https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12915
Bug ID: 12915 Summary: SMB2 MessageId should be stored and rendered as an unsigned 64-bit integer Product: Wireshark Version: Git Hardware: x86 OS: Windows 7 Status: UNCONFIRMED Severity: Minor Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: paul.off...@advance7.com Build Information: Version 2.3.0-Syncro (v2.3.0rc0-545-g85b20f7 from unknown) Copyright 1998-2016 Gerald Combs <ger...@wireshark.org> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with Qt 5.5.1, with WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia, with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale English_United Kingdom.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, with AirPcap 4.1.0 build 1622. Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz (with SSE4.2), with 8082MB of physical memory. Built using Microsoft Visual C++ 12.0 build 40629 Wireshark is Open Source Software released under the GNU General Public License. -- In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed 64-bit integer. packet-smb2.h ------------------ typedef struct _smb2_info_t { guint16 opcode; guint32 ioctl_function; guint32 status; guint32 tid; guint64 sesid; gint64 msg_id; guint32 flags; smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */ smb2_conv_info_t *conv; smb2_saved_info_t *saved; smb2_tid_info_t *tree; smb2_sesid_info_t *session; smb2_fid_info_t *file; proto_tree *top_tree; } smb2_info_t; packet-smb2.c ------------------ { &hf_smb2_msg_id, { "Message ID", "smb2.msg_id", FT_INT64, BASE_DEC, NULL, 0, "SMB2 Message ID", HFILL } }, I believe MessageId should be an unsigned 64-bit integer. Although the [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the field as UInt64. It’s not a big deal but it does mean that filtering for a range of MessageIds won’t work as expected for very large values. -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe