In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed
64-bit integer.
packet-smb2.h
------------------
typedef struct _smb2_info_t {
guint16 opcode;
guint32 ioctl_function;
guint32 status;
guint32 tid;
guint64 sesid;
gint64 msg_id;
guint32 flags;
smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */
smb2_conv_info_t *conv;
smb2_saved_info_t *saved;
smb2_tid_info_t *tree;
smb2_sesid_info_t *session;
smb2_fid_info_t *file;
proto_tree *top_tree;
} smb2_info_t;
packet-smb2.c
------------------
{ &hf_smb2_msg_id,
{ "Message ID", "smb2.msg_id",
FT_INT64, BASE_DEC,
NULL, 0, "SMB2 Message ID", HFILL }
},
I believe MessageId should be an unsigned 64-bit integer. Although the
[MS-SMB2] document isn't specific, Microsoft Message Analyzer defines the field
as UInt64.
It's not a big deal but it does mean that filtering for a range of MessageIds
won't work as expected for very large values.
Is it OK for me to report this as a bug through Bugzilla?
Best regards...Paul
______________________________________________________________________
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system.
Any views or opinions expressed are solely those of the author and do not
necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or omissions in the
contents of this message, which arise as a result of e-mail transmission.
Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour
House, Coopers End Lane, Stansted, Essex CM24 1SJ
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
_________________________________________________________________________________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
