Wireshark-bugs: [Wireshark-bugs] [Bug 2857] New: SNDCP fragment reassembly does not work
Date: Sun, 7 Sep 2008 13:09:47 -0700 (PDT)

           Summary: SNDCP fragment reassembly does not work
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]

Created an attachment (id=2221)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2221)
3 packet capture which illustrates the problem

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
The SNDCP (packet-sndcp) fragment reassembly code does not work. There are 2

a) the N-PDU value is only present in the first fragment, and the npdu
varaiable is set from this, and used in the id part of the fragment reassembly
key. Unfortunately the subsequent fragments result in the npdu variable being
zero, so it never matches the first segment key in the lookup

b) The rest of the key uses the source and destination IP address as the
context part of the fragment lookup key, but the real context for the fragments
should be the transactions of a single SAPI (in the LLC layer) and for a single
MS (TLLI in the BSSGP layer) within the UDP address&port context. Using just
the UDP address and port leaves the dissector prone to multiple fragements from
different MSs/SAPIs (but this may be rare depending on where and how captured).

Fixing these is not trivial AFAIK....

Attached is a short capture of 3 segments of a single message - use Decode As

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.