Hi Zhai, Can you open a issue on bug tracker and a pcap ? https://bugs.wireshark.org
You can also push a fix directly on Gerrit https://code.wireshark.org/review and look for help https://wiki.wireshark.org/Development/SubmittingPatches Cheers On Tue, Sep 24, 2019 at 1:06 PM Xuan k <kxuan...@gmail.com> wrote: > Hi everyone, > > I found a issue about SMB2 protocol. The wireshark gives a wrong value on > "Fixed Part Length" field. > > This is a Close Request message: > Close Request (0x06) > StructureSize: 0x0018 > 0000 0000 0001 100. = Fixed Part Length: 12 > .... .... .... ...0 = Dynamic Part: False > Close Flags: 0x0000 > GUID handle File: Templates > > But the "Fixed Part Length" should be 24 in this message, not 12. > > It seems that the problem is caused by misusing the bit mask of > struct header_field_info. > The source line epan/dissectors/packet-smb2.c:10984 use a mask 0xFFFE to > filter out the field. > 10982 { &hf_smb2_buffer_code_len, > 10983 { "Fixed Part Length", > "smb2.buffer_code.length", FT_UINT16, BASE_DEC, > 10984 NULL, 0xFFFE, "Length of fixed portion of > PDU", HFILL } > 10985 }, > > But in function `proto_tree_set_uint` (epan/proto.c:5281), it shifts the > numberic, and cause the numberic been divided by 2. > > hope this issue will be resolved soon. > > Thanks, > Zhai Zhaoxuan >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe