Proper way to absorb and reinject a MAC_FRAME_ETHERNET in WFP?

Question

I want to write a WFP driver that works on the inbound/outbound MAC_FRAME_ETHERNET WFP layer in order to capture the entire packet (That is why I chose MAC_FRAME instead of IPPACKET). Therefore i have a thread that receives these absorbed MAC_FRAMES and reinjects those that are OK and not malicious.

My question is, what are the proper steps that i need to do this?

Currently I'm doing it this way:

ClassifyFn:

   // I DO NOT use FwpsReferenceNetBufferList( nbl )
   FwpsAllocateCloneNetBufferList( nbl, cloneNbl )  // I retreat before clone with the size of ETH header in case of inbound and advance it afterward, otherwise no retreat.

   // Absorb  
   classifyOut->actionType = FWP_ACTION_BLOCK 
   classifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB
   classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE

Thread:

    FwpsInjectMacSendAsync( cloneNbl ) // if the packet was OK
    FwpsInjectMacReceiveAsync( cloneNbl ) // if the packet was OK

InjectCompletion:

    FwpsFreeCloneNetBufferList

So these are my questions:

1. Am i doing it correctly? Is there anything i can do to improve and make it more stable?

2. Do i need to reference the original NBL and deref it in the injection completion?

3. What is the difference between using FwpsAllocateNetBufferAndNetBufferList0 vs FwpsAllocateCloneNetBufferList in this scenario?

4. Can i safely access the cloned NBL forever without referencing the original NBL?

Note that i do not Modify the packets at all, either i drop it or allow it.

I'm asking this because there seems to be some pool corruption somewhere that is causing random BSODs, and I'm not sure if its related to me doing something wrong or not?