Moving GeoIP Code to Plugin


I've started moving the GeoIP code to a plugin. The branch of Bro I'm working from is here:
The source for the plugin is here:
Any pointers would be appreciated.




Robin Sommer
October 21, 2014, 8:50 PM

I've lost track if there's still a particular problem you're having?

October 23, 2014, 3:19 AM

I am having two issues. The first is how global bro configure options
should affect plugins (e.g. USE_GEOIP in CMakeList.txt). This seems
like a relatively large architectural decision and I have no solution
to this. The second is the following error when I run bro with my
dynamic plugin:

internal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
internal type geo_location missing

Steps to replicate this error:
git clone --recursive
cd bro
git checkout remotes/origin/topic/akasza/geoplugin
./configure --enable-debug && make
make install
cd aux/bro-aux/plugin-support/
git clone
cd Bro_GeoIP/
./configure --bro-dist=%BRO GIT CLONE DIR%
export BRO_PLUGIN_PATH=%BRO GIT CLONE DIR%/aux/bro-aux/plugin-support/Bro_GeoIP
bro -NN


On Tue, Oct 21, 2014 at 1:51 PM, Robin Sommer (JIRA)

Seth Hall
October 23, 2014, 2:59 PM

It looks like you've placed the geo_location type into the GeoIP namespace. You need to make sure when you reference that type from your C code that your include the full namespace which is GeoIP::geo_location. Maybe you could change it to GeoIP::location? Like this...

RecordType* geo_location = internal_type("GeoIP::location")->AsRecordType();

I think you also want to put that type definition into an export section.

Robin Sommer
October 23, 2014, 9:56 PM

I've just pushed a small change to master that's necessary to get this running; there was an ordering issue in terms of how scripts get loaded.

I've tweaked your code a bit more, including the namespacing Seth suggested; patch attached. With that it now works for me:

Seth Hall
September 4, 2015, 6:57 PM

Thanks for working on the plugin!

I think we're going to go in a slightly different direction by implementing the new GeoIP2 API in a plugin and deprecate support for the legacy API and databases. You can track the status of that in ticket BIT-1472. If you would like to take on any of that work, let us know and I'm sure that Daniel would turn that ticket over to you.







External issue ID



Fix versions