idf This contains the SMB identifier code.
Com this is the SMB command code. See the later section "SMB Commands in the com Field" for details.
Rcls this is the error class.
Reh this is reserved for future use.
Err This is the error code returned.
Flg this is the first flags field. See the later section "flg FieldValues" for details.
Flg2 this is the second flags field. See the later section "flg2 FieldValues" for details.
Res this is reserved for future use.
Tid this is used by the server to identify a resource such as a disk subtree. In the LANMAN 1.2 extended protocol environment the TID represents an instance of an authenticated use. This is the result of a successful NET USE to a server using a valid netname and password. If the server is executing in a share level security mode, the TID is the only information used to allow access to the shared resource. Thus if the user is able to perform a successful NET USE to the server specifying the appropriate share name and password the resource may be accessed according to the access rights associated with the shared resource. If, however, the server is executing in user level security mode, access to the resource is based on the UID value validated on the Session Setup protocol and the TID is not associated with access control but rather merely defines the resource such as the shared directory tree. In most SMB protocols, the tid field must contain a valid TID value. Exceptions to this include the state prior to getting a TID established including NEGOTIATE,TREE CONNECT, SESS_SETUPandX, and TREE_CONNandX protocols. Other exceptions include QUERY_SRV_INFO, some forms of the TRANSACTION protocol, and ECHO. A NULL TID is defined as 0xFFFE The server is responsible for enforcing the use of a valid TID where appropriate.
Id this is the caller's process identifier. It is generated by the consumer (redirector) to uniquely identify a process within the consumer's system. A response message always contains the same value in pid as in the corresponding request message.
Uid this is the UID value of the authenticated
process. It is used by the LANMAN 1.0 extended protocol when the server
is executing in the user level security mode to validate access on protocols
that reference symbolically named resources such as file open. Thus different
users accessing the same TID may be granted different access to the resources
defined by the TID based on the UID. The UID is returned by the server
via the Session Set Up command. This UID must be used in all SMBs following
Session Set Up and X.
mid This is used for multiplexing multiple messages on a single Virtual Circuit (VC) when normally multiple requests are from the same process. The pid and the mid fields uniquely identify a request and are used by the consumer to correlate incoming responses to previously sent requests.
wct this is the number of 16-bit words that follow this field. It indicates the size of the variable portion of the SMB command.
Vwv this is a variable number of 16-bit words. The size of this field is indicated by the previous field, wct.
bcc this is a count of the bytes that follow.
Buf this is a variable number of bytes. The size of this field is indicated by the previous field, bcc.
flg Field Values
The flg field can have the following values:
bit0 When set by the server in the Negotiate response protocol, this bit indicates that the server supports the subdialect, consisting of the LockandRead and WriteandUnlock protocols defined in the SMB File Sharing Protocol Extension version 2.0, document version 3.2.
bit1 When set to 1 on a protocol request being sent to the server, the consumer guarantees that there is a receive buffer posted such that a "Send.No.Ack" can be used by the server to respond to the consumer's request. The LANMAN 1.2 Redirector for OS/2 does not set this bit.
bit2 this is reserved and must be 0.
bit3 When on, all pathnames in the protocol must be treated as caseless. When off, the pathnames are case sensitive. This allows forwarding of the protocol message on various extendedVCs in which caseless may not be the norm. The LANMAN 1.2 Redirector for OS/2 always has this bit on to indicate caseless pathnames.
bit4 When on the Session Setup and the X protocol, all paths sent to the server by the consumer are already in the canonicalized format used by OS/2 and NT. This means that file/directory names are in uppercase and are valid characters, and backslashes are used as separators.
bit5 When on Core protocol Open, Create, and Make New, this indicates that the consumer is requesting that the file be "opportunistically" locked if this process is the only process that has the file open at the time of the open request. If the server "grants" this oplock request, then this bit should remain set in the corresponding response protocol to indicate to the consumer that the oplock request was granted.
bit6 When on Core protocols Open, Create, and Make New, this indicates that the server should notify the consumer on any action that can modify the file delete, setattrib, rename, and so on. If not set, the server need only notify the consumer on another open request.
bit7 When on, this protocol is being sent from the server in response to a consumer request. The com field usually contains the same value in a protocol request from the consumer to the server as in the matching response from the server to the consumer. This bit unambiguously distinguishes the command request from the command response. On a multiplexedVC on a node in which both server and consumer are active, this bit can be used by the node's SMB delivery system to help identify whether this protocol should be routed to a waiting consumer process or to the server.
flg2 FieldValues
bit0 when set by the consumer, the running application understands OS/2 and NT style file names.
bit1 when set by the consumer, the running application understands extended attributes.
bit2 through bit15 are reserved and must be set to 0.
SMB Commands in the com Field
In the SMB Core protocol the SMB commands field, com, contains code values that can be grouped into the following four categories:
Session Control commands. Session commands are responsible for starting and ending the communication between a redirector and a server. They also verify the SMB version number between the two communicating entities.
File commands. File commands enable access to directories and files on the server. These commands are issued after the session has been established.
Print commands. Print commands enable the redirector to send files to the server's printer and query the server's print queue for status information.
Message commands. Message commands enable an application program to send individual or broadcast queries.