2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <boost/make_shared.hpp>
|
|
|
|
|
|
|
|
|
|
#include <SystemConfiguration/SCNetworkReachability.h>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/status.h>
|
|
|
|
|
#include <osquery/events.h>
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
|
|
|
|
|
enum SCNetworkSubscriptionType {
|
|
|
|
|
ADDRESS_TARGET = 0,
|
|
|
|
|
NAME_TARGET = 1,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct SCNetworkSubscriptionContext : public SubscriptionContext {
|
|
|
|
|
// Target type.
|
|
|
|
|
SCNetworkSubscriptionType type;
|
|
|
|
|
// The hostname or address target for reachability monitoring.
|
|
|
|
|
std::string target;
|
|
|
|
|
short family;
|
|
|
|
|
// Limit this target subscription to the set of flags.
|
|
|
|
|
SCNetworkReachabilityFlags mask;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef std::shared_ptr<SCNetworkSubscriptionContext>
|
2014-10-28 00:37:36 +00:00
|
|
|
SCNetworkSubscriptionContextRef;
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
struct SCNetworkEventContext : public EventContext {
|
|
|
|
|
SCNetworkSubscriptionContextRef subscription;
|
|
|
|
|
SCNetworkReachabilityFlags flags;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef std::shared_ptr<SCNetworkEventContext> SCNetworkEventContextRef;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief An osquery EventPublisher for the Apple SCNetwork Reachability API.
|
|
|
|
|
*
|
|
|
|
|
* This exposes a lightweight network change monitoring capability.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-12-15 08:25:28 +00:00
|
|
|
class SCNetworkEventPublisher
|
|
|
|
|
: public EventPublisher<SCNetworkSubscriptionContext,
|
|
|
|
|
SCNetworkEventContext> {
|
2015-01-30 18:44:25 +00:00
|
|
|
DECLARE_PUBLISHER("scnetwork");
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
void configure();
|
|
|
|
|
void tearDown();
|
|
|
|
|
|
|
|
|
|
// Entrypoint to the run loop
|
|
|
|
|
Status run();
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
/// SCNetwork registers a client callback instead of using a select/poll loop.
|
2014-12-15 18:17:56 +00:00
|
|
|
static void Callback(const SCNetworkReachabilityRef target,
|
2014-10-07 22:16:26 +00:00
|
|
|
SCNetworkReachabilityFlags flags,
|
|
|
|
|
void* info);
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
SCNetworkEventPublisher() : EventPublisher(), run_loop_(nullptr) {}
|
2014-12-15 18:17:56 +00:00
|
|
|
bool shouldFire(const SCNetworkSubscriptionContextRef& sc,
|
2015-02-11 03:18:56 +00:00
|
|
|
const SCNetworkEventContextRef& ec) const;
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
// Restart the run loop by calling configure.
|
|
|
|
|
void restart();
|
|
|
|
|
// Stop the run loop.
|
|
|
|
|
void stop();
|
|
|
|
|
|
|
|
|
|
private:
|
2014-12-15 18:17:56 +00:00
|
|
|
void addHostname(const SCNetworkSubscriptionContextRef& sc);
|
|
|
|
|
void addAddress(const SCNetworkSubscriptionContextRef& sc);
|
|
|
|
|
void addTarget(const SCNetworkSubscriptionContextRef& sc,
|
|
|
|
|
const SCNetworkReachabilityRef& target);
|
2014-10-07 22:16:26 +00:00
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
std::vector<std::string> target_names_;
|
|
|
|
|
std::vector<std::string> target_addresses_;
|
|
|
|
|
std::vector<SCNetworkReachabilityRef> targets_;
|
|
|
|
|
std::vector<SCNetworkReachabilityContext*> contexts_;
|
|
|
|
|
CFRunLoopRef run_loop_;
|
|
|
|
|
};
|
|
|
|
|
}
|
