port-mirroring icon indicating copy to clipboard operation
port-mirroring copied to clipboard
verified publisher icon mmaraya

Segmentation Fault during TEE capturing mode with large packets

Open polachz opened this issue 8 years ago • 2 comments

The tool port-mirroring can't handle correctly captured packets with packet size > 2048. For example it occurs when generic receive offloading assembles several packets together.

  • In TEE capturing mode, it caused Segmentation Fault because fixed buffer with size 2048 is used for re-send captured packet and no check if data fit the buffer is provided, then code writes behind the buffer border.
  • In TZSP mode packet is stripped on 2000 bytes by size check but no crash occurs.

I have prepared a patch for the 1.4.2 version (see attachment) , used in Turris Omnia, and OpenWRT. This patch checks packet size and realloc the buffer if necessary. Of course here is question how pcap re-inject modified packet back to capturing interface (from brief check i do not see any big issues in wireshark capture), but anyway the patch solves the Seg Fault problem.

I see newer version of the packet-mirroring daemon here, but by quick analysis of the current code, the same problem is here too. I believe that the patch can be easily used in this version or based on the patch principles, the problem can be fixed here better.

Patch:

port_mirroring_large_packet-patch.tar.gz

polachz avatar Nov 16 '17 13:11 polachz

Apologies for the late reply (alas life gets in the way). Let me look at this today.

mmaraya avatar Mar 31 '19 16:03 mmaraya

I've refactored quite a bit from 1.4.2 to 1.4.3 so I can't apply the patch directly. This will need more work.

mmaraya avatar Apr 07 '19 01:04 mmaraya