RPRIVATE
RU32
RPAL_THREAD_FUNC thread_quitAndCleanup
(
RPVOID context
)
{
UNREFERENCED_PARAMETER( context );
if( 0 == rInterlocked_decrement32( &g_hcpContext.isRunning ) )
{
rpal_thread_sleep( MSEC_FROM_SEC( 1 ) );
stopAllModules();
stopBeacons();
if( NULL != g_hcpContext.enrollmentToken &&
0 != g_hcpContext.enrollmentTokenSize )
{
rpal_memory_free( g_hcpContext.enrollmentToken );
}
// If the default crashContext is still present, remove it since
// we are shutting down properly. If it's non-default leave it since
// somehow we may have had a higher order crash we want to keep
// track of but we are still leaving through our normal code path.
if( 1 == getCrashContextSize() )
{
cleanCrashContext();
}
rpal_Context_cleanup();
rpal_Context_deinitialize();
}
else
{
rInterlocked_increment32( &g_hcpContext.isRunning );
}
return 0;
}
RBOOL
hbs_whenCpuBelow
(
RU8 percent,
RTIME timeoutSeconds,
rEvent abortEvent
)
{
RBOOL isCpuIdle = FALSE;
RTIME end = rpal_time_getLocal() + timeoutSeconds;
do
{
if( libOs_getCpuUsage() <= percent )
{
isCpuIdle = TRUE;
break;
}
if( NULL == abortEvent )
{
rpal_thread_sleep( MSEC_FROM_SEC( 1 ) );
}
else
{
if( rEvent_wait( abortEvent, MSEC_FROM_SEC( 1 ) ) )
{
break;
}
}
}
while( end > rpal_time_getLocal() );
return isCpuIdle;
}
static
RPVOID
spotCheckNewProcesses
(
rEvent isTimeToStop,
RPVOID ctx
)
{
RU32 pid = 0;
RTIME timestamp = 0;
RTIME timeToWait = 0;
RTIME now = 0;
rSequence newProcess = NULL;
rList hollowedModules = NULL;
LibOsPerformanceProfile perfProfile = { 0 };
UNREFERENCED_PARAMETER( ctx );
perfProfile.sanityCeiling = _SANITY_CEILING;
perfProfile.lastTimeoutValue = _INITIAL_PROFILED_TIMEOUT;
perfProfile.targetCpuPerformance = 0;
perfProfile.globalTargetCpuPerformance = GLOBAL_CPU_USAGE_TARGET;
perfProfile.enforceOnceIn = 7;
perfProfile.timeoutIncrementPerSec = _PROFILE_INCREMENT;
while( !rEvent_wait( isTimeToStop, 0 ) )
{
if( rQueue_remove( g_newProcessNotifications, &newProcess, NULL, MSEC_FROM_SEC( 5 ) ) )
{
if( rSequence_getRU32( newProcess, RP_TAGS_PROCESS_ID, &pid ) &&
rSequence_getTIMESTAMP( newProcess, RP_TAGS_TIMESTAMP, ×tamp ) )
{
timeToWait = timestamp + _CHECK_SEC_AFTER_PROCESS_CREATION;
now = rpal_time_getGlobalPreciseTime();
if( now < timeToWait )
{
timeToWait = timeToWait - now;
if( _CHECK_SEC_AFTER_PROCESS_CREATION < timeToWait )
{
// Sanity check
timeToWait = _CHECK_SEC_AFTER_PROCESS_CREATION;
}
rpal_thread_sleep( (RU32)timeToWait );
}
if( NULL != ( hollowedModules = _spotCheckProcess( isTimeToStop, pid, &perfProfile ) ) )
{
if( !rSequence_addLIST( newProcess, RP_TAGS_MODULES, hollowedModules ) )
{
rList_free( hollowedModules );
}
else
{
hbs_publish( RP_TAGS_NOTIFICATION_MODULE_MEM_DISK_MISMATCH,
newProcess );
}
}
}
rSequence_free( newProcess );
}
}
return NULL;
}
RBOOL
rMutex_trylock
(
rMutex mutex,
RU32 timeout
)
{
RBOOL isSuccess = FALSE;
if( rpal_memory_isValid( mutex ) )
{
#ifdef RPAL_PLATFORM_WINDOWS
if( WAIT_OBJECT_0 == WaitForSingleObject( ((_rMutex*)mutex)->hMutex, timeout ) )
{
isSuccess = TRUE;
}
#elif defined( RPAL_PLATFORM_LINUX )
struct timespec abs_time;
if( RINFINITE != timeout )
{
clock_gettime( CLOCK_REALTIME, &abs_time );
abs_time.tv_sec += ( timeout / 1000 );
abs_time.tv_nsec += ( ( timeout % 1000 ) * 1000000 );
if( 0 == pthread_mutex_timedlock( &((_rMutex*)mutex)->hMutex, &abs_time ) )
{
isSuccess = TRUE;
}
}
else
{
if( 0 == pthread_mutex_lock( &((_rMutex*)mutex)->hMutex ) )
{
isSuccess = TRUE;
}
}
#elif defined( RPAL_PLATFORM_MACOSX ) || defined( RPAL_PLATFORM_IOS ) || defined( RPAL_PLATFORM_ANDROID )
// These platforms lack the required APIs, there is no real elegant solution
// so we do the best we can, currently a 10ms poll. This looks like OSS, not good.
if( RINFINITE != timeout )
{
RU32 timeStart = rpal_time_getMilliSeconds();
isSuccess = TRUE;
while( EBUSY == pthread_mutex_trylock( &((_rMutex*)mutex)->hMutex) )
{
if( timeout <= (RU32)rpal_time_elapsedMilliSeconds( (RU32)timeStart ) )
{
isSuccess = FALSE;
break;
}
rpal_thread_sleep( 10 );
}
}
else
{
if( 0 == pthread_mutex_lock( &((_rMutex*)mutex)->hMutex ) )
{
isSuccess = TRUE;
}
}
#endif
}
return isSuccess;
}
RPRIVATE
RVOID
dnsUmDiffThread
(
rEvent isTimeToStop
)
{
rSequence notif = NULL;
rBlob snapCur = NULL;
rBlob snapPrev = NULL;
_dnsRecord rec = { 0 };
_dnsRecord* pCurRec = NULL;
RU32 i = 0;
LibOsPerformanceProfile perfProfile = { 0 };
#ifdef RPAL_PLATFORM_WINDOWS
PDNSCACHEENTRY pDnsEntry = NULL;
PDNSCACHEENTRY pPrevDnsEntry = NULL;
#endif
perfProfile.enforceOnceIn = 1;
perfProfile.sanityCeiling = MSEC_FROM_SEC( 10 );
perfProfile.lastTimeoutValue = 100;
perfProfile.targetCpuPerformance = 0;
perfProfile.globalTargetCpuPerformance = GLOBAL_CPU_USAGE_TARGET;
perfProfile.timeoutIncrementPerSec = 1;
while( !rEvent_wait( isTimeToStop, 0 ) )
{
if( kAcq_isAvailable() )
{
// If kernel acquisition becomes available, try kernel again.
return;
}
libOs_timeoutWithProfile( &perfProfile, FALSE, isTimeToStop );
if( NULL != ( snapCur = rpal_blob_create( 0, 10 * sizeof( rec ) ) ) )
{
#ifdef RPAL_PLATFORM_WINDOWS
if( TRUE == getCache( &pDnsEntry ) )
{
while( NULL != pDnsEntry )
{
rec.flags = pDnsEntry->dwFlags;
rec.type = pDnsEntry->wType;
if( NULL != ( rec.name = rpal_string_strdup( pDnsEntry->pszName ) ) )
{
rpal_blob_add( snapCur, &rec, sizeof( rec ) );
}
pPrevDnsEntry = pDnsEntry;
pDnsEntry = pDnsEntry->pNext;
freeCacheEntry( pPrevDnsEntry->pszName, DnsFreeFlat );
freeCacheEntry( pPrevDnsEntry, DnsFreeFlat );
}
rpal_sort_array( rpal_blob_getBuffer( snapCur ),
rpal_blob_getSize( snapCur ) / sizeof( rec ),
sizeof( rec ),
_cmpDns );
}
#elif defined( RPAL_PLATFORM_MACOSX )
rpal_thread_sleep( MSEC_FROM_SEC( 2 ) );
#endif
// Do a general diff of the snapshots to find new entries.
if( NULL != snapPrev )
{
i = 0;
while( !rEvent_wait( isTimeToStop, 0 ) &&
NULL != ( pCurRec = rpal_blob_arrElem( snapCur, sizeof( rec ), i++ ) ) )
{
if( -1 == rpal_binsearch_array( rpal_blob_getBuffer( snapPrev ),
rpal_blob_getSize( snapPrev ) / sizeof( rec ),
sizeof( rec ),
pCurRec,
(rpal_ordering_func)_cmpDns ) )
{
if( NULL != ( notif = rSequence_new() ) )
{
rSequence_addSTRINGN( notif, RP_TAGS_DOMAIN_NAME, pCurRec->name );
rSequence_addRU16( notif, RP_TAGS_DNS_TYPE, pCurRec->type );
rSequence_addRU32( notif, RP_TAGS_DNS_FLAGS, pCurRec->flags );
hbs_timestampEvent( notif, 0 );
hbs_publish( RP_TAGS_NOTIFICATION_DNS_REQUEST, notif );
rSequence_free( notif );
}
}
}
}
}
if( NULL != snapPrev )
{
_freeRecords( snapPrev );
rpal_blob_free( snapPrev );
snapPrev = NULL;
}
snapPrev = snapCur;
snapCur = NULL;
libOs_timeoutWithProfile( &perfProfile, TRUE, isTimeToStop );
}
if( NULL != snapPrev )
{
_freeRecords( snapPrev );
rpal_blob_free( snapPrev );
snapPrev = NULL;
}
}
static
RU32
uninstallService
(
)
{
RWCHAR destPath[] = _WCH( "%SYSTEMROOT%\\system32\\rphcp.exe" );
SC_HANDLE hScm = NULL;
SC_HANDLE hSvc = NULL;
RWCHAR svcName[] = { _SERVICE_NAMEW };
SERVICE_STATUS svcStatus = { 0 };
RU32 nRetries = 10;
rpal_debug_info( "uninstalling service" );
if( NULL != ( hScm = OpenSCManagerA( NULL, NULL, SC_MANAGER_ALL_ACCESS ) ) )
{
if( NULL != ( hSvc = OpenServiceW( hScm, svcName, SERVICE_STOP | SERVICE_QUERY_STATUS | DELETE ) ) )
{
if( ControlService( hSvc, SERVICE_CONTROL_STOP, &svcStatus ) )
{
while( SERVICE_STOPPED != svcStatus.dwCurrentState &&
0 != nRetries )
{
rpal_debug_error( "waiting for service to stop..." );
rpal_thread_sleep( 1000 );
if( !QueryServiceStatus( hSvc, &svcStatus ) )
{
break;
}
nRetries--;
}
if( 0 == nRetries )
{
rpal_debug_error( "timed out waiting for service to stop, moving on..." );
}
else
{
rpal_debug_info( "service stopped" );
}
}
else
{
rpal_debug_error( "could not stop service: %d", GetLastError() );
}
if( DeleteService( hSvc ) )
{
rpal_debug_info( "service deleted" );
}
else
{
rpal_debug_error( "could not delete service: %d", GetLastError() );
}
CloseServiceHandle( hSvc );
}
else
{
rpal_debug_error( "could not open service: %d", GetLastError() );
}
CloseServiceHandle( hScm );
}
else
{
rpal_debug_error( "could not open SCM: %d", GetLastError() );
}
rpal_thread_sleep( MSEC_FROM_SEC( 1 ) );
if( rpal_file_delete( destPath, FALSE ) )
{
rpal_debug_info( "service executable deleted" );
}
else
{
rpal_debug_error( "could not delete service executable: %d", GetLastError() );
}
return GetLastError();
}
static
RPVOID
lookForHiddenModulesIn
(
rEvent isTimeToStop,
RU32 processId
)
{
rList mods = NULL;
rList map = NULL;
rSequence region = NULL;
RU8 memType = 0;
RU8 memProtect = 0;
RU64 memBase = 0;
RU64 memSize = 0;
RPU8 pMem = NULL;
RBOOL isPrefetched = FALSE;
RBOOL isCurrentExec = FALSE;
RBOOL isHidden = FALSE;
rSequence procInfo = NULL;
#ifdef RPAL_PLATFORM_WINDOWS
PIMAGE_DOS_HEADER pDos = NULL;
PIMAGE_NT_HEADERS pNt = NULL;
#endif
if( NULL != ( mods = processLib_getProcessModules( processId ) ) )
{
if( NULL != ( map = processLib_getProcessMemoryMap( processId ) ) )
{
// Now we got all the info needed for a single process, compare
while( rpal_memory_isValid( isTimeToStop ) &&
!rEvent_wait( isTimeToStop, 0 ) &&
( isPrefetched || rList_getSEQUENCE( map, RP_TAGS_MEMORY_REGION, ®ion ) ) )
{
if( isPrefetched )
{
isPrefetched = FALSE;
}
if( rSequence_getRU8( region, RP_TAGS_MEMORY_TYPE, &memType ) &&
rSequence_getRU8( region, RP_TAGS_MEMORY_ACCESS, &memProtect ) &&
rSequence_getPOINTER64( region, RP_TAGS_BASE_ADDRESS, &memBase ) &&
rSequence_getRU64( region, RP_TAGS_MEMORY_SIZE, &memSize ) )
{
if( PROCESSLIB_MEM_TYPE_PRIVATE == memType ||
PROCESSLIB_MEM_TYPE_MAPPED == memType )
{
if( PROCESSLIB_MEM_ACCESS_EXECUTE == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_READ == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_READ_WRITE == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_WRITE_COPY == memProtect )
{
isCurrentExec = TRUE;
}
else
{
isCurrentExec = FALSE;
}
if( !isMemInModule( memBase, memSize, mods ) )
{
// Exec memory found outside of a region marked to belong to
// a module, keep looking in for module.
if( ( 1024 * 1024 * 10 ) >= memSize &&
processLib_getProcessMemory( processId,
NUMBER_TO_PTR( memBase ),
memSize,
(RPVOID*)&pMem ) )
{
isHidden = FALSE;
#ifdef RPAL_PLATFORM_WINDOWS
// Let's just check for MZ and PE for now, we can get fancy later.
pDos = (PIMAGE_DOS_HEADER)pMem;
if( IS_WITHIN_BOUNDS( (RPU8)pMem, sizeof( IMAGE_DOS_HEADER ), pMem, memSize ) &&
IMAGE_DOS_SIGNATURE == pDos->e_magic )
{
pNt = (PIMAGE_NT_HEADERS)( (RPU8)pDos + pDos->e_lfanew );
if( IS_WITHIN_BOUNDS( pNt, sizeof( *pNt ), pMem, memSize ) &&
IMAGE_NT_SIGNATURE == pNt->Signature )
{
if( isCurrentExec )
{
// If the current region is exec, we've got a hidden module.
isHidden = TRUE;
}
else
{
// We need to check if the next section in memory is
// executable and outside of known modules since the PE
// headers may have been marked read-only before the .text.
if( rList_getSEQUENCE( map, RP_TAGS_MEMORY_REGION, ®ion ) )
{
isPrefetched = TRUE;
if( ( PROCESSLIB_MEM_TYPE_PRIVATE == memType ||
PROCESSLIB_MEM_TYPE_MAPPED == memType ) &&
( PROCESSLIB_MEM_ACCESS_EXECUTE == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_READ == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_READ_WRITE == memProtect ||
PROCESSLIB_MEM_ACCESS_EXECUTE_WRITE_COPY == memProtect ) )
{
isHidden = TRUE;
}
}
}
}
}
#elif defined( RPAL_PLATFORM_LINUX ) || defined( RPAL_PLATFORM_MACOSX )
if( isCurrentExec &&
0x7F == ( pMem )[ 0 ] &&
'E' == ( pMem )[ 1 ] &&
'L' == ( pMem )[ 2 ] &&
'F' == ( pMem )[ 3 ] )
{
isHidden = TRUE;
}
#endif
rpal_memory_free( pMem );
if( isHidden &&
!rEvent_wait( isTimeToStop, 0 ) )
{
rpal_debug_info( "found a hidden module in %d.", processId );
if( NULL != ( procInfo = processLib_getProcessInfo( processId ) ) )
{
if( !rSequence_addSEQUENCE( region, RP_TAGS_PROCESS, procInfo ) )
{
rSequence_free( procInfo );
}
}
rSequence_addTIMESTAMP( region, RP_TAGS_TIMESTAMP, rpal_time_getGlobal() );
notifications_publish( RP_TAGS_NOTIFICATION_HIDDEN_MODULE_DETECTED, region );
break;
}
rpal_thread_sleep( 10 );
}
}
}
}
}
rList_free( map );
}
rList_free( mods );
}
return NULL;
}
static
RPVOID
networkDiffThread
(
rEvent isTimeToStop,
RPVOID ctx
)
{
NetLib_Tcp4Table* currentTcp4Table = NULL;
NetLib_Tcp4Table* oldTcp4Table = NULL;
NetLib_UdpTable* currentUdpTable = NULL;
NetLib_UdpTable* oldUdpTable = NULL;
RU32 i = 0;
RU32 j = 0;
RBOOL isFound = FALSE;
rSequence notif = NULL;
rSequence comp = NULL;
RU32 timeout = 100;
RU32 nThLoop = 0;
UNREFERENCED_PARAMETER( ctx );
while( rpal_memory_isValid( isTimeToStop ) &&
!rEvent_wait( isTimeToStop, 0 ) )
{
if( NULL != oldTcp4Table )
{
rpal_memory_free( oldTcp4Table );
oldTcp4Table = NULL;
}
if( NULL != oldUdpTable )
{
rpal_memory_free( oldUdpTable );
oldUdpTable = NULL;
}
// Swap the old snapshot for the (prev) new one
oldTcp4Table = currentTcp4Table;
oldUdpTable = currentUdpTable;
currentTcp4Table = NULL;
currentUdpTable = NULL;
// Generate new tables
currentTcp4Table = NetLib_getTcp4Table();
currentUdpTable = NetLib_getUdpTable();
// Diff TCP snapshots for new entries
if( rpal_memory_isValid( currentTcp4Table ) &&
rpal_memory_isValid( oldTcp4Table ) )
{
for( i = 0; i < currentTcp4Table->nRows; i++ )
{
isFound = FALSE;
if( rEvent_wait( isTimeToStop, 0 ) )
{
break;
}
for( j = 0; j < oldTcp4Table->nRows; j++ )
{
if( isTcpEqual( ¤tTcp4Table->rows[ i ], &oldTcp4Table->rows[ j ] ) )
{
isFound = TRUE;
break;
}
}
if( !isFound )
{
if( NULL != ( notif = rSequence_new() ) )
{
if( rSequence_addRU32( notif,
RP_TAGS_STATE,
currentTcp4Table->rows[ i ].state ) &&
rSequence_addRU32( notif,
RP_TAGS_PROCESS_ID,
currentTcp4Table->rows[ i ].pid ) &&
rSequence_addTIMESTAMP( notif,
RP_TAGS_TIMESTAMP,
rpal_time_getGlobal() ) )
{
if( NULL != ( comp = rSequence_new() ) )
{
// Add the destination components
if( !rSequence_addIPV4( comp,
RP_TAGS_IP_ADDRESS,
currentTcp4Table->rows[ i ].destIp ) ||
!rSequence_addRU16( comp,
RP_TAGS_PORT,
rpal_ntoh16( (RU16)currentTcp4Table->rows[ i ].destPort ) ) ||
!rSequence_addSEQUENCE( notif,
RP_TAGS_DESTINATION,
comp ) )
{
rSequence_free( comp );
comp = NULL;
}
}
if( NULL != ( comp = rSequence_new() ) )
{
// Add the source components
if( !rSequence_addIPV4( comp,
RP_TAGS_IP_ADDRESS,
currentTcp4Table->rows[ i ].sourceIp ) ||
!rSequence_addRU16( comp,
RP_TAGS_PORT,
rpal_ntoh16( (RU16)currentTcp4Table->rows[ i ].sourcePort ) ) ||
!rSequence_addSEQUENCE( notif,
RP_TAGS_SOURCE,
comp ) )
{
rSequence_free( comp );
comp = NULL;
}
}
rpal_debug_info( "new tcp connection: 0x%08X = 0x%08X:0x%04X ---> 0x%08X:0x%04X -- 0x%08X.",
currentTcp4Table->rows[ i ].state,
currentTcp4Table->rows[ i ].sourceIp,
currentTcp4Table->rows[ i ].sourcePort,
currentTcp4Table->rows[ i ].destIp,
currentTcp4Table->rows[ i ].destPort,
currentTcp4Table->rows[ i ].pid );
notifications_publish( RP_TAGS_NOTIFICATION_NEW_TCP4_CONNECTION, notif );
}
rSequence_free( notif );
}
}
}
}
else if( 0 != nThLoop )
{
rpal_debug_warning( "could not get tcp connections table." );
}
// Diff TCP snapshots for new entries
if( NULL != currentUdpTable &&
NULL != oldUdpTable )
{
for( i = 0; i < currentUdpTable->nRows; i++ )
{
isFound = FALSE;
if( rEvent_wait( isTimeToStop, 0 ) )
{
break;
}
for( j = 0; j < oldUdpTable->nRows; j++ )
{
if( isUdpEqual( ¤tUdpTable->rows[ i ], &oldUdpTable->rows[ j ] ) )
{
isFound = TRUE;
break;
}
}
if( !isFound )
{
if( NULL != ( notif = rSequence_new() ) )
{
if( !rSequence_addIPV4( notif,
RP_TAGS_IP_ADDRESS,
currentUdpTable->rows[ i ].localIp ) ||
!rSequence_addRU16( notif,
RP_TAGS_PORT,
rpal_ntoh16( (RU16)currentUdpTable->rows[ i ].localPort ) ) ||
!rSequence_addRU32( notif,
RP_TAGS_PROCESS_ID,
currentUdpTable->rows[ i ].pid ) ||
!rSequence_addTIMESTAMP( notif,
RP_TAGS_TIMESTAMP,
rpal_time_getGlobal() ) )
{
notif = NULL;
}
else
{
rpal_debug_info( "new udp connection: 0x%08X:0x%04X -- 0x%08X.",
currentUdpTable->rows[ i ].localIp,
currentUdpTable->rows[ i ].localPort,
currentUdpTable->rows[ i ].pid );
notifications_publish( RP_TAGS_NOTIFICATION_NEW_UDP4_CONNECTION, notif );
}
rSequence_free( notif );
}
}
}
}
else if( 0 != nThLoop )
{
rpal_debug_warning( "could not get udp connections table." );
}
nThLoop++;
if( 0 == nThLoop % 10 )
{
timeout = libOs_getUsageProportionalTimeout( 1000 ) + 500;
}
rpal_thread_sleep( timeout );
}
rpal_memory_free( currentTcp4Table );
rpal_memory_free( currentUdpTable );
rpal_memory_free( oldTcp4Table );
rpal_memory_free( oldUdpTable );
return NULL;
}
static
RPVOID
dnsDiffThread
(
rEvent isTimeToStop,
RPVOID ctx
)
{
RU32 nThLoop = 0;
RU32 currentTimeout = 0;
rSequence notif = NULL;
rBlob snapCur = NULL;
rBlob snapPrev = NULL;
_dnsRecord rec = { 0 };
_dnsRecord* pCurRec = NULL;
_dnsRecord* pPrevRec = NULL;
RU32 i = 0;
RU32 j = 0;
RBOOL isNew = FALSE;
#ifdef RPAL_PLATFORM_WINDOWS
PDNSCACHEENTRY pDnsEntry = NULL;
PDNSCACHEENTRY pPrevDnsEntry = NULL;
#endif
UNREFERENCED_PARAMETER( ctx );
while( !rEvent_wait( isTimeToStop, currentTimeout ) )
{
if( NULL != ( snapCur = rpal_blob_create( 0, 10 * sizeof( rec ) ) ) )
{
#ifdef RPAL_PLATFORM_WINDOWS
if( TRUE == getCache( &pDnsEntry ) )
{
while( NULL != pDnsEntry )
{
rec.flags = pDnsEntry->dwFlags;
rec.type = pDnsEntry->wType;
if( NULL != ( rec.name = rpal_string_strdupw( pDnsEntry->pszName ) ) )
{
rpal_blob_add( snapCur, &rec, sizeof( rec ) );
}
pPrevDnsEntry = pDnsEntry;
pDnsEntry = pDnsEntry->pNext;
freeCacheEntry( pPrevDnsEntry->pszName, DnsFreeFlat );
freeCacheEntry( pPrevDnsEntry, DnsFreeFlat );
}
}
#endif
// Do a general diff of the snapshots to find new entries.
if( NULL != snapPrev )
{
i = 0;
while( NULL != ( pCurRec = rpal_blob_arrElem( snapCur, sizeof( rec ), i++ ) ) )
{
isNew = TRUE;
j = 0;
while( NULL != ( pPrevRec = rpal_blob_arrElem( snapPrev, sizeof( rec ), j++ ) ) )
{
if( pCurRec->flags == pPrevRec->flags &&
pCurRec->type == pPrevRec->type &&
0 == rpal_string_strcmpw( pCurRec->name, pPrevRec->name ) )
{
isNew = FALSE;
break;
}
}
if( isNew &&
!rEvent_wait( isTimeToStop, 0 ) )
{
if( NULL != ( notif = rSequence_new() ) )
{
rSequence_addSTRINGW( notif, RP_TAGS_DOMAIN_NAME, pCurRec->name );
rSequence_addRU16( notif, RP_TAGS_DNS_TYPE, pCurRec->type );
rSequence_addRU32( notif, RP_TAGS_DNS_FLAGS, pCurRec->flags );
rSequence_addTIMESTAMP( notif, RP_TAGS_TIMESTAMP, rpal_time_getGlobal() );
notifications_publish( RP_TAGS_NOTIFICATION_DNS_REQUEST, notif );
rSequence_free( notif );
}
}
}
}
}
if( NULL != snapPrev )
{
_freeRecords( snapPrev );
rpal_blob_free( snapPrev );
snapPrev = NULL;
}
snapPrev = snapCur;
snapCur = NULL;
nThLoop++;
if( 0 == nThLoop % 20 )
{
currentTimeout = libOs_getUsageProportionalTimeout( MSEC_FROM_SEC( 10 ) ) + MSEC_FROM_SEC( 5 );
}
rpal_thread_sleep( currentTimeout );
}
if( NULL != snapPrev )
{
_freeRecords( snapPrev );
rpal_blob_free( snapPrev );
snapPrev = NULL;
}
return NULL;
}
//=============================================================================
// Base beacon
//=============================================================================
static
RU32
RPAL_THREAD_FUNC thread_beacon
(
RPVOID context
)
{
RU32 status = 0;
rList requests = NULL;
rList responses = NULL;
rIterator ite = NULL;
rpcm_tag tag = 0;
rpcm_type type = 0;
rSequence msg = NULL;
RPU8 crashContext = NULL;
RU32 crashContextSize = 0;
RU8 defaultCrashContext = 1;
UNREFERENCED_PARAMETER( context );
// First let's check if we have a crash context already present
// which would indicate we did not shut down properly
if( !acquireCrashContextPresent( &crashContext, &crashContextSize ) )
{
crashContext = NULL;
crashContextSize = 0;
}
// Set a default crashContext to be removed before exiting
setCrashContext( &defaultCrashContext, sizeof( defaultCrashContext ) );
while( !rEvent_wait( g_hcpContext.isBeaconTimeToStop, 0 ) )
{
if( 0 == g_hcpContext.beaconTimeout )
{
// This is the default timeout to re-establish contact home
g_hcpContext.beaconTimeout = RP_HCP_CONFIG_DEFAULT_BEACON_TIMEOUT_INIT;
requests = assembleRequest( crashContext, crashContextSize );
// If we just sent a crash context, free it so we don't keep sending it
if( NULL != crashContext )
{
rpal_memory_free( crashContext );
crashContext = NULL;
crashContextSize = 0;
}
if( NULL != requests &&
doBeacon( RP_HCP_MODULE_ID_HCP, requests, &responses ) &&
NULL != responses )
{
// This is the default beacon timeout when contact is already established
g_hcpContext.beaconTimeout = RP_HCP_CONFIG_DEFAULT_BEACON_TIMEOUT;
// Go through the response list of messages
if( NULL != ( ite = rIterator_new( responses ) ) )
{
while( rIterator_next( ite, &tag, &type, &msg, NULL ) )
{
// We ignore non-messages for forward compat
if( RP_TAGS_MESSAGE == tag &&
RPCM_SEQUENCE == type )
{
processMessage( msg );
}
}
rIterator_free( ite );
}
}
// Free resources.
IF_VALID_DO( requests, rList_free );
requests = NULL;
IF_VALID_DO( responses, rList_free );
responses = NULL;
}
// Sleep for 1 second, we aproximate beacon times
rpal_thread_sleep( 1 * 1000 );
if( 0 != g_hcpContext.beaconTimeout ){ g_hcpContext.beaconTimeout--; }
}
return status;
}
