search

oschwald / maxminddb-golang

MaxMind DB Reader for Go
ISC License
576 stars 99 forks source link

Odd results with IPv4 networks with AnonymousIP dataset #47

Closed nferch closed 5 years ago

nferch commented 5 years ago

Seeing some odd results when trying to read all IPv4 subnets from the GeoIP2-Anonymous-IP.mmdb file:

       db, err := maxminddb.Open("/usr/share/GeoIP2/GeoIP2-Anonymous-IP.mmdb")
        if err != nil {
                log.Fatal(err)
        }
        defer db.Close()

        record := geoip2.AnonymousIP{}

        networks := db.Networks()
        for networks.Next() {
                subnet, err := networks.Network(&record)
                if err != nil {
                        log.Fatal(err)
                }
                if subnet.IP.To4() != nil {
                        fmt.Printf("%s: Anonymous:%v Tor:%v\n", subnet, record.IsAnonymous, record.IsTorExitNode)
                }
        }

go run...| grep 1.169.30.6/32 1.169.30.6/32: Anonymous:true Tor:true

I also note that I get 1311159 results when there's 1354761 total in the file.

I get different (expected?) results with geoip2-golang and mmdblookup

       db, err := geoip2.Open("/usr/share/GeoIP2/GeoIP2-Anonymous-IP.mmdb")
        if err != nil {
                log.Fatal(err)
        }
        defer db.Close()
        ip := net.ParseIP(os.Args[1])
        record, err := db.AnonymousIP(ip)
        if err != nil {
                log.Fatal(err)
        }
        fmt.Printf("record is %#v\n", record)
>go run anontest.go 1.169.30.6
record is &geoip2.AnonymousIP{IsAnonymous:false, IsAnonymousVPN:false, IsHostingProvider:false, IsPublicProxy:false, IsTorExitNode:false}
>mmdblookup -f /usr/share/GeoIP2/GeoIP2-Anonymous-IP.mmdb --ip 1.169.30.6

  {
  }
oschwald commented 5 years ago

Try moving the declaration of record into the loop. If a value is not present in the database, it won't modify it in the struct. Given that the database has an empty map there, you are seeing a value set by a previous call to networks.Networks.

nferch commented 5 years ago

Yep, that was it. I had assumed Networks() would only contain networks present in the database, but that's not the case. Or does the database actually contain entries for the entire IP space? Guess I should have RTFS.

In either case, thanks so much!

oschwald commented 5 years ago

I believe the anonymous IP database contains an empty map for public networks that aren't marked as anonymous.