archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/homenet/fwlogger/fwlogger.cpp

839 lines
18 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. FwLogger.cpp
  9. Abstract:
  11. Simple console logger for the personal firewall.
  13. Author:
  15. Jonathan Burstein (jonburs) 12-April-2000
  17. Revision History:
  19. --*/
  21. #include "precomp.h"
  22. #pragma hdrstop
  24. //
  25. // Name of the event trace session
  26. //
  28. _TCHAR cszLogSession[] = _T("FirewallLogSession");
  30. //
  31. // Event counters
  32. //
  34. LONG g_lDropped = 0;
  35. LONG g_lCCreated = 0;
  36. LONG g_lCDeleted = 0;
  38. //
  39. // GUIDs corresponding to the firewall trace events
  40. //
  42. GUID ConnectionCreationEventGuid = MSIPNAT_ConnectionCreationEventGuid;
  43. GUID ConnectionDeletionEventGuid = MSIPNAT_ConnectionDeletionEventGuid;
  44. GUID PacketDroppedEventGuid = MSIPNAT_PacketDroppedEventGuid;
  46. //
  47. // Event to signal for shutdown
  48. //
  50. HANDLE g_hShutdownEvent;
  52. //
  53. // Function prototypes
  54. //
  56. VOID
  57. CALLBACK
  58. ConnectionCreationCallback(
  59. PEVENT_TRACE pEvent
  60. );
  62. VOID
  63. CALLBACK
  64. ConnectionDeletionCallback(
  65. PEVENT_TRACE pEvent
  66. );
  68. BOOL
  69. WINAPI
  70. ControlHandler(
  71. DWORD dwCtrlType
  72. );
  74. VOID
  75. CALLBACK
  76. PacketDroppedCallback(
  77. PEVENT_TRACE pEvent
  78. );
  80. UINT
  81. WINAPI
  82. ProcessTraceRoutine(
  83. PVOID pvThreadParam
  84. );
  87. int
  88. __cdecl
  89. main(
  90. int argc,
  91. _TCHAR **argv
  92. )
  94. /*++
  96. Routine Description:
  98. Program entry point. Starts the logging session and launches the
  99. processing thread.
  101. Arguments:
  103. argc -- count of command line arguments.
  105. argv -- command line arguments
  107. Return Value:
  109. Error code.
  111. --*/
  113. {
  114. TRACEHANDLE hSession;
  115. HANDLE hThread;
  116. HANDLE rghWaitHandles[2];
  117. PEVENT_TRACE_PROPERTIES pProperties;
  118. ULONG ulError;
  119. ULONG ulSize;
  120. UINT uiThreadId;
  121. BOOL fWaitForThread = FALSE;
  123. //
  124. // Create the event used to signal that the program should exit
  125. //
  127. g_hShutdownEvent = CreateEvent( NULL, FALSE, FALSE, NULL );
  128. if( NULL == g_hShutdownEvent )
  129. {
  130. _tprintf( _T("FwLogger: CreateEvent returned NULL (%08x)\n"),
  131. GetLastError() );
  132. return -1;
  133. }
  135. //
  136. // Set our control handler. The handler will signal the shutdown event;
  137. //
  139. if( !SetConsoleCtrlHandler( ControlHandler, TRUE ))
  140. {
  141. _tprintf( _T("FwLogger: SetConsoleCtrlHandler failed (%08x)\n"),
  142. GetLastError() );
  143. CloseHandle( g_hShutdownEvent );
  144. return -1;
  145. }
  147. //
  148. // Initialize our trace properties and start the tracing session.
  149. //
  151. ulSize = sizeof(*pProperties)
  152. + (_tcslen( cszLogSession ) + 1) * sizeof(_TCHAR);
  154. pProperties = (PEVENT_TRACE_PROPERTIES) HeapAlloc(
  155. GetProcessHeap(),
  156. HEAP_ZERO_MEMORY,
  157. ulSize
  158. );
  159. if( NULL == pProperties )
  160. {
  161. _tprintf( _T("FwLogger: allocation failed\n" ));
  162. CloseHandle( g_hShutdownEvent );
  163. return -1;
  164. }
  166. pProperties->Wnode.BufferSize = ulSize;
  167. pProperties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
  168. pProperties->LogFileMode = EVENT_TRACE_REAL_TIME_MODE;
  169. pProperties->FlushTimer = 1;
  170. pProperties->BufferSize = 4;
  171. ulError = StartTrace( &hSession, cszLogSession, pProperties );
  172. if( ERROR_SUCCESS != ulError )
  173. {
  174. _tprintf( _T("FwLogger: StartTrace returned 0x%08x\n"), ulError );
  175. CloseHandle( g_hShutdownEvent );
  176. HeapFree( GetProcessHeap(), 0, pProperties );
  177. return -1;
  178. }
  180. //
  181. // Enable the trace control guids
  182. //
  184. ulError = EnableTrace(
  185. TRUE,
  186. 0,
  187. 0,
  188. &PacketDroppedEventGuid,
  189. hSession
  190. );
  192. if( ERROR_SUCCESS != ulError )
  193. {
  194. _tprintf( _T("FwLogger: EnableTrace (PacketDropped) returned 0x%08x\n"),
  195. ulError );
  196. goto StopTrace;
  197. }
  199. ulError = EnableTrace(
  200. TRUE,
  201. 0,
  202. 0,
  203. &ConnectionCreationEventGuid,
  204. hSession
  205. );
  207. if( ERROR_SUCCESS != ulError )
  208. {
  209. _tprintf( _T("FwLogger: EnableTrace (ConnectionCreation) returned 0x%08x\n"),
  210. ulError );
  211. goto StopTrace;
  212. }
  215. //
  216. // Launch a thread to process the trace data. This needs to happen in a
  217. // separate thread as ProcessTrace blocks.
  218. //
  220. hThread = (HANDLE) _beginthreadex(
  221. NULL,
  222. 0,
  223. ProcessTraceRoutine,
  224. NULL,
  225. 0,
  226. &uiThreadId
  227. );
  229. if( NULL == hThread )
  230. {
  231. _tprintf( _T("FwLogger: Unable to create thread (0x%08x)\n"),
  232. GetLastError() );
  233. goto StopTrace;
  234. }
  236. //
  237. // Wait for the shutdown event to be signalled, or for our
  238. // thread to exit.
  239. //
  241. rghWaitHandles[0] = g_hShutdownEvent;
  242. rghWaitHandles[1] = hThread;
  244. ulError = WaitForMultipleObjects( 2, rghWaitHandles, FALSE, INFINITE );
  245. if( WAIT_OBJECT_0 == ulError )
  246. {
  247. //
  248. // User wants program to finish. After we shutdownt the trace session,
  249. // we'll need to wait for the processing thread to cleanup and exit.
  250. //
  252. fWaitForThread = TRUE;
  253. _tprintf( _T("FwLogger: Shutdown event signaled\n") );
  254. }
  255. else if( WAIT_OBJECT_0 + 1 == ulError )
  256. {
  257. //
  258. // Thread exited early, due to some problem...
  259. //
  261. _tprintf( _T("FwLogger: Trace process thread finished early.\n") );
  262. }
  264. StopTrace:
  266. //
  267. // Disable the events we previously enabled
  268. //
  270. ulError = EnableTrace(
  271. FALSE,
  272. 0,
  273. 0,
  274. &PacketDroppedEventGuid,
  275. hSession
  276. );
  278. if( ERROR_SUCCESS != ulError )
  279. {
  280. _tprintf( _T("FwLogger: EnableTrace (PacketDropped - FALSE) returned 0x%08x\n"),
  281. ulError );
  282. }
  284. ulError = EnableTrace(
  285. FALSE,
  286. 0,
  287. 0,
  288. &ConnectionCreationEventGuid,
  289. hSession
  290. );
  292. if( ERROR_SUCCESS != ulError )
  293. {
  294. _tprintf( _T("FwLogger: EnableTrace (ConnectionCreation - FALSE) returned 0x%08x\n"),
  295. ulError );
  296. }
  298. //
  299. // Stop the trace
  300. //
  302. ZeroMemory( pProperties, ulSize );
  303. pProperties->Wnode.BufferSize = ulSize;
  304. ulError = StopTrace( hSession, NULL, pProperties );
  305. if( ERROR_SUCCESS != ulError )
  306. {
  307. _tprintf( _T("FwLogger: StopTrace returned 0x%08x\n"), ulError );
  308. }
  309. else
  310. {
  311. _tprintf( _T("FwLogger: Trace stopped\n\n") );
  313. //
  314. // Print out statistics
  315. //
  317. _tprintf( _T("**Packets dropped: %i\n"), g_lDropped );
  318. _tprintf( _T("**Connections created: %i\n"), g_lCCreated );
  319. _tprintf( _T("**Connections deleted: %i\n"), g_lCDeleted );
  320. _tprintf( _T("**Events lost: %u\n"), pProperties->EventsLost );
  321. _tprintf( _T("**Buffers lost: %u\n"), pProperties->LogBuffersLost );
  322. _tprintf( _T("**Realtime buffers lost: %u\n\n"),
  323. pProperties->RealTimeBuffersLost );
  324. }
  328. //
  329. // Give processing thread 15 seconds to finish
  330. //
  332. if( fWaitForThread )
  333. {
  334. _tprintf( _T("FwLogger: Waiting for thread to exit...\n") );
  335. ulError = WaitForSingleObject( hThread, 15 * 1000 );
  336. if( WAIT_OBJECT_0 != ulError )
  337. {
  338. _tprintf( _T("FwLogger: Wait failed (timeout = %s)\n"),
  339. WAIT_TIMEOUT == ulError ? _T("true") : _T("false") );
  340. }
  341. }
  343. CloseHandle( g_hShutdownEvent );
  344. CloseHandle( hThread );
  345. HeapFree( GetProcessHeap(), 0, pProperties );
  346. return 0;
  347. }
  350. VOID
  351. CALLBACK
  352. ConnectionCreationCallback(
  353. PEVENT_TRACE pEvent
  354. )
  356. /*++
  358. Routine Description:
  360. Called when a ConnectionCreationEvent occurs.
  362. Arguments:
  364. pEvent -- pointer to the event trace structure
  366. Return Value:
  368. None.
  370. --*/
  372. {
  373. FILETIME ftUtcTime;
  374. FILETIME ftLocalTime;
  375. SYSTEMTIME stLocalTime;
  376. PMSIPNAT_ConnectionCreationEvent pEventData;
  377. struct in_addr inAddr;
  379. InterlockedIncrement( &g_lCCreated );
  380. pEventData = (PMSIPNAT_ConnectionCreationEvent) pEvent->MofData;
  382. //
  383. // Convert the event timestamp to local systemtime structure
  384. //
  386. ftUtcTime.dwLowDateTime = pEvent->Header.TimeStamp.LowPart;
  387. ftUtcTime.dwHighDateTime = pEvent->Header.TimeStamp.HighPart;
  388. if( !FileTimeToLocalFileTime( &ftUtcTime, &ftLocalTime )
  389. || !FileTimeToSystemTime( &ftLocalTime, &stLocalTime ))
  390. {
  391. //
  392. // Conversion failed -- use zero time
  393. //
  394. ZeroMemory( &stLocalTime, sizeof( SYSTEMTIME ));
  395. }
  397. //
  398. // Print timestamp (yyyy/mm/dd hh:mm:ss)
  399. //
  401. _tprintf(
  402. _T("%i/%02i/%02i %02i:%02i:%02i ++"),
  403. stLocalTime.wYear,
  404. stLocalTime.wMonth,
  405. stLocalTime.wDay,
  406. stLocalTime.wHour,
  407. stLocalTime.wMinute,
  408. stLocalTime.wSecond
  409. );
  411. //
  412. // Connection details.
  413. //
  415. if( NAT_PROTOCOL_TCP == pEventData->Protocol )
  416. {
  417. _tprintf( _T("TCP ") );
  418. }
  419. else
  420. {
  421. _tprintf( _T("UDP ") );
  422. }
  424. if( pEventData->InboundConnection )
  425. {
  426. _tprintf( _T("inbound ") );
  427. }
  428. else
  429. {
  430. _tprintf( _T("outbound ") );
  431. }
  433. inAddr.s_addr = pEventData->LocalAddress;
  434. printf( inet_ntoa( inAddr ));
  436. _tprintf(
  437. _T("/%u :: "),
  438. ntohs( (u_short) pEventData->LocalPort )
  439. );
  441. inAddr.s_addr = pEventData->RemoteAddress;
  442. printf( inet_ntoa( inAddr ));
  444. _tprintf(
  445. _T("/%u\n"),
  446. ntohs( (u_short) pEventData->RemotePort )
  447. );
  448. }
  451. VOID
  452. CALLBACK
  453. ConnectionDeletionCallback(
  454. PEVENT_TRACE pEvent
  455. )
  457. /*++
  459. Routine Description:
  461. Called when a ConnectionDeletionEvent occurs.
  463. Arguments:
  465. pEvent -- pointer to the event trace structure
  467. Return Value:
  469. None.
  471. --*/
  473. {
  474. FILETIME ftUtcTime;
  475. FILETIME ftLocalTime;
  476. SYSTEMTIME stLocalTime;
  477. PMSIPNAT_ConnectionDeletionEvent pEventData;
  478. struct in_addr inAddr;
  480. InterlockedIncrement( &g_lCDeleted );
  481. pEventData = (PMSIPNAT_ConnectionDeletionEvent) pEvent->MofData;
  483. //
  484. // Convert the event timestamp to local systemtime structure
  485. //
  487. ftUtcTime.dwLowDateTime = pEvent->Header.TimeStamp.LowPart;
  488. ftUtcTime.dwHighDateTime = pEvent->Header.TimeStamp.HighPart;
  489. if( !FileTimeToLocalFileTime( &ftUtcTime, &ftLocalTime )
  490. || !FileTimeToSystemTime( &ftLocalTime, &stLocalTime ))
  491. {
  492. //
  493. // Conversion failed -- use zero time
  494. //
  495. ZeroMemory( &stLocalTime, sizeof( SYSTEMTIME ));
  496. }
  498. //
  499. // Print timestamp (yyyy/mm/dd hh:mm:ss)
  500. //
  502. _tprintf(
  503. _T("%i/%02i/%02i %02i:%02i:%02i --"),
  504. stLocalTime.wYear,
  505. stLocalTime.wMonth,
  506. stLocalTime.wDay,
  507. stLocalTime.wHour,
  508. stLocalTime.wMinute,
  509. stLocalTime.wSecond
  510. );
  512. //
  513. // Connection details.
  514. //
  516. if( NAT_PROTOCOL_TCP == pEventData->Protocol )
  517. {
  518. _tprintf( _T("TCP ") );
  519. }
  520. else
  521. {
  522. _tprintf( _T("UDP ") );
  523. }
  525. inAddr.s_addr = pEventData->LocalAddress;
  526. printf( inet_ntoa( inAddr ));
  528. _tprintf(
  529. _T("/%u :: "),
  530. ntohs( (u_short) pEventData->LocalPort )
  531. );
  533. inAddr.s_addr = pEventData->RemoteAddress;
  534. printf( inet_ntoa( inAddr ));
  536. _tprintf(
  537. _T("/%u\n"),
  538. ntohs( (u_short) pEventData->RemotePort )
  539. );
  540. }
  543. VOID
  544. CALLBACK
  545. PacketDroppedCallback(
  546. PEVENT_TRACE pEvent
  547. )
  549. /*++
  551. Routine Description:
  553. Called when a PacketDroppedEvent occurs.
  555. Arguments:
  557. pEvent -- pointer to the event trace structure
  559. Return Value:
  561. None.
  563. --*/
  565. {
  566. FILETIME ftUtcTime;
  567. FILETIME ftLocalTime;
  568. SYSTEMTIME stLocalTime;
  569. PMSIPNAT_PacketDroppedEvent pEventData;
  570. struct in_addr inAddr;
  572. InterlockedIncrement( &g_lDropped );
  573. pEventData = (PMSIPNAT_PacketDroppedEvent) pEvent->MofData;
  575. //
  576. // Convert the event timestamp to local systemtime structure
  577. //
  579. ftUtcTime.dwLowDateTime = pEvent->Header.TimeStamp.LowPart;
  580. ftUtcTime.dwHighDateTime = pEvent->Header.TimeStamp.HighPart;
  581. if( !FileTimeToLocalFileTime( &ftUtcTime, &ftLocalTime )
  582. || !FileTimeToSystemTime( &ftLocalTime, &stLocalTime ))
  583. {
  584. //
  585. // Conversion failed -- use zero time
  586. //
  587. ZeroMemory( &stLocalTime, sizeof( SYSTEMTIME ));
  588. }
  590. //
  591. // Print timestamp (yyyy/mm/dd hh:mm:ss)
  592. //
  594. _tprintf(
  595. _T("%i/%02i/%02i %02i:%02i:%02i - "),
  596. stLocalTime.wYear,
  597. stLocalTime.wMonth,
  598. stLocalTime.wDay,
  599. stLocalTime.wHour,
  600. stLocalTime.wMinute,
  601. stLocalTime.wSecond
  602. );
  605. switch( pEventData->Protocol )
  606. {
  607. case NAT_PROTOCOL_TCP:
  608. {
  609. _tprintf( _T("TCP: ") );
  611. inAddr.s_addr = pEventData->SourceAddress;
  612. printf( inet_ntoa( inAddr ));
  614. _tprintf(
  615. _T("/%u -> "),
  616. ntohs( (u_short) pEventData->SourceIdentifier )
  617. );
  619. inAddr.s_addr = pEventData->DestinationAddress;
  620. printf( inet_ntoa( inAddr ));
  622. _tprintf(
  623. _T("/%u "),
  624. ntohs( (u_short) pEventData->DestinationIdentifier )
  625. );
  627. if( pEventData->ProtocolData4 & TCP_FLAG_SYN )
  628. {
  629. _tprintf( _T("S") );
  630. }
  632. if( pEventData->ProtocolData4 & TCP_FLAG_FIN )
  633. {
  634. _tprintf( _T("F") );
  635. }
  637. if( pEventData->ProtocolData4 & TCP_FLAG_ACK )
  638. {
  639. _tprintf( _T("A") );
  640. }
  642. if( pEventData->ProtocolData4 & TCP_FLAG_RST )
  643. {
  644. _tprintf( _T("R") );
  645. }
  647. if( pEventData->ProtocolData4 & TCP_FLAG_URG )
  648. {
  649. _tprintf( _T("U") );
  650. }
  652. if( pEventData->ProtocolData4 & TCP_FLAG_PSH )
  653. {
  654. _tprintf( _T("P") );
  655. }
  657. _tprintf( _T("\n") );
  659. break;
  660. }
  662. case NAT_PROTOCOL_UDP:
  663. {
  664. _tprintf( _T("UDP: ") );
  666. inAddr.s_addr = pEventData->SourceAddress;
  667. printf( inet_ntoa( inAddr ));
  669. _tprintf(
  670. _T("/%u -> "),
  671. ntohs( (u_short) pEventData->SourceIdentifier )
  672. );
  674. inAddr.s_addr = pEventData->DestinationAddress;
  675. printf( inet_ntoa( inAddr ));
  677. _tprintf(
  678. _T("/%u\n"),
  679. ntohs( (u_short) pEventData->DestinationIdentifier )
  680. );
  681. break;
  682. }
  684. case NAT_PROTOCOL_ICMP:
  685. {
  686. _tprintf( _T("ICMP: ") );
  688. inAddr.s_addr = pEventData->SourceAddress;
  689. printf( inet_ntoa( inAddr ));
  691. _tprintf( _T(" -> ") );
  693. inAddr.s_addr = pEventData->DestinationAddress;
  694. printf( "%s\n", inet_ntoa( inAddr ));
  696. break;
  697. }
  699. default:
  700. {
  701. _tprintf( _T("Prot. %i: "), pEventData->Protocol );
  702. inAddr.s_addr = pEventData->SourceAddress;
  703. printf( inet_ntoa( inAddr ));
  705. _tprintf( _T(" -> ") );
  707. inAddr.s_addr = pEventData->DestinationAddress;
  708. printf( "%s\n", inet_ntoa( inAddr ));
  709. }
  711. }
  713. }
  716. UINT
  717. WINAPI
  718. ProcessTraceRoutine(
  719. PVOID pvThreadParam
  720. )
  722. /*++
  724. Routine Description:
  726. Thread routine for trace processing.
  728. Arguments:
  730. pvThreadParam -- unused.
  732. Return Value:
  734. Thread exit code.
  736. --*/
  738. {
  739. TRACEHANDLE hStream;
  740. EVENT_TRACE_LOGFILE LogFile;
  741. ULONG ulError;
  743. //
  744. // Register our trace callbacks
  745. //
  747. ulError = SetTraceCallback( &PacketDroppedEventGuid, PacketDroppedCallback );
  748. if( ERROR_SUCCESS != ulError )
  749. {
  750. _tprintf( _T("FwLogger: SetTraceCallback (PacketDropped) returned 0x%08x\n"),
  751. ulError );
  752. return -1;
  753. }
  755. ulError = SetTraceCallback( &ConnectionCreationEventGuid, ConnectionCreationCallback );
  756. if( ERROR_SUCCESS != ulError )
  757. {
  758. _tprintf( _T("FwLogger: SetTraceCallback (ConnectionCreation) returned 0x%08x\n"),
  759. ulError );
  760. return -1;
  761. }
  763. ulError = SetTraceCallback( &ConnectionDeletionEventGuid, ConnectionDeletionCallback );
  764. if( ERROR_SUCCESS != ulError )
  765. {
  766. _tprintf( _T("FwLogger: SetTraceCallback (ConnectionDeletion) returned 0x%08x\n"),
  767. ulError );
  768. return -1;
  769. }
  772. //
  773. // Open the event stream.
  774. //
  776. ZeroMemory( &LogFile, sizeof(LogFile) );
  777. LogFile.LoggerName = cszLogSession;
  778. LogFile.LogFileMode = EVENT_TRACE_REAL_TIME_MODE;
  780. hStream = OpenTrace( &LogFile );
  781. if( (TRACEHANDLE)INVALID_HANDLE_VALUE == hStream )
  782. {
  783. _tprintf( _T("FwLogger: OpenTrace returned 0x%08x\n"), GetLastError() );
  784. return -1;
  785. }
  787. //
  788. // Process the trace stream
  789. //
  791. _tprintf( _T("FwLogger: Calling ProcessTrace...\n") );
  792. ulError = ProcessTrace( &hStream, 1, NULL, NULL );
  793. if( ERROR_SUCCESS != ulError )
  794. {
  795. _tprintf( _T("FwLogger: ProcessTrace returned 0x%08x\n"), ulError );
  796. CloseTrace( hStream );
  797. return -1;
  798. }
  800. //
  801. // Close the stream and exit
  802. //
  804. CloseTrace( hStream );
  805. return 0;
  806. }
  809. BOOL
  810. WINAPI
  811. ControlHandler(
  812. DWORD dwCtrlType
  813. )
  815. /*++
  817. Routine Description:
  819. Signals our shutdown event when the user wants to exit.
  821. Arguments:
  823. dwCtrlType -- control signal type
  825. Return Value:
  827. TRUE if we handled the control signal.
  829. --*/
  831. {
  832. if( CTRL_LOGOFF_EVENT != dwCtrlType )
  833. {
  834. SetEvent( g_hShutdownEvent );
  835. return TRUE;
  836. }
  838. return FALSE;
  839. }