windivert: lazy driver install + re-enable on DISABLED

Match upstream WinDivertOpen: try CreateFile first, install only when
the device node is missing. Also recover from ERROR_SERVICE_DISABLED,
which SCM reports while a prior DeleteService'd service hasn't fully
unregistered yet — re-enable START_TYPE and retry StartService.

Author: nekohasekai

common/windivert/driver_windows.go

@@ -21,19 +21,17 @@ const (
 )
 
 var (
-	driverOnce    sync.Once
-	driverErr     error
-	driverDevName *uint16
+	driverOnce sync.Once
+	driverErr  error
+	// driverDevName is ASCII-safe and must be available before ensureDriver
+	// so Open can try CreateFile first and only install on FILE_NOT_FOUND.
+	driverDevName, _ = windows.UTF16PtrFromString(driverDeviceName)
 )
 
 // Requires SeLoadDriverPrivilege (Administrator). Running the 386 build
 // under WOW64 on a 64-bit kernel is rejected — use the amd64 build.
 func ensureDriver() error {
 	driverOnce.Do(func() {
-		driverDevName, driverErr = windows.UTF16PtrFromString(driverDeviceName)
-		if driverErr != nil {
-			return
-		}
 		driverErr = installDriver()
 	})
 	return driverErr
@@ -103,6 +101,23 @@ func installDriver() error {
 	defer windows.CloseServiceHandle(service)
 
 	err = windows.StartService(service, 0, nil)
+	if err != nil && errors.Is(err, windows.ERROR_SERVICE_DISABLED) {
+		// A prior process called DeleteService on a still-running kernel
+		// driver: SCM marks the record for deletion and flips START_TYPE
+		// to DISABLED until the last handle closes. Re-enable so we can
+		// start it instead of waiting for a reboot.
+		err = windows.ChangeServiceConfig(
+			service,
+			windows.SERVICE_NO_CHANGE,
+			windows.SERVICE_DEMAND_START,
+			windows.SERVICE_NO_CHANGE,
+			nil, nil, nil, nil, nil, nil, nil,
+		)
+		if err != nil {
+			return E.Cause(err, "windivert: re-enable disabled service")
+		}
+		err = windows.StartService(service, 0, nil)
+	}
 	if err == nil {
 		// Mark for deletion so the driver unregisters when the last handle
 		// closes or on next reboot. Matches the upstream DLL's behavior:

common/windivert/handle_windows.go

@@ -48,23 +48,29 @@ func Open(filter *Filter, layer Layer, priority int16, flags Flag) (*Handle, err
 	if err != nil {
 		return nil, err
 	}
-	err = ensureDriver()
+	device, err := openDevice()
 	if err != nil {
-		return nil, err
-	}
-	device, err := windows.CreateFile(
-		driverDevName,
-		windows.GENERIC_READ|windows.GENERIC_WRITE,
-		0, nil,
-		windows.OPEN_EXISTING,
-		windows.FILE_ATTRIBUTE_NORMAL|windows.FILE_FLAG_OVERLAPPED,
-		0,
-	)
-	if err != nil {
-		if errors.Is(err, windows.ERROR_ACCESS_DENIED) {
-			return nil, E.Cause(err, "windivert: open device (administrator required)")
+		if !errors.Is(err, windows.ERROR_FILE_NOT_FOUND) &&
+			!errors.Is(err, windows.ERROR_PATH_NOT_FOUND) {
+			if errors.Is(err, windows.ERROR_ACCESS_DENIED) {
+				return nil, E.Cause(err, "windivert: open device (administrator required)")
+			}
+			return nil, E.Cause(err, "windivert: open device")
+		}
+		// Device node missing: kernel driver not loaded. Install + retry.
+		// Matches WinDivertOpen's lazy-install path; avoids racing StartService
+		// against a still-loaded driver whose SCM record is marked for deletion.
+		err = ensureDriver()
+		if err != nil {
+			return nil, err
+		}
+		device, err = openDevice()
+		if err != nil {
+			if errors.Is(err, windows.ERROR_ACCESS_DENIED) {
+				return nil, E.Cause(err, "windivert: open device (administrator required)")
+			}
+			return nil, E.Cause(err, "windivert: open device")
 		}
-		return nil, E.Cause(err, "windivert: open device")
 	}
 	event, err := windows.CreateEvent(nil, 1, 0, nil) // manual reset, unsignaled
 	if err != nil {
@@ -86,6 +92,17 @@ func Open(filter *Filter, layer Layer, priority int16, flags Flag) (*Handle, err
 	return h, nil
 }
 
+func openDevice() (windows.Handle, error) {
+	return windows.CreateFile(
+		driverDevName,
+		windows.GENERIC_READ|windows.GENERIC_WRITE,
+		0, nil,
+		windows.OPEN_EXISTING,
+		windows.FILE_ATTRIBUTE_NORMAL|windows.FILE_FLAG_OVERLAPPED,
+		0,
+	)
+}
+
 func validateOpenArgs(layer Layer, priority int16, flags Flag) error {
 	if layer != LayerNetwork {
 		return E.New("windivert: invalid layer ", uint32(layer))