Status EventFactory::deregisterEventPublisher(EventPublisherID& type_id) {
auto& ef = EventFactory::getInstance();
EventPublisherRef publisher;
try {
publisher = ef.getEventPublisher(type_id);
} catch (std::out_of_range& e) {
return Status(1, "No event publisher to deregister");
}
if (!FLAGS_disable_events) {
publisher->isEnding(true);
if (!publisher->hasStarted()) {
// If a publisher's run loop was not started, call tearDown since
// the setUp happened at publisher registration time.
publisher->tearDown();
// If the run loop did run the tear down and erase will happen in the
// event
// thread wrapper when isEnding is next checked.
ef.event_pubs_.erase(type_id);
} else {
publisher->end();
}
}
return Status(0, "OK");
}
size_t EventFactory::numSubscriptions(EventPublisherID& type_id) {
EventPublisherRef publisher;
try {
publisher = EventFactory::getInstance().getEventPublisher(type_id);
} catch (std::out_of_range& e) {
return 0;
}
return publisher->numSubscriptions();
}
Status EventFactory::addSubscription(EventPublisherID& type_id,
const SubscriptionRef& subscription) {
EventPublisherRef publisher = getInstance().getEventPublisher(type_id);
if (publisher == nullptr) {
return Status(1, "Unknown event publisher");
}
// The event factory is responsible for configuring the event types.
return publisher->addSubscription(subscription);
}
Status EventFactory::addSubscription(EventPublisherID& type_id,
const SubscriptionRef& subscription) {
EventPublisherRef publisher;
try {
publisher = getInstance().getEventPublisher(type_id);
} catch (std::out_of_range& e) {
return Status(1, "No event type found");
}
// The event factory is responsible for configuring the event types.
auto status = publisher->addSubscription(subscription);
publisher->configure();
return status;
}
Status EventFactory::deregisterEventPublisher(EventPublisherID& type_id) {
auto& ef = EventFactory::getInstance();
EventPublisherRef publisher;
try {
publisher = ef.getEventPublisher(type_id);
} catch (std::out_of_range& e) {
return Status(1, "No event publisher to deregister");
}
publisher->isEnding(true);
if (!publisher->hasStarted()) {
// If a publisher's run loop was not started, call tearDown since
// the setUp happened at publisher registration time.
publisher->tearDown();
}
ef.event_pubs_.erase(type_id);
return Status(0, "OK");
}
Status EventFactory::run(EventPublisherID& type_id) {
if (FLAGS_disable_events) {
return Status(0, "Events disabled");
}
// An interesting take on an event dispatched entrypoint.
// There is little introspection into the event type.
// Assume it can either make use of an entrypoint poller/selector or
// take care of async callback registrations in setUp/configure/run
// only once and handle event queuing/firing in callbacks.
EventPublisherRef publisher = nullptr;
{
auto& ef = EventFactory::getInstance();
WriteLock lock(getInstance().factory_lock_);
publisher = ef.getEventPublisher(type_id);
}
if (publisher == nullptr) {
return Status(1, "Event publisher is missing");
} else if (publisher->hasStarted()) {
return Status(1, "Cannot restart an event publisher");
}
VLOG(1) << "Starting event publisher run loop: " + type_id;
publisher->hasStarted(true);
auto status = Status(0, "OK");
while (!publisher->isEnding()) {
// Can optionally implement a global cooloff latency here.
status = publisher->run();
if (!status.ok()) {
break;
}
publisher->restart_count_++;
// This is a 'default' cool-off implemented in InterruptableRunnable.
// If a publisher fails to perform some sort of interruption point, this
// prevents the thread from thrashing through exiting checks.
publisher->pause();
}
if (!status.ok()) {
// The runloop status is not reflective of the event type's.
VLOG(1) << "Event publisher " << publisher->type()
<< " run loop terminated for reason: " << status.getMessage();
// Publishers auto tear down when their run loop stops.
}
publisher->tearDown();
// Do not remove the publisher from the event factory.
// If the event factory's `end` method was called these publishers will be
// cleaned up after their thread context is removed; otherwise, a removed
// thread context and failed publisher will remain available for stats.
return Status(0, "OK");
}
Status EventFactory::run(EventPublisherID& type_id) {
// An interesting take on an event dispatched entrypoint.
// There is little introspection into the event type.
// Assume it can either make use of an entrypoint poller/selector or
// take care of async callback registrations in setUp/configure/run
// only once and handle event queueing/firing in callbacks.
EventPublisherRef publisher;
try {
publisher = EventFactory::getInstance().getEventPublisher(type_id);
} catch (std::out_of_range& e) {
return Status(1, "No event type found");
}
VLOG(1) << "Starting event publisher runloop: " + type_id;
publisher->hasStarted(true);
auto status = Status(0, "OK");
while (!publisher->isEnding() && status.ok()) {
// Can optionally implement a global cooloff latency here.
status = publisher->run();
osquery::publisherSleep(EVENTS_COOLOFF);
}
// The runloop status is not reflective of the event type's.
publisher->tearDown();
VLOG(1) << "Event publisher " << publisher->type()
<< " runloop terminated for reason: " << status.getMessage();
return Status(0, "OK");
}
Status EventFactory::run(EventPublisherID& type_id) {
auto& ef = EventFactory::getInstance();
if (FLAGS_disable_events) {
return Status(0, "Events disabled");
}
// An interesting take on an event dispatched entrypoint.
// There is little introspection into the event type.
// Assume it can either make use of an entrypoint poller/selector or
// take care of async callback registrations in setUp/configure/run
// only once and handle event queuing/firing in callbacks.
EventPublisherRef publisher = ef.getEventPublisher(type_id);
if (publisher == nullptr) {
return Status(1, "Event publisher is missing");
} else if (publisher->hasStarted()) {
return Status(1, "Cannot restart an event publisher");
}
VLOG(1) << "Starting event publisher run loop: " + type_id;
publisher->hasStarted(true);
auto status = Status(0, "OK");
while (!publisher->isEnding() && status.ok()) {
// Can optionally implement a global cooloff latency here.
status = publisher->run();
publisher->restart_count_++;
osquery::publisherSleep(EVENTS_COOLOFF);
}
// The runloop status is not reflective of the event type's.
VLOG(1) << "Event publisher " << publisher->type()
<< " run loop terminated for reason: " << status.getMessage();
// Publishers auto tear down when their run loop stops.
publisher->tearDown();
// Do not remove the publisher from the event factory.
// If the event factory's `end` method was called these publishers will be
// cleaned up after their thread context is removed; otherwise, a removed
// thread context and failed publisher will remain available for stats.
// ef.event_pubs_.erase(type_id);
return Status(0, "OK");
}
Status EventFactory::deregisterEventPublisher(const EventPublisherRef& pub) {
return EventFactory::deregisterEventPublisher(pub->type());
}
