Docker Alpine: geoip empty output

[trimstray]

docker run --rm -it --name htrace.sh htrace.sh -u https://nmap.org -h --hide-src-ip

     htrace.sh v1.1.1  (openssl 1.1.1a: not tested)

    URI: https://nmap.org ; Method: GET

    req  time_total   time_connect    local_socket           via              remote_socket         geo   proto   ver   code     next_hop
    ---  ----------   ------------    ------------           ---              -------------         ---   -----   ---   ----     --------
 •   1   1.062680     1.062680        xxx.xxx.xxx.xxx:44328  xxx.xxx.xxx.xxx  45.33.49.119:443            https   1.1   200

[trimstray]

From container:

bash-4.4# geoiplookup 1.1.1.1
bash-4.4#

[trimstray]

@beatak @Niek @d47zm3 : any ideas?

[Niek]

Download https://src.fedoraproject.org/lookaside/pkgs/GeoIP/GeoIP.dat.gz/4bc1e8280fe2db0adc3fe48663b8926e/GeoIP.dat.gz and put it (gunzip-ed) in /usr/local/var/GeoIP.

Unfortunately Maxmind does no longer offer the legacy databases for download that geoiplookup requires.

[beatak]

if you can migrate the code to use mmdblookup instead of geoiplookup, I have a fix for you. mmdblookup returns a json string.

[Niek]

mmdblookup doesn't return valid JSON, but some sort of weird type-annotated JSON format. To get the country ISO code, run it like this:

mmdblookup -f /usr/local/var/GeoIP/GeoLite2-Country.mmdb -i 1.1.1.1 country iso_code | sed -e '/^$/d' -e 's/.*"\(.*\)".*/\1/'

(Requires the libmaxminddb package to be installed)

You can download the mmdb files using the geoipupdate tool.

[trimstray]

Ok, thx.

Sometimes I got:

mmdblookup -f /usr/share/GeoIP/GeoLite2-Country.mmdb -i <ip_addr> country iso_code | sed -e '/^$/d' -e 's/.*"\(.*\)".*/\1/'
Got an error looking up the entry data - The lookup path does not match the data (key that doesn't exist, array index bigger than the array, expected array or map where none exists)

[Niek]

What if you don't supply the country iso_code parameters? Maybe grep it manually from the output.