READ_RAW: Read Raw

The SMB_COM_READ_RAW protocol is used to maximize the performance of reading a large block of data from the server to the client. This request can be applied to files and named pipes.

fid identifies the resource being read, and may refer to a disk file or a named pipe.

timeout is the number of milliseconds to wait for completion fid refers to a named pipe.

When the client issues this request, the client must guarantee that there is (and will be) no other request to the server for the duration of the SMB_COM_READ_RAW. The server will respond, in one send, with the raw data being read. Thus the client is able to request up to 65,535 bytes of data and receive it directly into the user's buffer, since the server response has no header or trailer. Note that the amount of data requested is expected to be larger than the negotiated buffer size for this protocol.

The reason that no other requests can be active on the client's connection to the server for the duration of the request is that if other receives are present, there is normally no way to guarantee that the data will be received into the user space, rather the data may fill one (or more) of the other buffers.

The number of bytes actually returned is determined by the length of the message the client receives as reported by the transport layer. If the request is to read more bytes than are present in the file, the read response will be of the length actually read from the file.

If none of the requested bytes exist (EOF) or an error occurs on the read, the server responds with a zero byte send. Upon receipt of a zero length response, the client should send a different type of request to the server. The response to that read will then tell the client that EOF was hit or identify the error condition.

The number of bytes returned may be less than the number requested only if a read specifies bytes beyond the current file size. In this case only the bytes that exist are returned. A read completely beyond the end of file results in a response of zero length. If the number of bytes returned is less than the number of bytes requested, this indicates end of file (if reading other than a standard blocked disk file, only ZERO bytes returned indicates end of file).

The transport layer guarantees delivery of all response bytes to the client. Thus no SMB level confirmation protocol is required. If an error should occur at the clients end, all bytes must be received and thrown away. There is no need to inform the server of the error.

This message was introduced with the LANMAN1.0 SMB dialect. Whether or not this request is supported is returned in the response to SMB_COM_NEGOTIATE.

The flow for reading a sequential file using SMB_COM_READ_BOCK_RAW is:

SMB_COM_READ_RAW has no way to return errors. Because the response is raw data only, a zero length response indicates EOF, a read error or that the server is temporarily out of large buffers. The client should then retry using a different type of read request. This request will then either return the EOF condition, an error if the read is still failing, or will work if the problem was due to a temporary server condition.

If the negotiated dialect is NT LM 0.12 or later, and the response to the SMB_COM_NEGOTIATE SMB has CAP_LARGE_FILES set in the capabilities field, a new format of the SMB_COM_READ_RAW request is allowed which accommodates very large files having 64 bit offsets.

This form of the request is differentiated from the previous form of the request by the wordcount field. In this case, the final offset to read from is used by combining offsethigh and offset, the resulting value can not be negative or the request will be rejected by the server.

SMB_COM_READ_RAW can not be used over connectionless transports.