wip address cr

2025-12-10 00:44:55 -06:00 · 2023-08-24 17:02:01 -07:00 · 2023-08-24 17:02:01 -07:00 · 2aedc74cb8
commit 2aedc74cb8
parent 1643267e47
4 changed files with 105 additions and 94 deletions
--- a/diagnostics/networking.bat
+++ b/diagnostics/networking.bat
@ -1,57 +0,0 @@
-@echo off
-:: Note: This script terminates WSL. Save your work before running it.
-
-:: Check for administrator privileges.
-net session >nul 2>&1 || goto :admin
-
-:: Validate that required files are here.
-if not exist wsl_networking.wprp (echo wsl_networking.wprp not found && exit /b 1)
-if not exist networking.sh (echo networking.sh not found && exit /b 1)
-
-:: Capture the store WSL version
-echo "WSL version (Might be help text if store WSL is not installed):"
-wsl.exe --version
-
-:: List installed Windows features.
-echo Windows features:
-powershell.exe -NoProfile "Get-WindowsOptionalFeature -Online | ? State -eq Enabled | select FeatureName"
-
-:: List all HNS objects.
-echo HNS objects: 
-hnsdiag list all -df
-
-:: Print the Windows routing table.
-echo Routing table:
-netstat.exe -rn
-
-:: The WSL HNS network is created once per boot. Resetting it to collect network creation logs.
-echo Deleting HNS network
-powershell.exe -NoProfile "Get-HnsNetwork | Where-Object {$_.Name -eq 'WSL'} | Remove-HnsNetwork"
-
-:: Stop WSL.
-net.exe stop WslService || net.exe stop LxssManager
-
-:: Start packet capture.
-powershell.exe -NoProfile "New-NetEventSession HnsPacketCapture -CaptureMode SaveToFile -LocalFilePath %cd%\\packets.etl" || goto :fail
-powershell.exe -NoProfile "Add-NetEventPacketCaptureProvider -Level 5 -SessionName HnsPacketCapture -CaptureType BothPhysicalAndSwitch " || goto :fail
-powershell.exe -NoProfile "Start-NetEventSession HnsPacketCapture" || goto :fail
-
-:: Collect WSL logs.
-wpr -start wsl_networking.wprp -filemode || goto :fail
-wsl.exe tr -d "\r" ^| bash < ./networking.sh
-
-wpr -stop wsl.etl || goto :fail
-powershell -NoProfile "Stop-NetEventSession HnsPacketCapture;  Remove-NetEventSession HnsPacketCapture" || goto :fail
-
-exit /b 0
-
-:: Error message if the WSL logs fail to collect.
-:fail
-echo Failed to collect WSL logs.
-powershell -NoProfile "Stop-NetEventSession HnsPacketCapture; Remove-NetEventSession HnsPacketCapture"
-exit /b 1
-
-:: Error message if the user does not have administrative privileges.
-:admin
-echo This script needs to run with administrative privileges.
-exit /b 1
--- a/diagnostics/networking.sh
+++ b/diagnostics/networking.sh
@ -1,10 +1,4 @@
 #! /bin/bash
-if (($(id -u) != 0))
-then
-    printf "If you see 'ping: socket: Operation not permitted' errors, "
-    printf "run this command as root.\n"
-fi
-
 set -xu

 # Gather distro & kernel info.
@ -17,24 +11,5 @@ ip route show table all
 ip neighbor
 ip link

-# Validate that the gateway is responsive and can route ICMP correctly.
-if gateway=$(ip route show | awk '/default/ { print $3 }'); then
-    ping -c 4 "$gateway"
-else
-    echo 'No gateway found.'
-fi
-
-ping -c 4 1.1.1.1
-
-# Validate that the default route is working (won't work if traceroute isn't installed).
-traceroute 1.1.1.1
-
 # Display the DNS configuration.
 cat /etc/resolv.conf
-
-# Validate that everything is functioning correctly.
-if type curl >/dev/null 2>&1; then
-    curl -m 5 -v https://microsoft.com
-else
-    wget -T 5 -v https://microsoft.com
-fi
--- a/diagnostics/networking_diagnostics.bat
+++ b/diagnostics/networking_diagnostics.bat
@ -1,13 +1,31 @@
+:: Check for administrator privileges.
+net session >nul 2>&1 || goto :admin
+
+:: Validate that required files are here.
+if not exist wsl_networking.wprp (echo wsl_networking.wprp not found && exit /b 1)
+if not exist networking.sh (echo networking.sh not found && exit /b 1)
+
 set networking_folder=".\networking_logs"
 set neworking_logs_zip=".\WslNetworkingLogs.zip"

 mkdir %networking_folder%

-wsl.exe tr -d "\r" ^| bash < ./networking.sh > %networking_folder%\wsl_network_configuration_before.log
-powershell Get-NetRoute > %networking_folder%\get_netroute.log
+cd %networking_folder%

-powershell invoke-expression 'cmd /c start powershell -Command { .\collect-wsl-logs.ps1 }'
-powershell invoke-expression 'cmd /c start powershell -Command { "wsl.exe sudo tcpdump -n -i any > tcpdump.log" }'
+IF "%1"=="--stop-wsl" (
+   :: The WSL HNS network is created once per boot. Resetting it to collect network creation logs.
+   echo Deleting HNS network
+   powershell.exe -NoProfile "Get-HnsNetwork | Where-Object {$_.Name -eq 'WSL'} | Remove-HnsNetwork"
+
+   :: Stop WSL.
+   net.exe stop WslService || net.exe stop LxssManager
+)
+
+wsl.exe tr -d "\r" ^| bash < ../networking.sh > wsl_network_configuration_before.log
+powershell Get-NetRoute > get_netroute.log
+
+powershell invoke-expression 'cmd /c start powershell -Command { ..\collect-wsl-logs.ps1 }'
+powershell invoke-expression 'cmd /c start powershell -Command { "wsl.exe -u root sudo tcpdump -n -i any > tcpdump.log" }'

 wpr -start .\wsl_networking.wprp -filemode -instanceName wpr_networking
 pktmon start -c --flags 0x1A
@ -16,22 +34,27 @@ netsh wfp capture start
 pause

 :: allow some time for the user to stop logs in all the spawned shells
-:: (particularly the shell running collect-wsl-logs.ps1 will take a bit to stop)
 timeout 20

 netsh wfp capture stop
 pktmon stop
-wpr -stop %networking_folder%\wsl_networking.etl -instanceName wpr_networking
+wpr -stop wsl_networking.etl -instanceName wpr_networking

-wsl.exe tr -d "\r" ^| bash < ./networking.sh > %networking_folder%\wsl_network_configuration_after.log
+wsl.exe tr -d "\r" ^| bash < ../networking.sh > wsl_network_configuration_after.log

-move tcpdump.log %networking_folder%
-move PktMon.etl %networking_folder%
-move wfpdiag.cab %networking_folder%
-move "*zip" %networking_folder%
+cd ..

+del %neworking_logs_zip%
 powershell Compress-Archive -Path %networking_folder% -DestinationPath %neworking_logs_zip%

 rmdir /s /q %networking_folder%

-echo "Finished log collection"
+echo "Finished log collection - please collect the zip archive from the path below"
+powershell Resolve-Path %neworking_logs_zip%
+
+exit /b 0
+
+:: Error message if the user does not have administrative privileges.
+:admin
+echo This script needs to run with administrative privileges.
+exit /b 1
--- a/diagnostics/wsl_networking.wprp
+++ b/diagnostics/wsl_networking.wprp
@ -9,17 +9,62 @@
    <EventProvider Id="lxcore_kernel" Name="0CD1C309-0878-4515-83DB-749843B3F5C9"/>
    <EventProvider Id="lxcore_user" Name="D90B9468-67F0-5B3B-42CC-82AC81FFD960"/>
    <EventProvider Id="lxcore_service" Name="B99CDB5A-039C-5046-E672-1A0DE0A40211"/>
+    <EventProvider Id="wsl_devicehost" Name="9d6c7b9e-2581-4d8a-b8c5-b90b4a17094a"/>
+    <EventProvider Id="wslclient" Name="8cbb7724-7223-5d6f-8137-564dac45104d"/>
    <EventProvider Id="vm_chipset" Name="de9ba731-7f33-4f44-98c9-6cac856b9f83"/>
    <EventProvider Id="vmcompute_dll" Name="AF7FD3A7-B248-460C-A9F5-FEC39EF8468C"/>
    <EventProvider Id="vmcompute" Name="17103E3F-3C6E-4677-BB17-3B267EB5BE57"/>
    <EventProvider Id="vmmm" Name="6066F867-7CA1-4418-85FD-36E3F9C0600C"/>
    <EventProvider Id="vmwp" Name="51DDFA29-D5C8-4803-BE4B-2ECB715570FE"/>
    <EventProvider Id="9p" Name="e13c8d52-b153-571f-78c5-1d4098af2a1e"/>
+    <EventProvider Id="9p_errors" Name="06C601B3-6957-4F8C-A15F-74875B24429D" />
    <EventProvider Id="p9rdr" Name="bb1d36f0-e0e0-48cc-9493-fef0e3d0b28c" />
    <EventProvider Id="mup" Name="20c46239-d059-4214-a11e-7d6769cbe020" />
    <EventProvider Id="rfsmon" Name="51734B23-5B7E-4892-BA8E-45BC110B735C" />
    <EventProvider Id="hyperv_storage" Name="c7ad62c6-5c99-5a1b-bbc4-0821ae5b765e" />
    <EventProvider Id="hns" Name="0c885e0d-6eb6-476c-a048-2457eed3a5c1" />
+    <EventProvider Id="netmgmt" Name="93f693dc-9163-4dee-af64-d855218af242" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Mobile.Provisioning.AppDownload" Name="0BBE6221-EF09-4A3F-82EE-BE00DBB6A98A" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Mobile.Provisioning.Datastore" Name="42C60CEA-0FE7-4541-A86B-9E11F95BD9BF" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Mobile.Provisioning.PhoneProvisioner" Name="B876B1FC-C7F1-443E-9012-86677F7DE580" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Mobile.Provisioning.PPOEM" Name="7EDBED09-1FF7-4FEE-B8C3-5DB694420830" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.API" Name="82ADD491-01D7-4B85-9EAD-192C3CAACA23" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.CSP" Name="16E12400-A2D8-44B7-9479-004568EC7819" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Engine" Name="A6A847B7-4429-49AA-BBA6-2AD8C191AC8C" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Handlers" Name="0383D92C-2337-4F25-A0B5-A51767F04746" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Migration" Name="A0AF985E-83F9-4E1A-B658-338DCFE27893" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Operations" Name="7F99598F-B2C1-4371-9911-63DEE13B9EB1" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Platform" Name="B1F30020-8BC3-4888-BB1B-4DD681F24209" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Plugin.Engine" Name="55239D60-0EB6-495B-874E-15DE5D5F9A70" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.Plugin.RemovableMedia" Name="B55883E6-6C45-45C2-AB9D-800BB7B66B13" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.ProvTool" Name="2BF4B6BA-556E-4D05-8534-CAFEDF19FED8" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.CommandCsp" Name="00BB69FC-60BC-4502-9438-25608F375CCB" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.Provisioning.ProvLaunch" Name="08FACCFA-125D-4ED6-B0B7-B4A1A912E693" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.EMPS.Enrollment" Name="E74EFD1A-B62D-4B83-AB00-66F4A166A2D3" />
+    <EventProvider Id="EventProvider_Microsoft.Windows.EnterpriseManagement.Enrollment" Name="F9E3B648-9AF1-4DC3-9A8E-BF42C0FBCE9A" />
+    <EventProvider Id="virtdisk_wpp" Name="e14dcdd9-d1ec-4dc3-8395-a606df8ef115" Level="4">
+      <Keywords>
+        <Keyword Value="0xFFFFFFFFFFFFFFFF" />
+      </Keywords>
+    </EventProvider>
+
+    <EventProvider Id="virtdisk" Name="4D20DF22-E177-4514-A369-F1759FEEDEB3" Level="4">
+      <Keywords>
+        <Keyword Value="0xFFFFFFFFFFFFFFFF" />
+      </Keywords>
+    </EventProvider>
+
+     <EventProvider Id="vhdmp" Name="E2816346-87F4-4F85-95C3-0C79409AA89D" NonPagedMemory="true" Level="4">
+      <Keywords>
+        <Keyword Value="0xFFFFFFFFFFFFFFFD" />
+      </Keywords>
+    </EventProvider>
+
+    <EventProvider Id="vhdmp_wpp" Name="3c70c3b0-2fae-41d3-b68d-8f7fcaf79adb" NonPagedMemory="true" Level="5">
+      <Keywords>
+        <Keyword Value="0xFFFFFFFFFFFFFFFF" />
+      </Keywords>
+    </EventProvider>
    <EventProvider Id="LsaAudit_WPP" Name="DAA76F6A-2D11-4399-A646-1D62B7380F15" />
    <EventProvider Id="Microsoft_Windows_ResourceManager_WPP" Name="4180C4F7-E238-5519-338F-EC214F0B49AA" />
    <EventProvider Id="Microsoft_Windows_Security_NGC_KeyCredMgr_WPP" Name="34646397-1635-5D14-4D2C-2FEBDCCCF5E9" />
@ -170,17 +215,42 @@
            <EventProviderId Value="lxcore_kernel"/>
            <EventProviderId Value="lxcore_user"/>
            <EventProviderId Value="lxcore_service"/>
+            <EventProviderId Value="wsl_devicehost"/>
+            <EventProviderId Value="wslclient"/>
            <EventProviderId Value="vm_chipset"/>
            <EventProviderId Value="vmcompute_dll"/>
            <EventProviderId Value="vmcompute"/>
            <EventProviderId Value="vmmm"/>
            <EventProviderId Value="vmwp"/>
            <EventProviderId Value="9p"/>
+            <EventProviderId Value="9p_errors"/>
            <EventProviderId Value="p9rdr"/>
            <EventProviderId Value="mup"/>
            <EventProviderId Value="rfsmon"/>
            <EventProviderId Value="hyperv_storage"/>
            <EventProviderId Value="hns"/>
+            <EventProviderId Value="netmgmt"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Mobile.Provisioning.AppDownload"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Mobile.Provisioning.Datastore"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Mobile.Provisioning.PhoneProvisioner"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Mobile.Provisioning.PPOEM"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.CSP"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Engine"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Migration"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Platform"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Operations"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Plugin.Engine"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Plugin.RemovableMedia"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.ProvTool"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.Operations"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.CommandCsp"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.Provisioning.ProvLaunch"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.EMPS.Enrollment"/>
+            <EventProviderId Value="EventProvider_Microsoft.Windows.EnterpriseManagement.Enrollment"/>
+            <EventProviderId Value="virtdisk"/>
+            <EventProviderId Value="virtdisk_wpp"/>
+            <EventProviderId Value="vhdmp"/>
+            <EventProviderId Value="vhdmp_wpp"/>
            <EventProviderId Value="LsaAudit_WPP"/>
            <EventProviderId Value="Microsoft_Windows_ResourceManager_WPP"/>
            <EventProviderId Value="Microsoft_Windows_Security_NGC_KeyCredMgr_WPP"/>