mirage icon indicating copy to clipboard operation
mirage copied to clipboard
verified publisher icon RCayre

Fix BLE ACL fragmented packet reassembly

Open omicronns opened this issue 2 years ago • 1 comments

I believe there was a bug in BLE packet reassembly. Current code assumed L2CAP_Hdr will be after HCI_ACL_Hdr in incoming packet fragments, but this is not true. In the next fragments there can be any data which only sometimes will be interpreted by scapy as L2CAP. According to Wireshark's dissector actual fragment data starts after HCI_ACL_Hdr which I extracted using HCI_ACL_Hdr:][1:].

Also both reassembly if statements can be pulled into the conditional immediately after them.

omicronns avatar Jan 26 '23 03:01 omicronns

I just stumbled on the same problem, and got to the same conclusion. Then I found your PR. Thanks for this. This should be integrated in master.

vdechef avatar Jun 16 '23 09:06 vdechef