On 17 September 2016 at 15:12, Paul Offord <paul.off...@advance7.com> wrote:

> In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a
> signed 64-bit integer.
>
>
>
> packet-smb2.h
>
> ------------------
>
> typedef struct _smb2_info_t {
>
>                guint16 opcode;
>
>                guint32 ioctl_function;
>
>                guint32 status;
>
>                guint32 tid;
>
>                guint64 sesid;
>
>                gint64  msg_id;
>
>                guint32 flags;
>
>                smb2_eo_file_info_t       *eo_file_info; /* eo_smb extra
> info */
>
>                smb2_conv_info_t           *conv;
>
>                smb2_saved_info_t         *saved;
>
>                smb2_tid_info_t                              *tree;
>
>                smb2_sesid_info_t           *session;
>
>                smb2_fid_info_t                              *file;
>
>                proto_tree *top_tree;
>
> } smb2_info_t;
>
>
>
> packet-smb2.c
>
> ------------------
>
>                               { &hf_smb2_msg_id,
>
>                                              { "Message ID",
> "smb2.msg_id", FT_INT64, BASE_DEC,
>
>                                              NULL, 0, "SMB2 Message ID",
> HFILL }
>
>                               },
>
>
>
>
>
> I believe MessageId should be an unsigned 64-bit integer.  Although the
> [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the
> field as UInt64.
>
>
>
> It’s not a big deal but it does mean that filtering for a range of
> MessageIds won’t work as expected for very large values.
>
>
>
> Is it OK for me to report this as a bug through Bugzilla?
>
>
>
>
Sure, or submit a change directly.


-- 
Graham Bloice
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to