Wireshark · Wireshark-dev: Re: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number

Wireshark-dev: Re: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Thu, 2 Aug 2018 20:03:58 +0200

Hi,

Not burdened by any ZigBee domain knowledge I would say that a seq# rollover would require a clearing of the non-reassembled fragments. But not all of them because we could still be in the process of reassembling the part of the stream with the not-yet rolled over seq#. A sliding window of non-reassembled fragments, of about half the seq# range, moved forward by the next received seq#, could be sufficient. All in all this would be an extension of the generic reassembly routenes, assuming they are used...

Thanks,

Jaap

On 2 Aug 2018, at 12:17, Kenneth Soerensen <knnthsrnsn@xxxxxxxxx> wrote:

Hi

I have filled bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15021

Any idea how we can fix this?

The packet re-assembler is confused by ZigBee APS re-using sequence numbers, which makes it hard to distinguish what fragments belong to specific re-assembled packets.

/Kenneth

Follow-Ups:
- Re: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number
  - From: John Thacker

References:
- [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number
  - From: Kenneth Soerensen

Prev by Date: Re: [Wireshark-dev] Why is my petri-dish build failing?
Next by Date: Re: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number
Previous by thread: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number
Next by thread: Re: [Wireshark-dev] ZigBee APS re-assemble with re-used sequence number
Index(es):
- Date
- Thread