The tool port-mirroring can't handle correctly captured packets with packet size > 2048. For example it occurs when generic receive offloading assembles several packets together.
In TEE capturing mode, it caused Segmentation Fault because fixed buffer with size 2048 is used for re-send captured packet and no check if data fit the buffer is provided, then code writes behind the buffer border.
In TZSP mode packet is stripped on 2000 bytes by size check but no crash occurs.
I have prepared a patch for the 1.4.2 version (see attachment) , used in Turris Omnia, and OpenWRT. This patch checks packet size and realloc the buffer if necessary. Of course here is question how pcap re-inject modified packet back to capturing interface (from brief check i do not see any big issues in wireshark capture), but anyway the patch solves the Seg Fault problem.
I see newer version of the packet-mirroring daemon here, but by quick analysis of the current code, the same problem is here too. I believe that the patch can be easily used in this version or based on the patch principles, the problem can be fixed here better.
The tool port-mirroring can't handle correctly captured packets with packet size > 2048. For example it occurs when generic receive offloading assembles several packets together.
I have prepared a patch for the 1.4.2 version (see attachment) , used in Turris Omnia, and OpenWRT. This patch checks packet size and realloc the buffer if necessary. Of course here is question how pcap re-inject modified packet back to capturing interface (from brief check i do not see any big issues in wireshark capture), but anyway the patch solves the Seg Fault problem.
I see newer version of the packet-mirroring daemon here, but by quick analysis of the current code, the same problem is here too. I believe that the patch can be easily used in this version or based on the patch principles, the problem can be fixed here better.
Patch:
port_mirroring_large_packet-patch.tar.gz