[Bro-Dev] #785: SMB processid field
Bro Tracker
bro at tracker.bro-ids.org
Fri Feb 24 18:30:57 PST 2012
#785: SMB processid field
----------------------------+------------------------
Reporter: JulienSentier | Owner: seth
Type: Patch | Status: closed
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: Invalid | Keywords: smb
----------------------------+------------------------
Changes (by seth):
* status: assigned => closed
* resolution: => Invalid
Comment:
This patch isn't actually correct. The uint16 it's extracting is the high
16 bits of the 32bit process id. It's split because they made the process
id a 32bit value after defining this message and they used the formerly
reserved bytes to get the other 16bits. It's already fixed in the
topic/seth/smb-smb2-work branch along with a lot of other issues.
I'm going to close the ticket, but Julien, let me know if you have
specific goals with SMB+SMB2. I'll make sure and commit my current work
to the branch really soon.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/785#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list