Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ccfilter(3)			SiLK Tool Suite			   ccfilter(3)

NAME
       ccfilter	- Mapping IPv4 addresses to country codes

SYNOPSIS
	 rwfilter [--scc=COUNTRY_CODES]	[--dcc=COUNTRY_CODES] ...

	 rwcut --fields=scc,dcc	...

	 rwgroup --id-fields=scc,dcc ...

	 rwsort	--fields=scc,dcc ...

	 rwstats --fields=scc,dcc ...

	 rwuniq	--fields=scc,dcc ...

	 rwpmaplookup --country-codes ...

DESCRIPTION
       The country code	mapping	file provides a	mapping	from an	IPv4 address
       to two-letter, lowercase	abbreviation of	the country where that IP
       address is located.  The	mapping	file allows the	country	code value of
       IP addresses on a SiLK Flow record to be	partitioned (rwfilter(1)),
       displayed (rwcut(1)), sorted (rwsort(1)), grouped (rwgroup(1)), and
       counted (rwstats(1) and rwuniq(1)).

       The rwpmaplookup(1) tool, when invoked with the --country-codes switch,
       accepts textual input and prints	the country code for the IPs, which
       provide a way to	print country codes for	the IPs	in SiLK	IPsets or
       bags.

       The abbreviations used by the country code utility are those used by
       the Root-Zone Whois Index (see for example
       <http://www.iana.org/cctld/cctld-whois.htm>) or one of the following
       special codes:

       --  N/A (e.g. private and experimental reserved addresses)

       a1  anonymous proxy

       a2  satellite provider

       o1  other

       The SiLK	tools look for the country code	mapping	file in	a standard
       location	as detailed in the "FILES" section below.  To provide an
       alternate location, specify that	location in the	SILK_COUNTRY_CODES
       environment variable.

       Creating	the Prefix Map (pmap) file that	maps an	IP to its country code
       requires	the GeoIP Country(R) or	free GeoLite database created by
       MaxMind,	available from <http://www.maxmind.com>, as described in the
       "MAPPING	FILE" section below.

OPTIONS
       Country code support makes available two	additional keys	to the
       --fields	switch in the rwcut(1),	rwgroup(1), rwsort(1), rwstats(1), and
       rwuniq(1) tools:

       scc,18
	   Print, sort,	and/or count the flow records by the country code
	   designation of the source IP	address

       dcc,19
	   As scc for the destination address

       In rwfilter(1), the following switches are supported:

       --scc=COUNTRY_CODE_LIST
	   Pass	the record if the country code of its source IP	address	is in
	   the specified COUNTRY_CODE_LIST.

       --dcc=COUNTRY_CODE_LIST
	   As --scc for	the destination	IP address.

MAPPING	FILE
       To map from IP addresses	to country codes you will need to create the
       country_codes.pmap data file and	install	it in the appropriate location
       (see the	"FILES"	section	below),	or specify the path to the file	in the
       SILK_COUNTRY_CODES environment variable.

       The prefix map data file	is based on the	GeoIP Country(R) or free
       GeoLite database	created	by MaxMind and available from
       <http://www.maxmind.com/>.  We do not distribute	the database nor the
       data file, but we provide Perl scripts that will	convert	the GeoIP
       database	to the format that ccfilter.so expects.

       MaxMind distributes multiple versions of	their GeoIP Country database;
       one is a	free evaluation	copy that is "97% accurate".  In addition,
       they sell versions with higher accuracy,	and they offer various
       subscription services.

       The rwgeoip2ccmap(1) program converts the MaxMind GeoIP file to the
       form that the SiLK tools	require.

ENVIRONMENT
       SILK_COUNTRY_CODES
	   This	environment variable allows the	user to	specify	the country
	   code	mapping	file that the SiLK tools use.  The value may be	a
	   complete path or a file relative to SILK_PATH.  If the variable is
	   not specified, the code looks for a file named country_codes.pmap
	   as specified	in the "FILES" section below.

       SILK_PATH
	   This	environment variable gives the root of the install tree.  The
	   SiLK	applications check the directories $SILK_PATH/share/silk and
	   $SILK_PATH/share for	the country code mapping file,
	   country_codes.pmap.

FILES
       The tools will look for the data	file that maps IPs to country codes in
       the following locations.	 ($SILK_COUNTRY_CODES is the value of the
       SILK_COUNTRY_CODES environment variable,	if it is set.  $SILK_PATH is
       value of	the SILK_PATH environment variable, if it is set.  The use of
       /usr/local/ assumes the application is installed	in the /usr/local/bin/
       directory.)

	 $SILK_COUNTRY_CODES
	 $SILK_PATH/share/silk/country_codes.pmap
	 $SILK_PATH/share/country_codes.pmap
	 /usr/local/share/silk/country_codes.pmap
	 /usr/local/share/country_codes.pmap

SEE ALSO
       rwcut(1), rwfilter(1), rwgroup(1), rwsort(1), rwstats(1), rwuniq(1),
       rwgeoip2ccmap(1), rwpmaplookup(1), silk(7)

SiLK 3.15.0			  2017-07-02			   ccfilter(3)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MAPPING FILE | ENVIRONMENT | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ccfilter&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help