Project

General

Profile

Actions

Feature #2455

closed

Add WinDivert source to Windows builds

Added by Jacob Masen-Smith almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Enables IPS functionality on Windows using the open-source (LGPLv3)
WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.

Limitation: currently limited to `autofp` runmode.


The code is already written and feature-tested, but it is requested
that I submit a ticket/issue first. Additionally, I was waiting for
release from my employer to contribute, hence not assigning
https://redmine.openinfosecfoundation.org/issues/2454 to myself to
start (the fix for which is required for this to compile).

Actions

Also available in: Atom PDF