Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ccfilter(3)			SiLK Tool Suite			   ccfilter(3)

NAME
       ccfilter	- Mapping IPv4 addresses to country codes

SYNOPSIS
	 rwfilter [--scc=COUNTRY_CODES]	[--dcc=COUNTRY_CODES] ...

	 rwcut --fields=scc,dcc	...

	 rwgroup --id-fields=scc,dcc ...

	 rwsort	--fields=scc,dcc ...

	 rwstats --fields=scc,dcc ...

	 rwuniq	--fields=scc,dcc ...

	 rwpmaplookup --country-codes ...

DESCRIPTION
       The country code	mapping	file provides a	mapping	from an	IPv4 address
       to two-letter, lowercase	abbreviation of	the country where that IP
       address is located.  The	mapping	file allows the	country	code value of
       IP addresses on a SiLK Flow record to be	partitioned (rwfilter(1)),
       displayed (rwcut(1)), sorted (rwsort(1)), grouped (rwgroup(1)), and
       counted (rwstats(1) and rwuniq(1)).

       The rwpmaplookup(1) tool, when invoked with the --country-codes switch,
       accepts textual input and prints	the country code for the IPs, which
       provide a way to	print country codes for	the IPs	in SiLK	IPsets or
       bags.

       The abbreviations used by the country code utility are the two-letter
       codes defined in	ISO 3166 part 1.  For additional information, see
       <https://www.iso.org/iso-3166-country-codes.html> and
       <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2>.  Some IP addresses
       map to one of the following special codes:

       --  N/A (e.g. private and experimental reserved addresses)

       a1  anonymous proxy

       a2  satellite provider

       o1  other

       The SiLK	tools look for the country code	mapping	file in	a standard
       location	as detailed in the "FILES" section below.  To provide an
       alternate location, specify that	location in the	SILK_COUNTRY_CODES
       environment variable.

       Creating	the Prefix Map (pmap) file that	maps an	IP to its country code
       requires	the GeoIP2 Country or free GeoLite2 database created by
       MaxMind,	available from <https://dev.maxmind.com/geoip/>, as described
       in the "MAPPING FILE" section below.

OPTIONS
       Country code support makes available two	additional keys	to the
       --fields	switch in the rwcut(1),	rwgroup(1), rwsort(1), rwstats(1), and
       rwuniq(1) tools:

       scc,18
	   Print, sort,	and/or count the flow records by the country code
	   designation of the source IP	address

       dcc,19
	   As scc for the destination address

       In rwfilter(1), the following switches are supported:

       --scc=COUNTRY_CODE_LIST
	   Pass	the record if the country code of its source IP	address	is in
	   the specified COUNTRY_CODE_LIST.

       --dcc=COUNTRY_CODE_LIST
	   As --scc for	the destination	IP address.

MAPPING	FILE
       To map from IP addresses	to country codes you will need to create the
       country_codes.pmap data file and	install	it in the appropriate location
       (see the	"FILES"	section	below),	or specify the path to the file	in the
       SILK_COUNTRY_CODES environment variable.

       The prefix map data file	is based on the	GeoIP2 Country(R) or free
       GeoLite2	database created by MaxMind and	available from
       <https://dev.maxmind.com/geoip/>.  We do	not distribute the database
       nor the data file, but we provide the rwgeoip2ccmap(1) tool that
       converts	the GeoIP database to the format that ccfilter.so expects.

       MaxMind distributes multiple versions of	their GeoIP Country database;
       one is a	free evaluation	copy.  In addition, they sell versions with
       higher accuracy,	and they offer various subscription services.

ENVIRONMENT
       SILK_COUNTRY_CODES
	   This	environment variable allows the	user to	specify	the country
	   code	mapping	file that the SiLK tools use.  The value may be	a
	   complete path or a file relative to SILK_PATH.  If the variable is
	   not specified, the code looks for a file named country_codes.pmap
	   as specified	in the "FILES" section below.

       SILK_PATH
	   This	environment variable gives the root of the install tree.  The
	   SiLK	applications check the directories $SILK_PATH/share/silk and
	   $SILK_PATH/share for	the country code mapping file,
	   country_codes.pmap.

FILES
       The tools will look for the data	file that maps IPs to country codes in
       the following locations.	 ($SILK_COUNTRY_CODES is the value of the
       SILK_COUNTRY_CODES environment variable,	if it is set.  $SILK_PATH is
       value of	the SILK_PATH environment variable, if it is set.  The use of
       /usr/local/ assumes the application is installed	in the /usr/local/bin/
       directory.)

	 $SILK_COUNTRY_CODES
	 $SILK_PATH/share/silk/country_codes.pmap
	 $SILK_PATH/share/country_codes.pmap
	 /usr/local/share/silk/country_codes.pmap
	 /usr/local/share/country_codes.pmap

SEE ALSO
       rwcut(1), rwfilter(1), rwgroup(1), rwsort(1), rwstats(1), rwuniq(1),
       rwgeoip2ccmap(1), rwpmaplookup(1), silk(7)

SiLK 3.19.1			  2021-02-28			   ccfilter(3)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MAPPING FILE | ENVIRONMENT | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ccfilter&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help