Driver fails to unload as flow context can't be removed (FwpsFlowRemoveContext returns STATUS_UNSUCCESSFUL) RRS feed

  • Question

  • Hello,

    I have a WFP driver which does inline stream inspection.

    The driver creates and associates a context in FLOW_ESTABLISHED_V4/V6 callout.

    A list is maintained to store these contexts which may be needed during driver cleanup.

    When the driver is running and a flow gets closed the FlowDelete() function gets called and the context is freed.

    However for n/w connections which are still alive and the driver is unloading, the list is traversed and for each flow FwpsFlowRemoveContext is called for each flow handle in this list.

    FwpsRemoveFlowContext returns STATUS_UNSUCCESSFUL for these connections due to which Stream callout unregistration fails with DEVICE_BUSY.

    FwpsRemoveFlowContext returns STATUS_UNSUCCESSFUL due to which Stream callout unregistration fails with DEVICE_BUSY.

    STATUS_UNSUCCESSFUL means There is no context currently associated with the data flow.    

    due to this the stream callout can't be un-registered and the DRIVER_OBJECT is still in memory. 

    Not sure why FwpsFlowRemove fails when a flow is associated with a data flow.

    Please let me know how this issue can be solved.


    Friday, December 6, 2019 5:20 PM

All replies

  • additional info

    1. If FwpsFlowAbort0()n is called on the flows for which FwpsFlowRemoveContext has failed the the connection breaks and unregistering the callout succeeds and the driver unloads.

    2. This means that the flow has associated context but FwpsFlowRemoveContext returns that there is no context.

    Is this some bug with WFP?

    Friday, December 6, 2019 5:42 PM