Feature #2455
closedAdd WinDivert source to Windows builds
Description
Enables IPS functionality on Windows using the open-source (LGPLv3)
WinDivert driver and API.
From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."
- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.
Limitation: currently limited to `autofp` runmode.
The code is already written and feature-tested, but it is requested
that I submit a ticket/issue first. Additionally, I was waiting for
release from my employer to contribute, hence not assigning
https://redmine.openinfosecfoundation.org/issues/2454 to myself to
start (the fix for which is required for this to compile).