On Thu, Oct 14, 2021 at 12:43 PM StarBrilliant <[email protected]> wrote: > In fact, Windows Event Logging has two APIs: ETW and WPP. > The ETW API is, indeed, slow and clunky. > However, the WPP API is very high-performance. The trace function in Windows > native TCP stack is implemented with WPP.
Yes. I have no interest in using binary WPP traces. The kernel driver now mimics linux's, having the exact same messaged logs in a simple printk-like buffer. > If someone like Frank has the time and ability, they could check this MSDN > documentation and try to implement it: > https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/wpp-software-tracing Not interested. I won't take patches for that. > I am not sure if I get Jason's idea: Is current Wireguard driver using a ring > buffer of 2,048 messages for logging? No. Frank is conflating the kernel driver and a simple userspace service. The userspace service uses a very simple ringlogger format, with multiple implementations, used for years on different platforms. The kernel driver doesn't have an on-disk format; it uses a ring buffer of sorts, but so far that remains irrelevant to this discussion. Jason
