Duplicate data in RPC packets

Tue Jan 15 14:38:13 GMT 2008

I notice RPC packets seem to duplicate the switch_is and size_is data.

I have a case where I am trying to reduce a common response size to 1
byte, with this IDL

    void proxy_Read(
...
        [in,out] uint8 flags, /* read_for_execute, zlib, md5 etc */
        [out] [switch_is(flags)] Read_out response
    );

...

    typedef struct {
        NTSTATUS status;
        uint32 nread;
        [size_is(nread)] uint8 data[];
    } Read_out_data;

    typedef [switch_type(uint8)] union {
        [case(0)] Read_out_data generic;
        [case(PROXY_USE_ZLIB)] Read_out_data compress;
        [default];
    } Read_out;

When out->flags is 0x1 (covered by the default case in union Read_out)
the response packet consists of two copies 0x01 as 1 byte each, making 2
bytes:
rpc reply data:
[0000] 01 01

If out->flags is 0x0, matching to use struct Read_out_data, then I see
this rpc response:

rpc reply data:
[0000] 00 00 00 00 09 00 00 00   00 00 00 00 09 00 00 00   ........ ........
[0010] 68 65 6C 6C 6F 20 6A 6F   65                       hello jo e

The first 4 bytes are the [in,out] flags, the second 4 bytes are the
count nread, the 3rd 4 bytes are the status and the 4th 4 bytes are
again the count nread, expressed as the count of the following data.

In each case it seems like the named slot in the NDR data is unnecessary
because it can be derived from the size_is variable slot, or the union.
Or, maybe my IDL is slightly bloated?
Or maybe thats just dcerpc for me?

Sam