NBF breaks the 254-session barrier by using a combination of two matrices, one maintained by NBF and one maintained by NetBIOS.
The matrix maintained by NBF is two-dimensional, as shown in Figure 13.8.
Figure 13.8 NBF and Its LSN Matrix
Along the side of this matrix are the LSN numbers 1 to 254. Across the top are the network addresses for the different computers that it has sessions with. In the cell defined by the intersection of the LSN and network address is the TDI handle, which relates back to the process that established the connection (either the CALL or LISTEN).
Note
The matrix concept and its contents are for illustration purposes only. The physical storage algorithm and exact contents are beyond the scope of this chapter.
The NameQuery frame from Windows NT contains the LSN number associated with the TDI handle that satisfies either the NCB CALL or the LISTEN. In the case of a CALL, it is not broadcast but is addressed directly to the remote computer.
The remaining question is how NBF gets the network address of the remote computer to add to its matrix to be used when doing the CALL. (It's easy on the LISTEN side because the address is in the NameQuery frame received.)
Figure 13.9 illustrates the NCB CALL and NCB LISTEN frames.
Figure 13.9 NameQuery Frames in NBF
The numbered items in Figure 13.9 represent the following:
1. The first frame (1) is the FindName frame of the NameQuery. However, an LSN of 0 is special; it indicates that it is a FindName frame. The FindName frame is broadcast on the network; when a remote computer responds to the frame, NBF on the local computer receives the network address of the remote computer.
2. The second frame (2) of the NameQuery is then sent directly to the remote computer by using the network address and a LSN value that indicates it is a CALL command. The remote client returns a successful FindName frame, even if no LISTEN NCB is posted against the name.
3. If no LISTEN NCB is posted against the name, frame (3) is sent.
4. The same frame is responded to by frame (4).
NBF must also address another problem—the LSN from the NBF matrix cannot be the one returned to the process issuing the CALL or LISTEN commands. NBF may have established connections with multiple remote computers with LSN=5, for example. Windows NT must return to each process an LSN number that uniquely defines its session.
As stated earlier, NBF uses the TDI handle to know which LSN and network address to send frames to, and each process has its own set of LSNs available to it. Therefore, there must be a component between the originating process and the TDI interface of NBF that translates a process ID and an LSN into a TDI handle. The component in the middle is Netbios.sys.
Figure 13.10 illustrates the Netbios.sys matrix, which is 254 LSNs per LAN adapter number per process. (In Windows NT, the LANA number identifies a unique binding of a protocol driver and one network adapter (NIC) driver.) In reality, each process can have up to 254 sessions per LANA number, not just a total of 254 sessions.
Figure 13.10 Netbios.sys Matrix
Netbios.sys builds a second matrix that has LSNs down the side, process IDs along the top, and TDI handles in the cells. It is the LSN from this table that is passed back to the originating process.
To further understand how Netbios.sys uses this matrix, suppose a process needs to establish a session with a remote computer. Before the process can issue the CALL NCB, it must issue a RESET NCB. This command signals Netbios.sys to allocate space in its TDI handle table, among other things. Once the RESET is satisfied, the process issues a CALL NCB to make a connection with a specific remote computer. This NCB is directed down to the Netbios.sys device driver. The driver opens a new TDI handle to NBF and sends the command to NBF.
NBF issues the first NAME_QUERY with LSN=0 to find the remote computer. When the remote computer responds, the network address is extracted from the frame, and a column in the NBF table is created. The second NAME_QUERY with an LSN is sent directly to the remote computer. When that frame is returned successfully, NBF returns from the TDI call to the Netbios.sys driver with a successful status code.
Netbios.sys then fills in the LSN from its table into the NCB and sends it back to the calling process.