Wireshark mailing list archives
Re: smb2.msg_id defined as signed 64-bit integer - bug?
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 17 Sep 2016 09:36:21 -0700
On Sat, Sep 17, 2016 at 7:12 AM, Paul Offord <Paul.Offord () advance7 com> wrote:
In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed 64-bit integer.
As Graham alreay said, sure create a bug or submit a change directly. However, even at 1 SMB message per microsecond, that is still around 10^43 seconds before we ever see an issue, or around 10^37 days ... we've got time. (Message IDs start at 1, I believe.)
packet-smb2.h
------------------
typedef struct _smb2_info_t {
guint16 opcode;
guint32 ioctl_function;
guint32 status;
guint32 tid;
guint64 sesid;
gint64 msg_id;
guint32 flags;
smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info
*/
smb2_conv_info_t *conv;
smb2_saved_info_t *saved;
smb2_tid_info_t *tree;
smb2_sesid_info_t *session;
smb2_fid_info_t *file;
proto_tree *top_tree;
} smb2_info_t;
packet-smb2.c
------------------
{ &hf_smb2_msg_id,
{ "Message ID", "smb2.msg_id",
FT_INT64, BASE_DEC,
NULL, 0, "SMB2 Message ID",
HFILL }
},
I believe MessageId should be an unsigned 64-bit integer. Although the
[MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the
field as UInt64.
It’s not a big deal but it does mean that filtering for a range of
MessageIds won’t work as expected for very large values.
Is it OK for me to report this as a bug through Bugzilla?
Best regards…Paul
______________________________________________________________________
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system.
Any views or opinions expressed are solely those of the author and do not
necessarily represent those of Advance Seven Ltd. E-mail transmission cannot
be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message, which arise as a result
of e-mail transmission.
Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
-- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Graham Bloice (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Richard Sharpe (Sep 17)
- Re: smb2.msg_id defined as signed 64-bit integer - bug? Paul Offord (Sep 17)