2.2.3.4 Batched Messages ("AndX" Messages)
Batched messages using the AndX construct were introduced in the LAN Manager 1.0 dialect. Batched messages reduce the number of messages required to complete a series of commands by sending multiple command requests or responses in a single message. SMB commands that apply the AndX construct are known as "AndX Commands", and are identified by the NT LAN Manager convention of appending "_ANDX" to the command name. Messages of this type are known as AndX Messages.
In AndX Messages, only one SMB Header (section 2.2.3.1) is sent. The header is then followed by zero or more Parameter and Data block pairs, each corresponding to an additional command request/response. There is no limit on the number of block pairs in a message specifically, only on the total message size. The total size of a Batched Message MUST NOT exceed the negotiated MaxBufferSize. AndX Messages contain a construct, conceptually similar to a linked-list, that is used to connect the batched block pairs. The resulting list is referred to as an AndX Chain. The structure of this construct is shown below.
-
AndX { UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; }
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AndXCommand |
AndXReserved |
AndXOffset |
AndXCommand (1 byte): The command code associated with the next block pair in the AndX Chain.
AndXReserved (1 byte): This field is reserved and MUST be 0x00.
AndXOffset (2 bytes): The offset in bytes, relative to the start of the SMB Header, of the next Parameter block in the AndX Message. This offset is independent of any other size parameters or offsets within the command. This offset can point to a location past the end of the current block pair.
The AndX construct is located at the start of the Parameter block of an AndX command request/response.
An AndX Chain is considered terminated when its last command is either a non-AndX SMB command or an AndX SMB command with the AndXCommand field set to SMB_COM_NO_ANDX_COMMAND (section 2.2.4.75) (0xFF, representing the chain terminator). The SMB_COM_NO_ANDX_COMMAND command code is not used in any other context.