Wireshark-bugs: [Wireshark-bugs] [Bug 10860] ZigBee ZCL cluster dissector incorrectly tied to Pr
Comment # 12
on bug 10860
from Arasch Honarbacht
(In reply to julien STAUB from comment #9)
> (In reply to Arasch Honarbacht from comment #4)
> > Created attachment 13528 [details]
> > An .pcap with ZigBee traffic showing Green Power cluster issues
> >
> > So here is a .pcap
> >
> > This is a small network of four GP combos (proxy + sink). One of these
> > devices has the GP profile ID 0xA1E0, the others the ZigBee 3.0 common
> > profile (0x0104) on the GP endpoint (242). Queries to devices with profile
> > ID 0x0104 are correctly dissected, while queries to 0xA1E0 are not.
> >
> > I can't provide a patch - I am only a user of Wireshark, not a contributor
> > ;-)
> >
> > Hope it helps understanding and fixing the issue.
>
> Is the packet number 676 of your capture representative of your bug ? (10
> bytes of "undissected" trailing data)
> If yes I think I understand the bug and I will correct it.
> If not could you give me the packet number that shows the bug ?
#676 is actually ok (APS: Ack).
So the issue is as follows: packet #1946 - #2032 show as "APS: Data" (no
further decoding of ZCL frame), whereas #2047 - #2135 are dissected OK. The
difference is only that the profile IDs are different (0x0104 vs. 0xA1E0).
Same for Frames #782 - #900.
Really the default rule should be to treat everything as ZCL frame except for
Profile 0x0000 (ZDP) and other profiles IDs where it is *definitely known*
these use a different application framework than the ZCL.
You are receiving this mail because:
- You are watching all bug changes.
