/*++ Copyright (c) 1999, Microsoft Corporation Module Name: tcbview.c Abstract: This module contains code for a utility program which monitors the variables for the active TCP/IP control blocks in the system. The program optionally maintains a log for a specified TCB in CSV format in a file specified by the user. Author: Abolade Gbadegesin (aboladeg) January-25-1999 Revision History: --*/ #include <nt.h> #include <ntrtl.h> #include <nturtl.h> #include <windows.h> #include <commctrl.h> #include <winsock2.h> #include <stdio.h> #include <stdlib.h> #include <io.h> #include <fcntl.h> #include <ntddip.h> #include <ntddtcp.h> #include <ipinfo.h> #include <iphlpapi.h> #include <iphlpstk.h> // // GLOBAL DATA // ULONG DisplayInterval = 500; HWND ListHandle; SOCKADDR_IN LogLocal; FILE* LogFile = NULL; PCHAR LogPath; SOCKADDR_IN LogRemote; HANDLE TcpipHandle; UINT_PTR TimerId; typedef enum { LocalAddressColumn, LocalPortColumn, RemoteAddressColumn, RemotePortColumn, SmRttColumn, DeltaColumn, RtoColumn, RexmitColumn, RexmitCntColumn, MaximumColumn } LIST_COLUMNS; CHAR* ColumnText[] = { "LocalAddress", "LocalPort", "RemoteAddress", "RemotePort", "SmRtt", "Delta", "Rto", "Rexmit", "RexmitCnt", }; VOID AllocateConsole( VOID ) { INT OsfHandle; FILE* FileHandle; // // Being a GUI application, we do not have a console for our process. // Allocate a console now, and make it our standard-output file. // AllocConsole(); OsfHandle = _open_osfhandle((intptr_t)GetStdHandle(STD_OUTPUT_HANDLE), _O_TEXT); FileHandle = _fdopen(OsfHandle, "w"); if (!FileHandle) { perror("_fdopen"); exit(0); } *stdout = *FileHandle; setvbuf(stdout, NULL, _IONBF, 0); } LRESULT CALLBACK DisplayWndProc( HWND WindowHandle, UINT Message, WPARAM Wparam, LPARAM Lparam ) { // // Handle the few window-messages that we care about. // Our window will contain a listview as soon as we've initialized, // and we always resize that listview to fill our client area. // We also set up a timer which periodically triggers refresh // of the TCBs displayed. // if (Message == WM_CREATE) { CREATESTRUCT* CreateStruct = (CREATESTRUCT*)Lparam; LVCOLUMN LvColumn; RECT rc; do { // // Create the child listview, and insert columns // for each of the TCB fields that we'll be displaying. // GetClientRect(WindowHandle, &rc); ListHandle = CreateWindowEx( 0, WC_LISTVIEW, NULL, WS_CHILD|LVS_REPORT|LVS_NOSORTHEADER, 0, 0, rc.right, rc.bottom, WindowHandle, NULL, CreateStruct->hInstance, NULL ); if (!ListHandle) { break; } ZeroMemory(&LvColumn, sizeof(LvColumn)); for (; LvColumn.iSubItem < MaximumColumn; LvColumn.iSubItem++) { LvColumn.mask = LVCF_FMT|LVCF_SUBITEM|LVCF_TEXT|LVCF_WIDTH; LvColumn.fmt = LVCFMT_LEFT; LvColumn.pszText = ColumnText[LvColumn.iSubItem]; LvColumn.cx = 50; ListView_InsertColumn(ListHandle, LvColumn.iSubItem, &LvColumn); } // // Initialize our periodic timer, and display our window. // TimerId = SetTimer(WindowHandle, 1, DisplayInterval, NULL); ShowWindow(WindowHandle, SW_SHOW); ShowWindow(ListHandle, SW_SHOW); if (!TimerId) { break; } return 0; } while(FALSE); PostQuitMessage(0); return (LRESULT)-1; } else if (Message == WM_DESTROY) { // // Stop our periodic timer, close the log-file (if any), // close the handle on which we communicate with the TCP/IP driver, // and post a quit message to cause the message-loop of our process // to end. // KillTimer(WindowHandle, TimerId); if (LogFile) { fclose(LogFile); } NtClose(TcpipHandle); PostQuitMessage(0); return 0; } else if (Message == WM_SETFOCUS) { // // Always pass the focus to our child-control, the listview. // SetFocus(ListHandle); return 0; } else if (Message == WM_WINDOWPOSCHANGED) { RECT rc; // // Always resize our listview to fill our client-area. // GetClientRect(WindowHandle, &rc); SetWindowPos( ListHandle, WindowHandle, 0, 0, rc.right, rc.bottom, ((WINDOWPOS*)Lparam)->flags ); return 0; } else if (Message == WM_TIMER) { COORD Coord = {0, 0}; DWORD Error; ULONG i; LONG Item; ULONG Length; LVITEM LvItem; CHAR Text[20]; TCP_FINDTCB_REQUEST Request; TCP_FINDTCB_RESPONSE Response; PMIB_TCPTABLE Table; // // If we're configured to use a log-file and we haven't created one, // do so now, and print the CSV header to the file. // if (LogPath && !LogFile) { LogFile = fopen(LogPath, "w+"); if (!LogFile) { return 0; } else { fprintf( LogFile, "#senduna,sendnext,sendmax,sendwin,unacked,maxwin,cwin," "mss,rtt,smrtt,rexmitcnt,rexmittimer,rexmit,retrans,state," "flags,rto,delta\n" ); } } // // Clear our listview and retrieve a new table of TCP connections. // It would be less visually jarring if, instead of deleting all // the list-items each time, we used a mark-and-sweep to just update // the ones which had changed. However, that sounds too much like work. // ListView_DeleteAllItems(ListHandle); Error = AllocateAndGetTcpTableFromStack( &Table, TRUE, GetProcessHeap(), 0 ); if (Error) { return 0; } // // Display each active TCP control block in the listview. // For each entry, we retrieve the partial TCB using IOCTL_TCP_FINDTCB, // and then display it in the list. // If we are generating a log-file for one of the TCBs, // we append the current information to that log-file. // for (i = 0, Item = 0; i < Table->dwNumEntries; i++) { if (Table->table[i].dwState < MIB_TCP_STATE_SYN_SENT || Table->table[i].dwState > MIB_TCP_STATE_TIME_WAIT) { continue; } Request.Src = Table->table[i].dwLocalAddr; Request.Dest = Table->table[i].dwRemoteAddr; Request.SrcPort = (USHORT)Table->table[i].dwLocalPort; Request.DestPort = (USHORT)Table->table[i].dwRemotePort; ZeroMemory(&Response, sizeof(Response)); if (!DeviceIoControl( TcpipHandle, IOCTL_TCP_FINDTCB, &Request, sizeof(Request), &Response, sizeof(Response), &Length, NULL )) { continue; } lstrcpy(Text, inet_ntoa(*(PIN_ADDR)&Request.Src)); ZeroMemory(&LvItem, sizeof(LvItem)); LvItem.mask = LVIF_TEXT; LvItem.iItem = Item; LvItem.iSubItem = LocalAddressColumn; LvItem.pszText = Text; LvItem.iItem = ListView_InsertItem(ListHandle, &LvItem); if (LvItem.iItem == -1) { continue; } ListView_SetItemText( ListHandle, Item, RemoteAddressColumn, inet_ntoa(*(PIN_ADDR)&Request.Dest) ); _ltoa(ntohs(Request.SrcPort), Text, 10); ListView_SetItemText(ListHandle, Item, LocalPortColumn, Text); _ltoa(ntohs(Request.DestPort), Text, 10); ListView_SetItemText(ListHandle, Item, RemotePortColumn, Text); _ltoa(Response.tcb_smrtt, Text, 10); ListView_SetItemText(ListHandle, Item, SmRttColumn, Text); _ltoa(0, /* Response.tcb_delta, */ Text, 10); ListView_SetItemText(ListHandle, Item, DeltaColumn, Text); wsprintf( Text, "%d.%d", 0, // Response.tcb_rto / 10, 0 // (Response.tcb_rto % 10) * 100 ); ListView_SetItemText(ListHandle, Item, RtoColumn, Text); _ltoa(Response.tcb_rexmit, Text, 10); ListView_SetItemText(ListHandle, Item, RexmitColumn, Text); _ltoa(Response.tcb_rexmitcnt, Text, 10); ListView_SetItemText(ListHandle, Item, RexmitCntColumn, Text); ++Item; // // If we are generating a log-file, update it now. // We allow the user to specify a wildcard for either or both port // on the command-line, so if a wildcard was specified // in 'LogLocal' or 'LogRemote', we now instantiate the wildcard // for the first matching session. // if (Request.Src == LogLocal.sin_addr.s_addr && Request.Dest == LogRemote.sin_addr.s_addr && (LogLocal.sin_port == 0 || Request.SrcPort == LogLocal.sin_port) && (LogRemote.sin_port == 0 || Request.DestPort == LogRemote.sin_port)) { // // This assignment instantiates the user's wildcard, if any, // LogLocal.sin_port = Request.SrcPort; LogRemote.sin_port = Request.DestPort; fprintf( LogFile, "%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u," "%x,%u,%u\n", Response.tcb_senduna, Response.tcb_sendnext, Response.tcb_sendmax, Response.tcb_sendwin, Response.tcb_unacked, Response.tcb_maxwin, Response.tcb_cwin, Response.tcb_mss, Response.tcb_rtt, Response.tcb_smrtt, Response.tcb_rexmitcnt, Response.tcb_rexmittimer, Response.tcb_rexmit, Response.tcb_retrans, Response.tcb_state, 0, // Response.tcb_flags, 0, // Response.tcb_rto, 0 // Response.tcb_delta ); } } HeapFree(GetProcessHeap(), 0, Table); UpdateWindow(ListHandle); return 0; } return DefWindowProc(WindowHandle, Message, Wparam, Lparam); } void DisplayUsage( void ) { AllocateConsole(); printf("tcbview [-?] [-tcbhelp] [-refresh <ms>] [-log <path> <session>\n"); printf("\t<session> = <local endpoint> <remote endpoint>\n"); printf("\t<endpoint> = <address> { <port> | * }\n"); printf("Press <Ctrl-C> to continue..."); Sleep(INFINITE); } void DisplayTcbHelp( void ) { AllocateConsole(); printf("tcbview: TCB Help\n"); printf("tcb fields:\n"); printf("\tsenduna = seq. of first unack'd byte\n"); printf("\tsendnext = seq. of next byte to send\n"); printf("\tsendmax = max. seq. sent so far\n"); printf("\tsendwin = size of send window in bytes\n"); printf("\tunacked = number of unack'd bytes\n"); printf("\tmaxwin = max. send window offered\n"); printf("\tcwin = size of congestion window in bytes\n"); printf("\tmss = max. segment size\n"); printf("\trtt = timestamp of current rtt measurement\n"); printf("\tsmrtt = smoothed rtt measurement\n"); printf("\trexmitcnt = number of rexmit'd segments\n"); printf("\trexmittimer = rexmit timer in ticks\n"); printf("\trexmit = rexmit timeout last computed\n"); printf("\tretrans = total rexmit'd segments (all sessions)\n"); printf("\tstate = connection state\n"); printf("\tflags = connection flags (see below)\n"); printf("\trto = real-time rto (compare rexmit)\n"); printf("\tdelta = rtt variance\n"); printf("\n"); printf("flags:\n"); printf("\t00000001 = window explicitly set\n"); printf("\t00000002 = has client options\n"); printf("\t00000004 = from accept\n"); printf("\t00000008 = from active open\n"); printf("\t00000010 = client notified of disconnect\n"); printf("\t00000020 = in delayed action queue\n"); printf("\t00000040 = completing receives\n"); printf("\t00000080 = in receive-indication handler\n"); printf("\t00000100 = needs receive-completes\n"); printf("\t00000200 = needs to send ack\n"); printf("\t00000400 = needs to output\n"); printf("\t00000800 = delayed sending ack\n"); printf("\t00001000 = probing for path-mtu bh\n"); printf("\t00002000 = using bsd urgent semantics\n"); printf("\t00004000 = in 'DeliverUrgent'\n"); printf("\t00008000 = seen urgent data and urgent data fields valid\n"); printf("\t00010000 = needs to send fin\n"); printf("\t00020000 = using nagle's algorithm\n"); printf("\t00040000 = in 'TCPSend'\n"); printf("\t00080000 = flow-controlled (received zero-window)\n"); printf("\t00100000 = disconnect-notif. pending\n"); printf("\t00200000 = time-wait transition pending\n"); printf("\t00400000 = output being forced\n"); printf("\t00800000 = send pending after receive\n"); printf("\t01000000 = graceful-close pending\n"); printf("\t02000000 = keepalives enabled\n"); printf("\t04000000 = processing urgent data inline\n"); printf("\t08000000 = inform acd about connection\n"); printf("\t10000000 = fin sent since last retransmit\n"); printf("\t20000000 = unack'd fin sent\n"); printf("\t40000000 = need to send rst when closing\n"); printf("\t80000000 = in tcb table\n"); printf("Press <Ctrl-C> to continue..."); Sleep(INFINITE); } INT WINAPI WinMain( HINSTANCE InstanceHandle, HINSTANCE Unused, PCHAR CommandLine, INT ShowWindowCode ) { LONG argc; PCHAR* argv; LONG i; IO_STATUS_BLOCK IoStatus; MSG Message; OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS Status; HANDLE ThreadHandle; ULONG ThreadId; UNICODE_STRING UnicodeString; HWND WindowHandle; WNDCLASS WndClass; // // Process command-line arguments. See 'DisplayUsage' above for help. // argc = __argc; argv = __argv; for (i = 1; i < argc; i++) { if (lstrcmpi(argv[i], "-?") == 0 || lstrcmpi(argv[i], "/?") == 0) { DisplayUsage(); return 0; } else if (lstrcmpi(argv[i], "-tcbhelp") == 0) { DisplayTcbHelp(); return 0; } else if (lstrcmpi(argv[i], "-refresh") == 0 && (i + 1) >= argc) { DisplayInterval = atol(argv[++i]); if (!DisplayInterval) { DisplayUsage(); return 0; } } else if (lstrcmpi(argv[i], "-log") == 0) { if ((i + 5) >= argc) { DisplayUsage(); return 0; } LogPath = argv[++i]; LogLocal.sin_addr.s_addr = inet_addr(argv[++i]); if (lstrcmpi(argv[i+1], "*") == 0) { LogLocal.sin_port = 0; ++i; } else { LogLocal.sin_port = htons((SHORT)atol(argv[++i])); } LogRemote.sin_addr.s_addr = inet_addr(argv[++i]); if (lstrcmpi(argv[i+1], "*") == 0) { LogRemote.sin_port = 0; ++i; } else { LogRemote.sin_port = htons((SHORT)atol(argv[++i])); } if (LogLocal.sin_addr.s_addr == INADDR_NONE || LogRemote.sin_addr.s_addr == INADDR_NONE) { DisplayUsage(); return 0; } } } // // Open a handle to the TCP/IP driver, // to be used in issuing IOCTL_TCP_FINDTCB requests. // RtlInitUnicodeString(&UnicodeString, DD_TCP_DEVICE_NAME); InitializeObjectAttributes( &ObjectAttributes, &UnicodeString, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = NtCreateFile( &TcpipHandle, GENERIC_EXECUTE, &ObjectAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN_IF, 0, NULL, 0 ); if (!NT_SUCCESS(Status)) { printf("NtCreateFile: %x\n", Status); return 0; } // // Register our window class and create the sole instance // of our main window. Then, enter our application message loop // until the user dismisses the window. // ZeroMemory(&WndClass, sizeof(WndClass)); WndClass.lpfnWndProc = DisplayWndProc; WndClass.hInstance = InstanceHandle; WndClass.lpszClassName = "TcbViewClass"; Message.wParam = 0; if (!RegisterClass(&WndClass)) { printf("RegisterClass: %d\n", GetLastError()); } else { WindowHandle = CreateWindowEx( 0, "TcbViewClass", "TcbView", WS_TILEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, InstanceHandle, NULL ); if (!WindowHandle) { printf("CreateWindowEx: %d\n", GetLastError()); } else { while(GetMessage(&Message, NULL, 0, 0)) { TranslateMessage(&Message); DispatchMessage(&Message); } } } return (LONG)Message.wParam; }