oh…I believe I fixed the problem…
so I was returning FWPS_STREAM_ACTION_NEED_MORE_DATA —and not checking if the data length changed or remained constant…so I guess it went into an infinite loop and crashed the stream…
the flows that needed more data to check for the HTTP HEADER is finished, never got more data…
[quote]
it does http/https redirection based on a database of urls…i have the https
part commented out for now, until i get this fixed…
my classify function…basically, when a new flow is made, i make sure the HTTP
header is completed…then I cloned the packet and block, and it gets reinjected
inside of the worker thread…
Presumably you are redirecting the flows to a different destination based on the HTTP header content. Your solution is a messy way of achieving this since you won’t see the HTTP headers until a TCP connection to the original destination has already been established. Throwing away that HTTP data means that a TCP connection to the destination (possibly over the internet) has been created completely unnecessarily, adding latency and increasing resource usage for your user’s machine and the server.
You would be better off using ALE_CONNECT_REDIRECT to redirect flows to a local user-mode proxy service as has already been suggested; that avoids setting up TCP sessions to external destinations and never using them and allows you to do your processing in user mode, which eliminates the risk of BSOD when you make a mistake. ALE_CONNECT_REDIRECT is also the supported way of doing redirection in WFP and is supported from Windows 7 onwards, albeit with some limitations prior to Windows 8.