forked from osquery/osquery
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(Windows) New table: connectivity (osquery#5500)
- Loading branch information
Showing
9 changed files
with
142 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| /** | ||
| * Copyright (c) 2014-present, Facebook, Inc. | ||
| * All rights reserved. | ||
| * | ||
| * This source code is licensed in accordance with the terms specified in | ||
| * the LICENSE file found in the root directory of this source tree. | ||
| */ | ||
|
|
||
| #include <string> | ||
|
|
||
| #include <netlistmgr.h> | ||
| #include <windows.h> | ||
|
|
||
| #include <osquery/core.h> | ||
| #include <osquery/logger.h> | ||
| #include <osquery/tables.h> | ||
|
|
||
| namespace osquery { | ||
| namespace tables { | ||
|
|
||
| QueryData genConnectivity(QueryContext& context) { | ||
| QueryData results; | ||
|
|
||
| INetworkListManager* mgr = nullptr; | ||
| HRESULT res = CoCreateInstance(CLSID_NetworkListManager, | ||
| NULL, | ||
| CLSCTX_ALL, | ||
| IID_INetworkListManager, | ||
| reinterpret_cast<void**>(&mgr)); | ||
|
|
||
| if (res != S_OK) { | ||
| TLOG << "Failed to instantiate INetworkListManager"; | ||
| return results; | ||
| } | ||
|
|
||
| NLM_CONNECTIVITY connectivity; | ||
| res = mgr->GetConnectivity(&connectivity); | ||
|
|
||
| if (res != S_OK) { | ||
| TLOG << "GetConnectivity() failed"; | ||
| mgr->Release(); | ||
| return results; | ||
| } | ||
|
|
||
| Row r; | ||
| r["disconnected"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_DISCONNECTED)); | ||
| r["ipv4_no_traffic"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV4_NOTRAFFIC)); | ||
| r["ipv6_no_traffic"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV6_NOTRAFFIC)); | ||
| r["ipv4_subnet"] = INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV4_SUBNET)); | ||
| r["ipv4_local_network"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV4_LOCALNETWORK)); | ||
| r["ipv4_internet"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV4_INTERNET)); | ||
| r["ipv6_subnet"] = INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV6_SUBNET)); | ||
| r["ipv6_local_network"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV6_LOCALNETWORK)); | ||
| r["ipv6_internet"] = | ||
| INTEGER(bool(connectivity & NLM_CONNECTIVITY_IPV6_INTERNET)); | ||
|
|
||
| mgr->Release(); | ||
| results.push_back(std::move(r)); | ||
| return results; | ||
| } | ||
|
|
||
| } // namespace tables | ||
| } // namespace osquery |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| table_name("connectivity") | ||
| description("Provides the overall system's network state.") | ||
| schema([ | ||
| Column("disconnected", INTEGER, "True if the all interfaces are not connected to any network"), | ||
| Column("ipv4_no_traffic", INTEGER, "True if any interface is connected via IPv4, but has seen no traffic"), | ||
| Column("ipv6_no_traffic", INTEGER, "True if any interface is connected via IPv6, but has seen no traffic"), | ||
| Column("ipv4_subnet", INTEGER, "True if any interface is connected to the local subnet via IPv4"), | ||
| Column("ipv4_local_network", INTEGER, "True if any interface is connected to a routed network via IPv4"), | ||
| Column("ipv4_internet", INTEGER, "True if any interface is connected to the Internet via IPv4"), | ||
| Column("ipv6_subnet", INTEGER, "True if any interface is connected to the local subnet via IPv6"), | ||
| Column("ipv6_local_network", INTEGER, "True if any interface is connected to a routed network via IPv6"), | ||
| Column("ipv6_internet", INTEGER, "True if any interface is connected to the Internet via IPv6"), | ||
| ]) | ||
| implementation("connectivity@genConnectivity") | ||
| examples([ | ||
| "select * from connectivity", | ||
| "select ipv4_internet from connectivity", | ||
| ]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| /** | ||
| * Copyright (c) 2014-present, Facebook, Inc. | ||
| * All rights reserved. | ||
| * | ||
| * This source code is licensed as defined on the LICENSE file found in the | ||
| * root directory of this source tree. | ||
| */ | ||
|
|
||
| // Sanity check integration test for connectivity | ||
| // Spec file: specs/windows/connectivity.table | ||
|
|
||
| #include <osquery/tests/integration/tables/helper.h> | ||
|
|
||
| namespace osquery { | ||
| namespace table_tests { | ||
|
|
||
| class connectivity : public testing::Test { | ||
| protected: | ||
| void SetUp() override { | ||
| setUpEnvironment(); | ||
| } | ||
| }; | ||
|
|
||
| TEST_F(connectivity, test_sanity) { | ||
| auto const data = execute_query("select * from connectivity"); | ||
|
|
||
| ASSERT_EQ(data.size(), 1ul); | ||
|
|
||
| ValidationMap row_map = { | ||
| {"disconnected", IntType}, | ||
| {"ipv4_no_traffic", IntType}, | ||
| {"ipv6_no_traffic", IntType}, | ||
| {"ipv4_subnet", IntType}, | ||
| {"ipv4_local_network", IntType}, | ||
| {"ipv4_internet", IntType}, | ||
| {"ipv6_subnet", IntType}, | ||
| {"ipv6_local_network", IntType}, | ||
| {"ipv6_internet", IntType}, | ||
| }; | ||
|
|
||
| validate_rows(data, row_map); | ||
| } | ||
|
|
||
| } // namespace table_tests | ||
| } // namespace osquery |