Packets in form of Net buffer list are injected by
FwpsInjectTransportSendAsync
FwpsStreamInjectAsync0
A completion routing typed "FWPS_INJECT_COMPLETE0" is supposed to clean up the context that is passed along
But the msdn page documents that FWPS_INJECT_COMPLETE0 can be called more than once if the Net buffer list has chain of NBLs
However, the samples do not take care of this and frees the NBL as well as the context.
I checked the Driver samples Windows-driver-samples/network/trans at main · microsoft/Windows-driver-samples · GitHub
-
if the completion routine is called more than once it will be double free and a memory corruption
-
what’s the best approach to clean-up the context ,
we count nodes in net buffer list chain , and maintain a reference counting context to ensure cleanup at the last
the completion func FWPS_INJECT_COMPLETE0 has argument NET_BUFFER_LIST * nbl
that will be different every time the completion function is called
calling FwpsFreeNetBufferList or FwpsFreeCloneNetBufferList0 on this pointer will free the NBL
question ...will it free only the node or the entire list.
Please suggest if you have experienced such issue and how did you approach it.
Thanks for paying attention to my post.
Regards,
Maneesh