Wireshark mailing list archives
Re: smb2.msg_id defined as signed 64-bit integer - bug?
From: Graham Bloice <graham.bloice () trihedral com>
Date: Sat, 17 Sep 2016 16:38:29 +0100
On 17 September 2016 at 15:12, Paul Offord <Paul.Offord () advance7 com> wrote:
In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed 64-bit integer. packet-smb2.h ------------------ typedef struct _smb2_info_t { guint16 opcode; guint32 ioctl_function; guint32 status; guint32 tid; guint64 sesid; gint64 msg_id; guint32 flags; smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */ smb2_conv_info_t *conv; smb2_saved_info_t *saved; smb2_tid_info_t *tree; smb2_sesid_info_t *session; smb2_fid_info_t *file; proto_tree *top_tree; } smb2_info_t; packet-smb2.c ------------------ { &hf_smb2_msg_id, { "Message ID", "smb2.msg_id", FT_INT64, BASE_DEC, NULL, 0, "SMB2 Message ID", HFILL } }, I believe MessageId should be an unsigned 64-bit integer. Although the [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the field as UInt64. It’s not a big deal but it does mean that filtering for a range of MessageIds won’t work as expected for very large values. Is it OK for me to report this as a bug through Bugzilla?
Sure, or submit a change directly. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Graham Bloice (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Richard Sharpe (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)