feat: add GeoIP location support (#151)

* feat: adding geoip

Author: domcyrus

ARCHITECTURE.md

@@ -356,7 +356,7 @@ netstat     iftop     bandwhich     RustNet     tcpdump     Wireshark
 | **Bandwidth per connection** | Yes | Yes | Yes | Yes | No | No | No |
 | **Connection filtering** | Yes | No | Yes | Yes | No | Yes | Yes (BPF) |
 | **DNS reverse lookup** | Yes | Yes | Yes | Yes | No | No | Yes |
-| **GeoIP lookup** | No | No | Yes | No | No | No | Yes |
+| **GeoIP lookup** | Yes | No | Yes | No | No | No | Yes |
 | **Notifications** | No | No | Yes | No | No | No | No |
 | **i18n (translations)** | No | No | Yes | No | No | No | No |
 | **Cross-platform** | Linux, macOS, Windows, FreeBSD | Linux, macOS | Linux, macOS, Windows | Linux, macOS, BSD | All | Linux | All |

CONTRIBUTING.md

@@ -25,6 +25,7 @@ Before submitting a PR, please ensure:
   ```bash
   cargo clippy --all-targets --all-features -- -D warnings
   ```
+- **No clippy suppression**: Do not use `#[allow(clippy::...)]` to suppress warnings. Fix the underlying issue instead (e.g., reduce arguments, refactor code). If a suppression is truly unavoidable, discuss it in the PR.
 - **Formatting**: Run the formatter
   ```bash
   cargo fmt

Cargo.lock

@@ -41,6 +41,7 @@ ring = "0.17"
 aes = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
+maxminddb = "0.27"
 
 [target.'cfg(target_os = "linux")'.dependencies]
 procfs = "0.18"

Cargo.toml

@@ -15,6 +15,7 @@ This guide covers all installation methods for RustNet across different platform
 - [Using Docker](#using-docker)
 - [Prerequisites](#prerequisites)
 - [Permissions Setup](#permissions-setup)
+- [GeoIP Databases (Optional)](#geoip-databases-optional)
 - [Troubleshooting](#troubleshooting)
 
 ## Installing from Release Packages
@@ -686,6 +687,71 @@ getcap $(which rustnet)
 rustnet --help
 ```
 
+## GeoIP Databases (Optional)
+
+RustNet supports GeoIP lookups to show country codes for remote IPs. To enable this, install the [GeoLite2](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data) databases using MaxMind's `geoipupdate` tool (requires a free [MaxMind account](https://www.maxmind.com/en/geolite2/signup)):
+
+### macOS (Homebrew)
+
+```bash
+brew install geoipupdate
+# Edit the config with your MaxMind account credentials:
+#   $(brew --prefix)/etc/GeoIP.conf
+geoipupdate
+```
+
+Databases are installed to `$(brew --prefix)/share/GeoIP/`.
+
+### Ubuntu/Debian
+
+```bash
+sudo apt-get install geoipupdate
+# Edit /etc/GeoIP.conf with your MaxMind account credentials
+sudo geoipupdate
+```
+
+Databases are installed to `/usr/share/GeoIP/`.
+
+### Fedora/RHEL
+
+```bash
+sudo dnf install geoipupdate
+# Edit /etc/GeoIP.conf with your MaxMind account credentials
+sudo geoipupdate
+```
+
+Databases are installed to `/usr/share/GeoIP/`.
+
+### Arch Linux
+
+```bash
+sudo pacman -S geoipupdate
+# Edit /etc/GeoIP.conf with your MaxMind account credentials
+sudo geoipupdate
+```
+
+Databases are installed to `/usr/share/GeoIP/`.
+
+### FreeBSD
+
+```bash
+pkg install geoipupdate
+# Edit /usr/local/etc/GeoIP.conf with your MaxMind account credentials
+sudo geoipupdate
+```
+
+Databases are installed to `/usr/local/share/GeoIP/`.
+
+### Manual Specification
+
+If your databases are in a non-standard location, specify them directly:
+
+```bash
+rustnet --geoip-country /path/to/GeoLite2-Country.mmdb --geoip-asn /path/to/GeoLite2-ASN.mmdb
+```
+
+RustNet auto-discovers databases from standard locations. Run `rustnet --help` to see the full search path list.
+
 ## Troubleshooting
 
 ### Common Installation Issues

INSTALL.md

@@ -21,6 +21,7 @@ A cross-platform network monitoring tool built with Rust. RustNet provides real-
 - **Smart Connection Lifecycle**: Protocol-aware timeouts with visual staleness indicators (white → yellow → red) before cleanup
 - **Process Identification**: Associate network connections with running processes
 - **Service Name Resolution**: Identify well-known services using port numbers
+- **GeoIP Location**: Show country codes for remote IPs using GeoLite2 databases (auto-discovered or manually specified)
 - **Reverse DNS Lookups**: Resolve IP addresses to hostnames with background async resolution and caching
 - **Cross-platform Support**: Works on Linux, macOS, Windows, and FreeBSD
 - **Advanced Filtering**: Real-time vim/fzf-style filtering with keyword support (`port:`, `src:`, `dst:`, `sni:`, `process:`, `state:`)

README.md

@@ -122,7 +122,7 @@ The experimental eBPF support provides efficient process identification but has
   - Parent process information
 - [ ] **Configuration File**: Support for persistent configuration (filters, UI preferences)
 - [ ] **Connection Alerts**: Notifications for new connections or suspicious activity
-- [ ] **GeoIP Integration**: Maybe add geographical location of remote IPs
+- [x] **GeoIP Integration**: Geographical location of remote IPs
 - [ ] **Protocol Statistics**: Summary view of protocol distribution
 - [ ] **Rate Limiting Detection**: Identify connections with unusual traffic patterns
 

ROADMAP.md

@@ -86,6 +86,10 @@ Options:
   -l, --log-level <LEVEL>                Set the log level (if not provided, no logging will be enabled)
       --json-log <FILE>                  Enable JSON logging of connection events to specified file
       --pcap-export <FILE>               Export captured packets to PCAP file for Wireshark analysis
+      --no-color                         Disable all colors in the UI (also respects NO_COLOR env var)
+      --geoip-country <PATH>             Path to GeoLite2-Country.mmdb (auto-discovered if not specified)
+      --geoip-asn <PATH>                 Path to GeoLite2-ASN.mmdb (auto-discovered if not specified)
+      --no-geoip                         Disable GeoIP lookups entirely
   -f, --bpf-filter <FILTER>              BPF filter expression for packet capture
       --no-sandbox                       Disable Landlock sandboxing (Linux only)
       --sandbox-strict                   Require full sandbox enforcement or exit (Linux only)
@@ -384,6 +388,7 @@ Press `s` to cycle through columns in left-to-right order:
 | **Protocol** | ↑ Ascending | Sort by protocol type (TCP, UDP, ICMP, etc.) |
 | **Local Address** | ↑ Ascending | Sort by local IP:port (useful for multi-interface systems) |
 | **Remote Address** | ↑ Ascending | Sort by remote IP:port |
+| **Location** | ↑ Ascending | Sort by country code (requires GeoIP database) |
 | **State** | ↑ Ascending | Sort by connection state (ESTABLISHED, etc.) |
 | **Service** | ↑ Ascending | Sort by service name or port number |
 | **Application** | ↑ Ascending | Sort by detected application protocol (HTTP, DNS, etc.) |

USAGE.md

@@ -52,6 +52,13 @@ NETWORK PACKET CAPTURE PERMISSIONS:
     process detection. Check the TUI Statistics panel to see which detection
     method is active.
 
+GEOIP (OPTIONAL):
+  To show country codes for remote IPs, install GeoLite2 databases:
+    sudo apt-get install geoipupdate
+  Edit /etc/GeoIP.conf with your free MaxMind credentials, then run:
+    sudo geoipupdate
+  See: https://github.com/domcyrus/rustnet/blob/main/INSTALL.md#geoip-databases-optional
+
 USAGE:
   rustnet              # Start network monitoring
   rustnet --help       # Show all options

debian/postinst

@@ -109,6 +109,13 @@ NETWORK PACKET CAPTURE PERMISSIONS:
   For more information, see the documentation at:
     %{_docdir}/%{name}/README.md
 
+GEOIP (OPTIONAL):
+  To show country codes for remote IPs, install GeoLite2 databases:
+    sudo dnf install geoipupdate
+  Edit /etc/GeoIP.conf with your free MaxMind credentials, then run:
+    sudo geoipupdate
+  See: https://github.com/domcyrus/rustnet/blob/main/INSTALL.md#geoip-databases-optional
+
 USAGE:
   rustnet              # Start network monitoring
   rustnet --help       # Show all options