Hi everyone,
I found a issue about SMB2 protocol. The wireshark gives a wrong value on "Fixed Part Length" field.
This is a Close Request message:
Close Request (0x06)
StructureSize: 0x0018
0000 0000 0001 100. = Fixed Part Length: 12
.... .... .... ...0 = Dynamic Part: False
Close Flags: 0x0000
GUID handle File: Templates
But the "Fixed Part Length" should be 24 in this message, not 12.
It seems that the problem is caused by misusing the bit mask of struct header_field_info.
The source line epan/dissectors/packet-smb2.c:10984 use a mask 0xFFFE to filter out the field.
10982 { &hf_smb2_buffer_code_len,
10983 { "Fixed Part Length", "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
10984 NULL, 0xFFFE, "Length of fixed portion of PDU", HFILL }
10985 },
But in function `proto_tree_set_uint` (epan/proto.c:5281), it shifts the numberic, and cause the numberic been divided by 2.
hope this issue will be resolved soon.
Thanks,
Zhai Zhaoxuan