Bug #3698
openIncorrect max length of windivert filter
Description
Now, windivert paramater in suricata support only 128 maximum characters for filter
https://github.com/OISF/suricata/blob/ec77632e84a106ddbcd0baef4e4368b4fe5c5f9e/src/source-windivert.h#L33,
but windivert now support 256 characters
https://github.com/basil00/Divert/blob/master/include/windivert_device.h#L164
Can you fix it?
Files
Updated by Victor Julien over 4 years ago
- Assignee set to Community Ticket
- Target version changed from 5.0.4 to TBD
Updated by Jacob Masen-Smith about 4 years ago
I'm jumping on this finally. Hopefully it will be relatively quick, but I haven't built in 2 years.
Updated by Jacob Masen-Smith about 4 years ago
- File suricata-build-paste.txt suricata-build-paste.txt added
So it appears the filter length was only increased for v2.0.0 - v1.4.3 (current 1.4 API tag) is still 128.
https://github.com/basil00/Divert/blob/v1.4.3/include/windivert_device.h
So there's actually more work to do - if 256 was to be supported, the WinDivert interface would need to be updated to v2.0.0, which I accidentally tried to build against and noticed a number of breaking API changes.