Segmentation Fault during TEE capturing mode with large packets

[polachz]

The tool port-mirroring can't handle correctly captured packets with packet size > 2048. For example it occurs when generic receive offloading assembles several packets together.

• In TEE capturing mode, it caused Segmentation Fault because fixed buffer with size 2048 is used for re-send captured packet and no check if data fit the buffer is provided, then code writes behind the buffer border.
• In TZSP mode packet is stripped on 2000 bytes by size check but no crash occurs.

I have prepared a patch for the 1.4.2 version (see attachment) , used in Turris Omnia, and OpenWRT. This patch checks packet size and realloc the buffer if necessary. Of course here is question how pcap re-inject modified packet back to capturing interface (from brief check i do not see any big issues in wireshark capture), but anyway the patch solves the Seg Fault problem.

I see newer version of the packet-mirroring daemon here, but by quick analysis of the current code, the same problem is here too. I believe that the patch can be easily used in this version or based on the patch principles, the problem can be fixed here better.

Patch:

port_mirroring_large_packet-patch.tar.gz

[mmaraya]

Apologies for the late reply (alas life gets in the way). Let me look at this today.

[mmaraya]

I've refactored quite a bit from 1.4.2 to 1.4.3 so I can't apply the patch directly. This will need more work.