suricata

suricata copied to clipboard

Reame
Issues

WinDivert: upgrade to newer versions and fix documentation

Open erdnaxe opened this issue 1 month ago • 7 comments

Tested using WinDivert 2.2.2 on a freshly installed Windows 11 virtual machine.

Contribution style:

[x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html

Our Contribution agreements:

[x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)

Changes (if applicable):

[x] I have updated the User Guide (in doc/userguide/) to reflect the changes made
[x] I have created a ticket at https://redmine.openinfosecfoundation.org/projects/suricata/issues

Link to ticket: https://redmine.openinfosecfoundation.org/issues/8138 https://redmine.openinfosecfoundation.org/issues/8137

Describe changes:

Make Suricata able to compile with WinDivert 2 (released in 2019).
Update Windows build instructions to add WinDivert configure example.

Provide values to any of the below to override the defaults.

To use a Suricata-Verify or Suricata-Update pull request, link to the pull request in the respective _BRANCH variable.
Leave unused overrides blank or remove.

SV_REPO= SV_BRANCH= SU_REPO= SU_BRANCH=

Nov 23 '25 19:11 erdnaxe

NOTE: This PR may contain new authors.

Nov 23 '25 19:11 github-actions[bot]

NOTE: This PR may contain new authors.

Nov 23 '25 19:11 github-actions[bot]

NOTE: This PR may contain new authors.

Nov 23 '25 19:11 github-actions[bot]

NOTE: This PR may contain new authors.

Nov 23 '25 20:11 github-actions[bot]

NOTE: This PR may contain new authors.

Nov 23 '25 20:11 github-actions[bot]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 84.19%. Comparing base (459e259) to head (1fe00f6). :warning: Report is 74 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14362      +/-   ##
==========================================
- Coverage   84.19%   84.19%   -0.01%     
==========================================
  Files        1012     1012              
  Lines      261796   261796              
==========================================
- Hits       220414   220411       -3     
- Misses      41382    41385       +3

Flag	Coverage Δ
fuzzcorpus	`63.28% <ø> (+<0.01%)`	:arrow_up:
livemode	`18.73% <ø> (-0.01%)`	:arrow_down:
pcap	`44.64% <ø> (+0.03%)`	:arrow_up:
suricata-verify	`64.96% <ø> (-0.01%)`	:arrow_down:
unittests	`59.24% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

:rocket: New features to boost your workflow:

:snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Nov 23 '25 20:11 codecov[bot]

Thanks @erdnaxe I've asked @pevma to see if he can test this PR.

Dec 02 '25 13:12 victorjulien

Tested building the WinDivert on cpl systems , looks good. Not sure how to properly test conclusively the FW/blocking part in VM env though.

Dec 10 '25 11:12 pevma

Merged in #14462, thanks!

Dec 11 '25 10:12 victorjulien