of the MaxMind Country database file:
+const mmdb_country_db: string = "GeoLite2-Country.mmdb" &redef;
+## Default name of the MaxMind ASN database file:
+const mmdb_asn_db: string = "GeoLite2-ASN.mmdb" &redef;
+
+## Fallback locations for MaxMind databases. Zeek attempts these when
+## :zeek:see:`mmdb_dir` is not set, or it cannot read a DB file from it. For
+## geolocation lookups, Zeek will first attempt to locate the city database in
+## each of the fallback locations, and should this fail, attempt to locate the
+## country one.
+const mmdb_dir_fallbacks: vector of string = vector(
+	"/usr/share/GeoIP",
+	"/var/lib/GeoIP",
+	"/usr/local/share/GeoIP",
+	"/usr/local/var/GeoIP",
+) &redef;
+
 ## Sets the interval for MaxMind DB file staleness checks. When Zeek detects a
 ## change in inode or modification time, the database is re-opened. Setting
 ## a negative interval disables staleness checks.
@@ -2094,6 +2113,7 @@ type gtp_delete_pdp_ctx_response_elements: record {
 @load base/bif/supervisor.bif
 @load base/bif/packet_analysis.bif
 @load base/bif/CPP-load.bif
+@load base/bif/mmdb.bif
 
 ## Internal function.
 function add_interface(iold: string, inew: string): string

src/CMakeLists.txt

@@ -111,27 +111,28 @@ include(BifCl)
 set(SUPERVISOR_SRCS supervisor/Supervisor.cc Pipe.cc)
 
 set(BIF_SRCS
-    zeek.bif
     communityid.bif
-    stats.bif
-    event.bif
     const.bif
-    types.bif
-    strings.bif
-    reporter.bif
+    event.bif
+    mmdb.bif
     option.bif
-    # Note: the supervisor BIF file is treated like other top-level BIFs instead
-    # of contained in its own subdirectory CMake logic because subdirectory BIFs
-    # are treated differently and don't support being called *during* parsing
-    # (e.g. within an @if directive).
-    supervisor/supervisor.bif
+    reporter.bif
+    stats.bif
+    strings.bif
+    types.bif
+    zeek.bif
     # The packet analysis BIF is treated like other top-level BIFs because it's
     # needed before parsing the packet protocol scripts, which happen very near
     # to the start of parsing.
     packet_analysis/packet_analysis.bif
     # The C++ loading BIF is treated like other top-level BIFs to give us
     # flexibility regarding when it's called.
-    script_opt/CPP/CPP-load.bif)
+    script_opt/CPP/CPP-load.bif
+    # Note: the supervisor BIF file is treated like other top-level BIFs instead
+    # of contained in its own subdirectory CMake logic because subdirectory BIFs
+    # are treated differently and don't support being called *during* parsing
+    # (e.g. within an @if directive).
+    supervisor/supervisor.bif)
 
 foreach (bift ${BIF_SRCS})
     bif_target(${bift} "standard")
@@ -328,6 +329,7 @@ set(MAIN_SRCS
     IP.cc
     IPAddr.cc
     List.cc
+    MMDB.cc
     Reporter.cc
     NFA.cc
     NetVar.cc

src/Func.cc

@@ -52,6 +52,7 @@
 #include "supervisor.bif.func_h"
 #include "packet_analysis.bif.func_h"
 #include "CPP-load.bif.func_h"
+#include "mmdb.bif.func_h"
 
 #include "zeek.bif.func_def"
 #include "communityid.bif.func_def"
@@ -62,6 +63,7 @@
 #include "supervisor.bif.func_def"
 #include "packet_analysis.bif.func_def"
 #include "CPP-load.bif.func_def"
+#include "mmdb.bif.func_def"
 // clang-format on
 
 extern RETSIGTYPE sig_handler(int signo);
@@ -1049,6 +1051,7 @@ void init_primary_bifs() {
 
 #include "CPP-load.bif.func_init"
 #include "communityid.bif.func_init"
+#include "mmdb.bif.func_init"
 #include "option.bif.func_init"
 #include "packet_analysis.bif.func_init"
 #include "reporter.bif.func_init"