https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022020-06-29T17:45:01ZOpen Information Security FoundationSuricata - Bug #3698: Incorrect max length of windivert filterhttps://redmine.openinfosecfoundation.org/issues/3698?journal_id=167782020-06-29T17:45:01ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Community Ticket</i></li><li><strong>Target version</strong> changed from <i>5.0.4</i> to <i>TBD</i></li></ul> Suricata - Bug #3698: Incorrect max length of windivert filterhttps://redmine.openinfosecfoundation.org/issues/3698?journal_id=171962020-08-23T04:36:18ZJacob Masen-Smith
<ul></ul><p>I'm jumping on this finally. Hopefully it will be relatively quick, but I haven't built in 2 years.</p> Suricata - Bug #3698: Incorrect max length of windivert filterhttps://redmine.openinfosecfoundation.org/issues/3698?journal_id=172012020-08-24T04:19:07ZJacob Masen-Smith
<ul><li><strong>File</strong> <a href="/attachments/2136">suricata-build-paste.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/2136/suricata-build-paste.txt">suricata-build-paste.txt</a> added</li></ul><p>So it appears the filter length was only increased for v2.0.0 - v1.4.3 (current 1.4 API tag) is still 128.</p>
<p><a class="external" href="https://github.com/basil00/Divert/blob/v1.4.3/include/windivert_device.h">https://github.com/basil00/Divert/blob/v1.4.3/include/windivert_device.h</a></p>
<p>So there's actually more work to do - if 256 was to be supported, the WinDivert interface would need to be updated to v2.0.0, which I accidentally tried to build against and noticed a number of breaking API changes.</p>