In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed 64-bit integer.
packet-smb2.h
------------------
typedef struct _smb2_info_t {
guint16 opcode;
guint32 ioctl_function;
guint32 status;
guint32 tid;
guint64 sesid;
gint64 msg_id;
guint32 flags;
smb2_eo_file_info_t *eo_file_info; /* eo_smb extra info */
smb2_conv_info_t *conv;
smb2_saved_info_t *saved;
smb2_tid_info_t *tree;
smb2_sesid_info_t *session;
smb2_fid_info_t *file;
proto_tree *top_tree;
} smb2_info_t;
packet-smb2.c
------------------
{ &hf_smb2_msg_id,
{ "Message ID", "smb2.msg_id", FT_INT64, BASE_DEC,
NULL, 0, "SMB2 Message ID", HFILL }
},
I believe MessageId should be an unsigned 64-bit integer. Although the [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the field as UInt64.
It’s not a big deal but it does mean that filtering for a range of MessageIds won’t work as expected for very large values.
Is it OK for me to report this as a bug through Bugzilla?