2.2.1.2 SMB2 Packet Header - SYNC
If the SMB2_FLAGS_ASYNC_COMMAND bit is not set in Flags, the header takes the following form.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ProtocolId |
|||||||||||||||||||||||||||||||
|
StructureSize |
CreditCharge |
||||||||||||||||||||||||||||||
|
(ChannelSequence,Reserved)/Status |
|||||||||||||||||||||||||||||||
|
Command |
CreditRequest/CreditResponse |
||||||||||||||||||||||||||||||
|
Flags |
|||||||||||||||||||||||||||||||
|
NextCommand |
|||||||||||||||||||||||||||||||
|
MessageId |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Reserved |
|||||||||||||||||||||||||||||||
|
TreeId |
|||||||||||||||||||||||||||||||
|
SessionId |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Signature |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
ProtocolId (4 bytes): The protocol identifier. The value MUST be set to 0x424D53FE, also represented as (in network order) 0xFE, 'S', 'M', and 'B'.
StructureSize (2 bytes): This MUST be set to 64, which is the size, in bytes, of the SMB2 header structure.
CreditCharge (2 bytes): In the SMB 2.0.2 dialect, this field MUST NOT be used and MUST be reserved. The sender MUST set this to 0, and the receiver MUST ignore it. In all other dialects, this field indicates the number of credits that this request consumes.
(ChannelSequence,Reserved)/Status (4 bytes): In a request, this field is interpreted in different ways depending on the SMB2 dialect.
-
In the SMB 3.x dialect family, this field is interpreted as the ChannelSequence field followed by the Reserved field in a request.
-
ChannelSequence (2 bytes): This field is an indication to the server about the client's Channel change.
-
Reserved (2 bytes): This field SHOULD be set to zero and the server MUST ignore it on receipt.
-
In the SMB 2.0.2 and SMB 2.1 dialects, this field is interpreted as the Status field in a request.
-
Status (4 bytes): The client MUST set this field to 0 and the server MUST ignore it on receipt.
-
In all SMB dialects for a response this field is interpreted as the Status field. This field can be set to any value. For a list of valid status codes, see [MS-ERREF] section 2.3.
Command (2 bytes): The command code of this packet. This field MUST contain one of the following valid commands.
-
Name
Value
SMB2 NEGOTIATE
0x0000
SMB2 SESSION_SETUP
0x0001
SMB2 LOGOFF
0x0002
SMB2 TREE_CONNECT
0x0003
SMB2 TREE_DISCONNECT
0x0004
SMB2 CREATE
0x0005
SMB2 CLOSE
0x0006
SMB2 FLUSH
0x0007
SMB2 READ
0x0008
SMB2 WRITE
0x0009
SMB2 LOCK
0x000A
SMB2 IOCTL
0x000B
SMB2 CANCEL
0x000C
SMB2 ECHO
0x000D
SMB2 QUERY_DIRECTORY
0x000E
SMB2 CHANGE_NOTIFY
0x000F
SMB2 QUERY_INFO
0x0010
SMB2 SET_INFO
0x0011
SMB2 OPLOCK_BREAK
0x0012
CreditRequest/CreditResponse (2 bytes): On a request, this field indicates the number of credits the client is requesting. On a response, it indicates the number of credits granted to the client.
Flags (4 bytes): A Flags field indicates how to process the operation. This field MUST be constructed using the following values:
-
Value
Meaning
SMB2_FLAGS_SERVER_TO_REDIR
0x00000001
When set, indicates the message is a response, rather than a request. This MUST be set on responses sent from the server to the client and MUST NOT be set on requests sent from the client to the server.
SMB2_FLAGS_ASYNC_COMMAND
0x00000002
When set, indicates that this is an ASYNC SMB2 header. This flag MUST NOT be set when using the SYNC SMB2 header.
SMB2_FLAGS_RELATED_OPERATIONS
0x00000004
When set in an SMB2 request, indicates that this request is a related operation in a compounded request chain. The use of this flag in an SMB2 request is as specified in section 3.2.4.1.4.
When set in an SMB2 compound response, indicates that the request corresponding to this response was part of a related operation in a compounded request chain. The use of this flag in an SMB2 response is as specified in section 3.3.5.2.7.2.
SMB2_FLAGS_SIGNED
0x00000008
When set, indicates that this packet has been signed. The use of this flag is as specified in section 3.1.5.1.
SMB2_FLAGS_PRIORITY_MASK
0x00000070
This flag is only valid for the SMB 3.1.1 dialect. It is a mask for the requested I/O priority of the request, and it MUST be a value in the range 0 to 7.
SMB2_FLAGS_DFS_OPERATIONS
0x10000000
When set, indicates that this command is a DFS operation. The use of this flag is as specified in section 3.3.5.9.
SMB2_FLAGS_REPLAY_OPERATION
0x20000000
This flag is only valid for the SMB 3.x dialect family. When set, it indicates that this command is a replay operation.
The client MUST ignore this bit on receipt.
NextCommand (4 bytes): For a compounded request and response, this field MUST be set to the offset, in bytes, from the beginning of this SMB2 header to the start of the subsequent 8-byte aligned SMB2 header. If this is not a compounded request or response, or this is the last header in a compounded request or response, this value MUST be 0.
MessageId (8 bytes): A value that identifies a message request and response uniquely across all messages that are sent on the same SMB 2 Protocol transport connection.
Reserved (4 bytes): The client SHOULD<3> set this field to 0. The server MAY<4> ignore this field on receipt.
TreeId (4 bytes): Uniquely identifies the tree connect for the command. This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be any unsigned 32-bit integer that is received from a previous SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the following commands:
SessionId (8 bytes): Uniquely identifies the established session for the command. This field MUST be set to 0 for an SMB2 NEGOTIATE Request (section 2.2.3) and for an SMB2 NEGOTIATE Response (section 2.2.4).
Signature (16 bytes): The 16-byte signature of the message, if SMB2_FLAGS_SIGNED is set in the Flags field of the SMB2 header and the message is not encrypted. If the message is not signed, this field MUST be 0.