On 17 September 2016 at 15:12, Paul Offord <[email protected]> wrote:
> In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a
> signed 64-bit integer.
>
>
>
> packet-smb2.h
>
> ------------------
>
> typedef struct _smb2_info_t {
>
> guint16 opcode;
>
> guint32 ioctl_function;
>
> guint32 status;
>
> guint32 tid;
>
> guint64 sesid;
>
> gint64 msg_id;
>
> guint32 flags;
>
> smb2_eo_file_info_t *eo_file_info; /* eo_smb extra
> info */
>
> smb2_conv_info_t *conv;
>
> smb2_saved_info_t *saved;
>
> smb2_tid_info_t *tree;
>
> smb2_sesid_info_t *session;
>
> smb2_fid_info_t *file;
>
> proto_tree *top_tree;
>
> } smb2_info_t;
>
>
>
> packet-smb2.c
>
> ------------------
>
> { &hf_smb2_msg_id,
>
> { "Message ID",
> "smb2.msg_id", FT_INT64, BASE_DEC,
>
> NULL, 0, "SMB2 Message ID",
> HFILL }
>
> },
>
>
>
>
>
> I believe MessageId should be an unsigned 64-bit integer. Although the
> [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the
> field as UInt64.
>
>
>
> It’s not a big deal but it does mean that filtering for a range of
> MessageIds won’t work as expected for very large values.
>
>
>
> Is it OK for me to report this as a bug through Bugzilla?
>
>
>
>
Sure, or submit a change directly.
--
Graham Bloice
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
