wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Frank Wayne <frank.wayne@northwestern.edu>
To: StarBrilliant <coder@poorlab.com>,
	"wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: RE: Windows Log Output to Event Viewer or Text File
Date: Thu, 14 Oct 2021 19:40:41 +0000	[thread overview]
Message-ID: <PH0PR05MB7962D9FE88186BD52AE9774699B89@PH0PR05MB7962.namprd05.prod.outlook.com> (raw)
In-Reply-To: <b1b2fc28-fee0-4801-ac42-fcd8d985e837@www.fastmail.com>

> I am not sure if I get Jason's idea: Is current Wireguard driver using a ring buffer of 2,048 messages for logging?

Yes. There is a file (relative to the installation directory) at Data\log.bin. It contains a WORD with "0BADBABE" (base 16, converted to big endian; a signature?), another WORD with something, followed by (in my case) 2050 structures of [a QWORD epoch time (with nanosecond precision) followed by 512 bytes of event text (zero padded)]. When I export the file in the WireGuard UI, it produces a list of 2048 events.

> I am not sure if it has a notify mechanism: Otherwise, the userspace collector will have to poll the logs. Polling too fast consumes power, polling too slow may skip messages.

Hear, hear! Alas, it does not have a notify mechanism.

Frank Wayne

-----Original Message-----
From: WireGuard <wireguard-bounces@lists.zx2c4.com> On Behalf Of StarBrilliant
Sent: Thursday, 14 October, 2021 13:40
To: wireguard@lists.zx2c4.com
Subject: Re: Windows Log Output to Event Viewer or Text File

On Thu, Oct 14, 2021, at 17:41, Frank Wayne wrote:
> On Wed, Oct 13, 2021, at 18:16, Jason A. Donenfeld wrote:
> > Event Logging appears to be rather slow and clunky [...]

In fact, Windows Event Logging has two APIs: ETW and WPP.
The ETW API is, indeed, slow and clunky.
However, the WPP API is very high-performance. The trace function in Windows native TCP stack is implemented with WPP. 

If someone like Frank has the time and ability, they could check this MSDN documentation and try to implement it:
https://urldefense.com/v3/__https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/wpp-software-tracing__;!!Dq0X2DkFhyF93HkjWTBQKhk!CMEOhPSNaRk9va55Sq3P6hrPlsaEZR9cKugdVaKMMSFkQVvmvAwTk-w9efcePl7WnfDRnWcQ$ 
However, I also think this feature is *not* a prioritized task, at least for average users.

I am not sure if I get Jason's idea: Is current Wireguard driver using a ring buffer of 2,048 messages for logging?
I am not sure if it has a notify mechanism: Otherwise, the userspace collector will have to poll the logs. Polling too fast consumes power, polling too slow may skip messages.


Best wishes,
StarBrilliant

  reply	other threads:[~2021-10-14 19:40 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-08 20:50 Windows Log Output to Event Viewer or Text File Frank Wayne
2021-10-08 22:01 ` Jason A. Donenfeld
2021-10-12 21:39   ` Frank Wayne
2021-10-12 21:40     ` Jason A. Donenfeld
2021-10-13 13:29       ` Frank Wayne
2021-10-13 18:16         ` Jason A. Donenfeld
2021-10-14 17:41           ` Frank Wayne
2021-10-14 18:40             ` StarBrilliant
2021-10-14 19:40               ` Frank Wayne [this message]
2021-10-14 19:52               ` Jason A. Donenfeld
2021-10-14 20:02             ` Jason A. Donenfeld
2021-10-14 21:45               ` Frank Wayne
2021-10-14 21:56                 ` Jason A. Donenfeld
2021-10-15 13:25                   ` Frank Wayne
2021-10-26 10:05                     ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PH0PR05MB7962D9FE88186BD52AE9774699B89@PH0PR05MB7962.namprd05.prod.outlook.com \
    --to=frank.wayne@northwestern.edu \
    --cc=coder@poorlab.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).