Wireshark-bugs: [Wireshark-bugs] [Bug 2857] New: SNDCP fragment reassembly does not work
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2857
Summary: SNDCP fragment reassembly does not work
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: Neil@xxxxxxxxxxxxxxxxxx
Created an attachment (id=2221)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2221)
3 packet capture which illustrates the problem
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The SNDCP (packet-sndcp) fragment reassembly code does not work. There are 2
problems:
a) the N-PDU value is only present in the first fragment, and the npdu
varaiable is set from this, and used in the id part of the fragment reassembly
key. Unfortunately the subsequent fragments result in the npdu variable being
zero, so it never matches the first segment key in the lookup
b) The rest of the key uses the source and destination IP address as the
context part of the fragment lookup key, but the real context for the fragments
should be the transactions of a single SAPI (in the LLC layer) and for a single
MS (TLLI in the BSSGP layer) within the UDP address&port context. Using just
the UDP address and port leaves the dissector prone to multiple fragements from
different MSs/SAPIs (but this may be rare depending on where and how captured).
Fixing these is not trivial AFAIK....
Attached is a short capture of 3 segments of a single message - use Decode As
"NSIP".
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
