Flesh out Auplugin #470
Merged
Flesh out Auplugin #470
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reordered subdirectories so that audisp, auplugin, and audisp/plugins build sequentially. Created a reusable libqueue.la with its own install target and linked it into libdisp.la along with libaucommon.la. Linked libauplugin.la against libqueue.la and libaucommon.la Integrated queue operations in auplugin.c with a local configuration object
Added a new manual page describing the auplugin initialization and event processing functions, including their parameters and behavior.
Extend auplugin_event_feed() so the library can periodically perform timer services itself. The worker thread would use sem_timedwait (requires a new dequeue_timed() helper in audisp/queue.c) to wake every timer_interval seconds. On timeout it would call auparse_feed_age_events() and timer_cb(interval) if provided. This keeps all auparse interactions in the worker thread, avoiding a third thread and potential synchronization issues.
Updated the plugin feed loop to handle ETIMEDOUT after calling the new helper
Replaced the hand-rolled event loop with calls to auplugin_init() and auplugin_event_feed(), greatly simplifying main plugin logic. Modified the SIGTERM handler to invoke auplugin_stop() for orderly shutdowns. Updated the callback to retain the auparse_state_t pointer for metrics reporting.
The filter plugin now initializes libauplugin and processes events through auplugin_event_feed, simplifying the event loop and aging logic. Rule loading is handled inside handle_event, reapplying expressions when a SIGHUP is received. Signal handlers stop the libauplugin feed when child processes exit or on SIGTERM. Build configuration adds the auplugin include path and dependency so the new API is available during compilation.
Documented the new parameters for the feed API, clarifying how the timer interval and callback interact. The default aging behavior is now explained, including how a NULL callback still causes events to be flushed after each timeout.
Included the auplugin header so the statsd plugin can initialize and feed events through the common interface. Added a timer callback to periodically gather and send metrics via auplugin_event_feed. Replaced the manual polling loop in main with auplugin initialization and event processing logic.
Added queue flag definitions and new helper prototypes in audisp/queue.h for persistent queues and metrics retrieval. Extended the queue implementation with disk persistence support and metric functions in audisp/queue.c. Introduced corresponding enums and API functions in auplugin.h including stats callback registration. Implemented the new initialization options and reporting helpers in auplugin.c. Documented usage of AUPLUGIN_Q_* flags and statistics helpers in auplugin.3 and auditd-plugins.5.
Added a new test audisp-test-queue to verify basic queue behavior, persistence, and concurrency handling for the dispatcher queue implementation.
Only honor the signal if it comes from the parent process so that other tasks (cough, systemctl, cough) can't make the plugin exit without the dispatcher in agreement. Otherwise it will restart the plugin.
Introduced a new API function queue_load_file in the dispatcher queue headers for reading pending events from a persistence file Implemented the loader in queue.c and integrated it into the initialization path when Q_IN_FILE is used, restoring in-memory state from disk Updated the destruction logic to truncate the queue file once all events have been processed before closing it
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Auplugin is intended to provide scaffolding most plugins need. It creates a worker thread, takes over main and places a lockless queue in between. This allows plugins to adhere to best practices with minimal effort.
This is still a work in progess, but is functional. Merging now to avoid future conflicts as work lands in master.