0

I Have an issue with WinDivert. DivertSend does not work, GetLastError() return 1237 ?

I have a another question. I want to divert traffic based on an IP list, I have a CSV file with more than 20000 records, each record contain an IP range, the problem is I can just call DivertOpen with only 500 record of my CSV file as a filter string. if I call DivertOpen with more than 500 record as filter I got "filter syntax error". How can i fix this issue. Thanks

user2601950
  • 1
  • 2

1 Answers1

1

WinDivert is not designed to handle long/complicated filter strings (such as a list of 20,000 IP addresses). This is briefly mentioned in the WinDivert documentation: namely, the filter string should ideally be both selective and short, and the more shorter/selective the better.

For your kind of application, where a short string is not possible, you are better off capturing all network traffic (e.g. with a call to DivertOpen("true", ...)) and doing the filtering in the user-mode application using some efficient method (such as binary search). Simply re-inject the packets that do not match.

PS: Thanks for the report of the 1237 error issue.

Basil
  • 1,001
  • 7
  • 9
  • Thanks Dear Basil. I want to report another issue with DivertSend. sometimes it return 1233 error. do you have any idea about that? – user2601950 Jul 20 '13 at 20:18
  • 1233 = ERROR_PROTOCOL_UNREACHABLE. Not sure what would cause this. Perhaps trying to inject a packet with an invalid ip.Version or ip.Protocol value? – Basil Jul 21 '13 at 17:09
  • I Just Run passthrue example. – user2601950 Jul 23 '13 at 10:38
  • 1
    Basil there is another issue, I have "Keiro VPN Client" on my machine, I start Kerio and start netdump example, i get error "Junk packet". – user2601950 Jul 23 '13 at 10:40
  • This and the other issue (1233 error) might be related. I will investigate. – Basil Jul 24 '13 at 10:47