Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following diagram demonstrates the steps taken to replay an SMB2 CREATE Request on an alternate channel.
Figure 14: Replay Create Request on an alternate channel
The client establishes an alternate channel for a session as described in section 4.8
The client sends an SMB2 CREATE Request with SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 and SMB2_CREATE_REQUEST_LEASE_V2 create contexts.
SMB2: C CREATE (0x5), Da(RW), Sh(RWD), DH2Q+RqLs(RWH-PK), File=Replay.txt@#14 SMBIdByte: 254 (0xFE) SMBIdentifier: SMB SMB2Header: C CREATE (0x5),TID=0x0001, MID=0x0006, PID=0x000D, SID=0x4000059 StructureSize: 64 (0x40) CreditCharge: 0 (0x0) ChannelSequence: (0x0) - (SMB 3.0 and later only) Reserved2: 0 (0x0) Command: CREATE (0x5) Credits: 10 (0xA) Flags: 0x0 SMB2_FLAGS_REPLAY_OPERATION: (..0.............................) Command is a Replay Operation NextCommand: 0 (0x0) MessageId: 6 (0x6) Reserved: 13 (0xD) TreeId: 1 (0x1) SessionId: 1130302315429977 (0x4040104000059) Signature: Binary Large Object (16 Bytes) CCreate: 0x1 StructureSize: 57 (0x39) SecurityFlags: 0 (0x0) RequestedOplockLevel: SMB2_OPLOCK_LEVEL_LEASE - A lease is requested. ImpersonationLevel: Impersonation - The application-requested impersonation level is Impersonation. SmbCreateFlags: 0 (0x0) Reserved: 0 (0x0) DesiredAccess: 0x12019F FileAttributes: FSCCFileAttribute: 32 (0x20) ShareAccess: Shared for Read/Write/Delete (0x00000007) CreateDisposition: (0x00000003) Open the file if it already exists; otherwise, create the file. CreateOptions: 0x40 NameOffset: 120 (0x78) NameLength: 20 (0x14) CreateContextsOffset: 144 (0x90) CreateContextsLength: 132 (0x84) Name: Replay.txt ContextPadding: Binary Large Object (4 Bytes) Context: DH2Q,Request Durable Handle Open v2 Context: ECPRequestDurableHandleV2: Request Durable Handle v2 Timeout: 0 (0x0) Flags: 0 (0x0) Reserved: (...............................0) Reserved Persistent: (..............................0.) Reserved2: (000000000000000000000000000000..) Reserved Reserved: 0 (0x0) CreateGuid: {33AA3970-EF1A-60A4-4BF1-11F5F9FBBFDB} Context: RqLs,Lease Request/Response Context: CreateRequestLeaseV2: The requested lease state:0x7 LeaseKey: {5A0E33E0-478A-9FA7-4286-B52390B5857B} LeaseState: 7 (0x7) READ: (...............................1) A read caching lease is requested HANDLE: (..............................1.) A handle caching lease is requested WRITE: (.............................1..) A write caching lease is requested Reserved: (00000000000000000000000000000...) Reserved LeaseFlags: 4 (0x4) Reserved: (..............................00) Reserved ParentKeyValid: (.............................1..) Parent lease key field is valid Reserved2: (00000000000000000000000000000...) Reserved LeaseDuration: 0 (0x0) ParentLeaseKey: {5B4F4EAD-B0E6-B997-4222-50FADEC1FD86} Epoch: 0 (0x0)The connection on which the client sent the SMB2 CREATE request is disconnected; the client cannot receive the SMB2 CREATE response. Since there is another connection on which the same session was bound, the client after a timeout, sends a replay SMB2 CREATE request on that connection. The client sends the SMB2 CREATE request on the alternate channel with the same parameters and create contexts as the original request except that SMB2_FLAGS_REPLAY_OPERATION bit is set in the Flags field of the SMB2 Header.
SMB2: C CREATE (0x5), Da(RW), Sh(RWD), DH2Q+RqLs(RWH-PK), File=Replay.txt@#23 SMBIdByte: 254 (0xFE) SMBIdentifier: SMB SMB2Header: C CREATE (0x5),TID=0x0001, MID=0x0006, PID=0x000D, SID=0x4000059 StructureSize: 64 (0x40) CreditCharge: 0 (0x0) ChannelSequence: (0x0) - (SMB 3.0 and later only) Reserved2: 0 (0x0) Command: CREATE (0x5) Credits: 10 (0xA) Flags: 0x0 SMB2_FLAGS_REPLAY_OPERATION: (..1.............................) Command is a Replay Operation NextCommand: 0 (0x0) MessageId: 6 (0x6) Reserved: 13 (0xD) TreeId: 1 (0x1) SessionId: 1130302315429977 (0x4040104000059) Signature: Binary Large Object (16 Bytes) CCreate: 0x1 StructureSize: 57 (0x39) SecurityFlags: 0 (0x0) RequestedOplockLevel: SMB2_OPLOCK_LEVEL_LEASE - A lease is requested. ImpersonationLevel: Impersonation - The application-requested impersonation level is Impersonation. SmbCreateFlags: 0 (0x0) Reserved: 0 (0x0) DesiredAccess: 0x12019F FileAttributes: FSCCFileAttribute: 32 (0x20) ShareAccess: Shared for Read/Write/Delete (0x00000007) CreateDisposition: (0x00000003) Open the file if it already exists; otherwise, create the file. CreateOptions: 0x40 NameOffset: 120 (0x78) NameLength: 20 (0x14) CreateContextsOffset: 144 (0x90) CreateContextsLength: 132 (0x84) Name: Replay.txt ContextPadding: Binary Large Object (4 Bytes) Context: DH2Q,Request Durable Handle Open v2 Context: ECPRequestDurableHandleV2: Request Durable Handle v2 Timeout: 0 (0x0) Flags: 0 (0x0) Reserved: (...............................0) Reserved Persistent: (..............................0.) Reserved2: (000000000000000000000000000000..) Reserved Reserved: 0 (0x0) CreateGuid: {33AA3970-EF1A-60A4-4BF1-11F5F9FBBFDB} Context: RqLs,Lease Request/Response Context: CreateRequestLeaseV2: The requested lease state:0x7 LeaseKey: {5A0E33E0-478A-9FA7-4286-B52390B5857B} LeaseState: 7 (0x7) READ: (...............................1) A read caching lease is requested HANDLE: (..............................1.) A handle caching lease is requested WRITE: (.............................1..) A write caching lease is requested Reserved: (00000000000000000000000000000...) Reserved LeaseFlags: 4 (0x4) Reserved: (..............................00) Reserved ParentKeyValid: (.............................1..) Parent lease key field is valid Reserved2: (00000000000000000000000000000...) Reserved LeaseDuration: 0 (0x0) ParentLeaseKey: {5B4F4EAD-B0E6-B997-4222-50FADEC1FD86} Epoch: 0 (0x0)The server responds with an SMB2 CREATE response with SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 and SMB2_CREATE_REQUEST_LEASE_V2 create contexts.
SMB2: R CREATE (0x5), RqLs(RWH-PK)+DH2Q, FID=0x10100000001(Replay.txt@#23) SMBIdByte: 254 (0xFE) SMBIdentifier: SMB SMB2Header: R CREATE (0x5),TID=0x0001, MID=0x0003, PID=0x000D, SID=0x4000059 StructureSize: 64 (0x40) CreditCharge: 0 (0x0) Status: 0x0, Code = (0) STATUS_SUCCESS, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS Command: CREATE (0x5) Credits: 10 (0xA) Flags: 0x20000001 SMB2_FLAGS_REPLAY_OPERATION: (..1.............................) Command is a Replay Operation NextCommand: 0 (0x0) MessageId: 3 (0x3) Reserved: 13 (0xD) TreeId: 1 (0x1) SessionId: 1130302315429977 (0x4040104000059) Signature: Binary Large Object (16 Bytes) RCreate: 0x1 StructureSize: 89 (0x59) OplockLevel: SMB2_OPLOCK_LEVEL_LEASE - A lease is requested. Flags: 0 (0x0) CreateAction: Opened (0x00000001) CreationTime: 05/11/2012, 09:23:05.943750 UTC LastAccessTime: 05/11/2012, 09:23:05.943750 UTC LastWriteTime: 05/11/2012, 09:23:05.943750 UTC ChangeTime: 05/11/2012, 09:23:05.943750 UTC AllocationSize: 0 (0x0) EndofFile: 0 (0x0) FileAttributes: FSCCFileAttribute: 32 (0x20) Reserved2: 0 (0x0) FileId: Persistent: 0x10000010000001D, Volatile: 0x10100000001 Persistent: 72057598332895261 (0x10000010000001D) volatile: 1103806595073 (0x10100000001) CreateContextsOffset: 152 (0x98) CreateContextsLength: 112 (0x70) Context: RqLs,Lease Request/Response Context: CreateResponseLeaseV2: The response lease state:0x087 LeaseKey: {5A0E33E0-478A-9FA7-4286-B52390B5857B} LeaseState: 7 (0x7) READ: (...............................1) A read caching lease is granted HANDLE: (..............................1.) A handle caching lease is granted WRITE: (.............................1..) A write caching lease is granted Reserved: (00000000000000000000000000000...) Reserved LeaseFlags: 4 (0x4) Reserved1: (...............................0) Reserved BREAK: (..............................0.) ParentKeyValid: (.............................1..) Parent lease key field is valid Reserved: (00000000000000000000000000000...) Reserved LeaseDuration: 0 (0x0) ParentLeaseKey: {5B4F4EAD-B0E6-B997-4222-50FADEC1FD86} Epoch: 1 (0x1) ContextPadding: Binary Large Object (4 Bytes) Context: DH2Q,Request Durable Handle Open v2 Context: ECPResponseDurableHandleV2: Response Durable Handle V2 Timeout: 60000 (0xEA60) Flags: 0 (0x0) Reserved: (...............................0) Reserved Persistent: (..............................0.) Reserved2: (000000000000000000000000000000..) Reserved