void exitNetDev(void)
{
int i;
char monitor[1024];
for (i = 0; i < NetDevCnt; i++) {
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/receiver/data", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/receiver/packets", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/receiver/errors", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/receiver/drops", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/receiver/multicast", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/transmitter/data", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/transmitter/packets", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/transmitter/errors", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/transmitter/multicast", NetDevs[i].name);
removeMonitor(monitor);
snprintf(monitor, sizeof(monitor), "network/interfaces/%s/transmitter/collisions", NetDevs[i].name);
removeMonitor(monitor);
}
}
void
exitApm(void)
{
removeMonitor("apm/batterycharge");
removeMonitor("apm/remainingtime");
close(ApmFD);
}
Status INotifyEventPublisher::run() {
// Get a while wrapper for free.
char buffer[BUFFER_SIZE];
fd_set set;
FD_ZERO(&set);
FD_SET(getHandle(), &set);
struct timeval timeout = {3, 3000};
int selector = ::select(getHandle() + 1, &set, nullptr, nullptr, &timeout);
if (selector == -1) {
LOG(ERROR) << "Could not read inotify handle";
return Status(1, "INotify handle failed");
}
if (selector == 0) {
// Read timeout.
return Status(0, "Continue");
}
ssize_t record_num = ::read(getHandle(), buffer, BUFFER_SIZE);
if (record_num == 0 || record_num == -1) {
return Status(1, "INotify read failed");
}
for (char* p = buffer; p < buffer + record_num;) {
// Cast the inotify struct, make shared pointer, and append to contexts.
auto event = reinterpret_cast<struct inotify_event*>(p);
if (event->mask & IN_Q_OVERFLOW) {
// The inotify queue was overflown (remove all paths).
Status stat = restartMonitoring();
if(!stat.ok()){
return stat;
}
}
if (event->mask & IN_IGNORED) {
// This inotify watch was removed.
removeMonitor(event->wd, false);
} else if (event->mask & IN_MOVE_SELF) {
// This inotify path was moved, but is still watched.
removeMonitor(event->wd, true);
} else if (event->mask & IN_DELETE_SELF) {
// A file was moved to replace the watched path.
removeMonitor(event->wd, false);
} else {
auto ec = createEventContextFrom(event);
if(event->mask & IN_CREATE && isDirectory(ec->path).ok()){
addMonitor(ec->path, 1);
}
fire(ec);
}
// Continue to iterate
p += (sizeof(struct inotify_event)) + event->len;
}
osquery::publisherSleep(kINotifyMLatency);
return Status(0, "Continue");
}
void exitProcessList( void ) {
removeMonitor("ps");
removeMonitor("pscount");
if (!RunAsDaemon)
{
removeCommand("kill");
removeCommand("setpriority");
}
destr_ctnr( ProcessList, free );
}
void exitStat( void ) {
free( DiskLoad );
DiskLoad = 0;
free( SMPLoad );
SMPLoad = 0;
free( OldIntr );
OldIntr = 0;
free( Intr );
Intr = 0;
removeMonitor("cpu/system/user");
removeMonitor("cpu/system/nice");
removeMonitor("cpu/system/sys");
removeMonitor("cpu/system/idle");
/* Todo: Dynamically registered monitors (per cpu, per disk) are not removed yet) */
/* These were registered as legacy monitors */
removeMonitor("cpu/user");
removeMonitor("cpu/nice");
removeMonitor("cpu/sys");
removeMonitor("cpu/idle");
}
void INotifyEventPublisher::removeSubscriptions() {
auto paths = descriptor_paths_;
for (const auto& path : paths) {
removeMonitor(path.first, true);
}
EventPublisherPlugin::removeSubscriptions();
}
Status INotifyEventPublisher::restartMonitoring() {
if (last_restart_ != 0 && getUnixTime() - last_restart_ < 10) {
return Status(1, "Overflow");
}
last_restart_ = getUnixTime();
VLOG(1) << "inotify was overflown, attempting to restart handle";
// Create a copy of the descriptors, then remove each.
auto descriptors = descriptors_;
for (const auto& desc : descriptors) {
removeMonitor(desc, true);
}
{
// Then remove all path/descriptor mappings.
WriteLock lock(mutex_);
path_descriptors_.clear();
descriptor_paths_.clear();
}
// Reconfigure ourself, the subscribers will not reconfigure.
configure();
return Status(0, "OK");
}
bool INotifyEventPublisher::removeMonitor(int watch, bool force) {
if (descriptor_paths_.find(watch) == descriptor_paths_.end()) {
return false;
}
std::string path = descriptor_paths_[watch];
return removeMonitor(path, force);
}
bool INotifyEventPublisher::removeMonitor(int watch, bool force) {
std::string path;
{
WriteLock lock(mutex_);
if (descriptor_paths_.find(watch) == descriptor_paths_.end()) {
return false;
}
path = descriptor_paths_[watch];
}
return removeMonitor(path, force);
}
static void cleanup24DiskList( void ) {
DiskIOInfo* ptr = DiskIO;
DiskIOInfo* last = 0;
while ( ptr ) {
if ( ptr->alive == 0 ) {
DiskIOInfo* newPtr;
char sensorName[ 128 ];
/* Disk device has disappeared. We have to remove it from
* the list and unregister the monitors. */
sprintf( sensorName, "disk/%s_(%d:%d)24/total", ptr->devname, ptr->major, ptr->minor );
removeMonitor( sensorName );
sprintf( sensorName, "disk/%s_(%d:%d)24/rio", ptr->devname, ptr->major, ptr->minor );
removeMonitor( sensorName );
sprintf( sensorName, "disk/%s_(%d:%d)24/wio", ptr->devname, ptr->major, ptr->minor );
removeMonitor( sensorName );
sprintf( sensorName, "disk/%s_(%d:%d)24/rblk", ptr->devname, ptr->major, ptr->minor );
removeMonitor( sensorName );
sprintf( sensorName, "disk/%s_(%d:%d)24/wblk", ptr->devname, ptr->major, ptr->minor );
removeMonitor( sensorName );
if ( last ) {
last->next = ptr->next;
newPtr = ptr->next;
}
else {
DiskIO = ptr->next;
newPtr = DiskIO;
last = 0;
}
free ( ptr );
ptr = newPtr;
}
else {
ptr->alive = 0;
last = ptr;
ptr = ptr->next;
}
}
}
int FileMonitorDelayQ::RemoveMonitor(VPLFS_MonitorHandle handle)
{
MutexAutoLock lock(&m_api_mutex);
if(m_initCount==0) {
return CCD_ERROR_NOT_INIT;
}
int rc = removeMonitor(handle);
if(rc != 0) {
LOG_ERROR("removeMonitor:%d", rc);
}
return rc;
}
Status INotifyEventPublisher::restartMonitoring(){
if (last_restart_ != 0 && getUnixTime() - last_restart_ < 10) {
return Status(1, "Overflow");
}
last_restart_ = getUnixTime();
VLOG(1) << "Got an overflow, trying to restart...";
for(const auto& desc : descriptors_){
removeMonitor(desc, 1);
}
path_descriptors_.clear();
descriptor_paths_.clear();
configure();
return Status(0, "OK");
}
Status INotifyEventPublisher::restartMonitoring() {
if (last_restart_ != 0 && getUnixTime() - last_restart_ < 10) {
return Status(1, "Overflow");
}
last_restart_ = getUnixTime();
VLOG(1) << "inotify was overflown, attempting to restart handle";
for (const auto& desc : descriptors_) {
removeMonitor(desc, true);
}
path_descriptors_.clear();
descriptor_paths_.clear();
configure();
return Status(0, "OK");
}
void exitLoadAvg(void)
{
removeMonitor("cpu/system/loadavg1");
removeMonitor("cpu/system/loadavg5");
removeMonitor("cpu/system/loadavg15");
/* These were registered as legacy monitors */
removeMonitor("cpu/loadavg1");
removeMonitor("cpu/loadavg5");
removeMonitor("cpu/loadavg15");
}
void
exitCpuInfo(void)
{
int id;
char name[SYSCTL_ID_LEN];
removeMonitor("system/processors");
removeMonitor("system/cores");
if (cp_time != NULL) {
removeMonitor("cpu/system/user");
removeMonitor("cpu/system/nice");
removeMonitor("cpu/system/sys");
removeMonitor("cpu/system/TotalLoad");
removeMonitor("cpu/system/intr");
removeMonitor("cpu/system/idle");
/* These were registered as legacy monitors */
removeMonitor("cpu/user");
removeMonitor("cpu/nice");
removeMonitor("cpu/sys");
removeMonitor("cpu/idle");
for (id = 0; id < cores; ++id) {
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/user", id);
removeMonitor(name);
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/nice", id);
removeMonitor(name);
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/sys", id);
removeMonitor(name);
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/TotalLoad", id);
removeMonitor(name);
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/intr", id);
removeMonitor(name);
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/idle", id);
removeMonitor(name);
if (freq != NULL && freq[id][0] != -1) {
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/clock", id);
removeMonitor(name);
}
if (temp != NULL && temp[id] != -1) {
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/temperature", id);
removeMonitor(name);
}
}
free(cp_time);
cp_time = NULL;
}
if (freq != NULL) {
removeMonitor("cpu/system/AverageClock");
for (id = 0; id < cores; ++id)
if (freq[id][0] != -1) {
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/clock", id);
removeMonitor(name);
}
free(freq);
freq = NULL;
}
if (temp != NULL) {
removeMonitor("cpu/system/AverageTemperature");
for (id = 0; id < cores; ++id)
if (temp[id] != -1) {
snprintf(name, SYSCTL_ID_LEN, "cpu/cpu%d/temperature", id);
removeMonitor(name);
}
free(temp);
temp = NULL;
}
}
