This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2652P: If "security frame counter" overflow, what will happen?

Part Number: CC2652P
Other Parts Discussed in Thread: Z-STACK

I have researched the processing of "security frame counter" on Z-stack 3.0.2

    // check frame counter
    linkInfo = nwkNeighborGetLinkInfo( dataInd->mac.srcAddr.addr.shortAddr, dataInd->mac.srcPanId );
    if ( linkInfo )
      keySeqNum = *(dataInd->msdu.p + ff.hdrLen + NWK_AUX_HDR_LEN - 1);

      // check if the frame counter needs to be reset
      if ( linkInfo->inKeySeqNum != keySeqNum )
        linkInfo->inKeySeqNum = keySeqNum;
        linkInfo->inFrmCntr   = 0;

      rcvdFrmCntr = osal_build_uint32( dataInd->msdu.p + ff.hdrLen + 1, 4 );

      if ( rcvdFrmCntr < linkInfo->inFrmCntr )
        return; // Bad frm count
        linkInfo->inFrmCntr = rcvdFrmCntr + 1;

We can see that when current stored frame-counter is 0xFFFFFFFF but the received frame-counter is 0, the incoming message will be ignored. Has the SDK 7.10 fixed this issue?

  • Hi Aries,

    The outgoing NWK frame counter is persistent across device activity, including, including standard factory new and over-the-air resets, to help prevent replay attacks. Once the network frame counter overflows it will start over at zero, and since this is the less than the previous value the device's packets will be discarded by other Zigbee 3.0 devices.  This is covered in Chapter 4.3.1 of the Zigbee R22 2017 Specification in which it is also recommended to occasionally update the network key in order to reset the frame counter and avoid the persistence issue.  The NWK frame counter will be reset if its value is greater than 0x80000000 when a NWK key update is performed.