I've just spent a happy hour debugging the binary of vmtools (where is the source code of this beast??) and found the bug -- vmsvc does not understand the concept of non-matching rules in /proc/net/route, and stops as soon as it finds a non-matching rule (the prohibit rule). A work-around for this logic fault is to change the regular expression to match the "offending" line.
Lines in /proc/net/route are assumed to match this regular expression:
^(\w+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$
The regular expression is incorrect, as shown by the following command:
grep -P '^(\w+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$|$' /proc/net/route --colour
You can find this regular expression with 'strings' and manual inspection:
strings /usr/lib/vmware-tools/plugins64/vmsvc/libguestInfo.so
The following regular expression will work (changing the leading \w to \S -- from word to non-space):
^(\S+)\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{8})\s+([[:xdigit:]]{4})\s+\d+\s+\d+\s+(\d+)\s+([[:xdigit:]]{8})\s+(\d+)\s+\d+\s+(\d+)\s*$
You can hack the change with ... oh wow ... this is horrible ...
sed -i.orig \
's/\^(\\w+)\\s+(\[\[:xdigit:\]\]{8})/^(\\S+)\\s+([[:xdigit:]]{8})/' \
/usr/lib/vmware-tools/plugins64/vmsvc/libguestInfo.so
This should be patched in that source code, preferably to not bomb out on regex misses. Patching the binary like this solves the problem of logging every 30 seconds, but renders vmwaretools out of date.
