include include include include include include include sync_id { ProcessId int32 TreeId int32 } [packed] _union_smb2_req_id [ sync_id sync_id async_id int64 ] negotiate_message { Signature array[int8, 8] MessageType int32 NegotiateFlags int32 DomainName_Length len[DomainString, int16] DomainName_MaximumLength len[DomainString, int16] DomainName_Offset offsetof[DomainString, int32] WorkstationName_Length len[Workstationname_Buffer, int16] WorkstationName_MaximumLength len[Workstationname_Buffer, int16] WorkstationName_Offset offsetof[Workstationname_Buffer, int32] DomainString string Workstationname_Buffer string } [packed] _smb2_hdr_pre { ProtocolId const[0xfe534d42, int32be] StructureSize const[0x40, int16] CreditCharge int16 Status int32 } [packed] _smb2_hdr_post { CreditRequest int16 Flags int32 NextCommand int32 MessageId int64 Id _union_smb2_req_id SessionId int64 Signature array[int8, 16] } [packed] smb2_negotiate_req { _hdr_pre _smb2_hdr_pre Command const[0x0, int16] _hdr_post _smb2_hdr_post StructureSize const[36, int16] DialectCount len[Dialects, int16] SecurityMode int16 Reserved int16 Capabilities int32 ClientGUID array[int8, 16] # In SMB3.02 and earlier next three were MBZ le64 ClientStartTime NegotiateContextOffset int32 NegotiateContextCount int16 Reserved2 int16 Dialects buffer[in] } [packed] smb2_sess_setup_req { _hdr_pre _smb2_hdr_pre Command const[0x1, int16] _hdr_post _smb2_hdr_post StructureSize const[25, int16] Flags int8 SecurityMode int8 Capabilities int32 Channel int32 SecurityBufferOffset offsetof[Buffer, int16] SecurityBufferLength len[Buffer, int16] PreviousSessionId int64 # variable length GSS security buffer Buffer negotiate_message } [packed] smb2_echo_req { _hdr_pre _smb2_hdr_pre Command const[0xd, int16] _hdr_post _smb2_hdr_post StructureSize2 const[4, int16] Reserved int16 } [packed] _union_smb2_req [ smb2_negotiate_req smb2_negotiate_req smb2_sess_setup_req smb2_sess_setup_req smb2_echo_req smb2_echo_req ] [varlen] smb2_req { req_base _union_smb2_req req_andx1 optional[_union_smb2_req] req_andx2 optional[_union_smb2_req] } [packed] smb2_req_pdu { _pdu_size len[req, int32be] req smb2_req } [packed] syz_ksmbd_send_req(req_packet ptr[in, smb2_req_pdu], req_len len[req_packet], res_packet buffer[out], res_len len[res_packet])