Wireshark mailing list archives
Re: smb2.msg_id defined as signed 64-bit integer - bug?
From: Graham Bloice <graham.bloice () trihedral com>
Date: Sat, 17 Sep 2016 16:38:29 +0100
On 17 September 2016 at 15:12, Paul Offord <Paul.Offord () advance7 com> wrote:
In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a
signed 64-bit integer.
packet-smb2.h
------------------
typedef struct _smb2_info_t {
guint16 opcode;
guint32 ioctl_function;
guint32 status;
guint32 tid;
guint64 sesid;
gint64 msg_id;
guint32 flags;
smb2_eo_file_info_t *eo_file_info; /* eo_smb extra
info */
smb2_conv_info_t *conv;
smb2_saved_info_t *saved;
smb2_tid_info_t *tree;
smb2_sesid_info_t *session;
smb2_fid_info_t *file;
proto_tree *top_tree;
} smb2_info_t;
packet-smb2.c
------------------
{ &hf_smb2_msg_id,
{ "Message ID",
"smb2.msg_id", FT_INT64, BASE_DEC,
NULL, 0, "SMB2 Message ID",
HFILL }
},
I believe MessageId should be an unsigned 64-bit integer. Although the
[MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the
field as UInt64.
It’s not a big deal but it does mean that filtering for a range of
MessageIds won’t work as expected for very large values.
Is it OK for me to report this as a bug through Bugzilla?
Sure, or submit a change directly. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Graham Bloice (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Richard Sharpe (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)