Re: [cifs-protocol] [REG:111062056241038] SMB1 maximum packet size with signing enabled
On Mon, 20 Jun 2011 22:11:57 + Hongwei Sun wrote: > Moving Interoperability Documentation Help (dochelp) to bcc. > > Hi, all > > This is an expected behavior. I have a blog about this topic that > should explain the behaviors you have observed > (http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx). > > > Jeff, > > Please let me know if you have more questions. I can provide you more > clarification if needed. > > Thanks! > > > > Hongwei Sun - Sr. Escalation Engineer > DSC Protocol Team, Microsoft > hongw...@microsoft.com > Tel: 469-7757027 x 57027 > > Exceeding your expectations is my highest priority. If you would like to > provide feedback on your case you may contact my manager at > allis...@microsoft.com. > > - > > > > -Original Message- > From: cifs-protocol-boun...@cifs.org [mailto:cifs-protocol-boun...@cifs.org] > On Behalf Of Shirish Pargaonkar > Sent: Monday, June 20, 2011 4:16 PM > To: Jeff Layton > Cc: Interoperability Documentation Help; cifs-proto...@samba.org > Subject: Re: [cifs-protocol] SMB1 maximum packet size with signing enabled > > On Mon, Jun 20, 2011 at 2:56 PM, Jeff Layton wrote: > > On Mon, 20 Jun 2011 11:42:01 -0700 > > George K Colley wrote: > > > >> > >> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote: > >> > >> > -BEGIN PGP SIGNED MESSAGE- > >> > Hash: SHA1 > >> > > >> > I've been doing some testing with signing enabled and have found > >> > that > >> > win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I > >> > send it a SMB that's larger than 16704 bytes. It seems to have no > >> > issue with larger sized SMBs when signing is disabled. > >> > > >> > It seems sort of like a protocol violation since the NEGOTIATE > >> > response from the server has the CAP_LARGE_READX and WRITEX bits > >> > set. It's possible though that I've missed something in the spec. > >> > > >> > In any case, my questions: > >> > > >> > 1) is this a known limitation in windows, or a bug? > >> This has been a known issue for a very long time. When signing is on you > >> need to use the negotiated buffer size not the Large CAP size. > >> > > >> > 2) is this common to all (most?) versions of windows? > >> Yes > >> > > >> > 3) is there some way we can detect what the server's limit is in this > >> > situation? > >> If the UNIX CAPS is not set and they have signing on then I turn off > >> CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX. > >> > > > > Thanks George... > > > > So we need to use the max buffer size advertised by the server? When I > > look at captures, I can see that the server is sending a max buffer > > size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller > > than the max size that gives me errors (~16k). > > > > Also, I'll note that Shirish looked at some captures between windows > > and found that sends around 16k packets when signing is negotiated. > > In negrprot response (from a Windows 2008 server to a Windows 2003 client), > max buffer size is 16634, max raw buffer 65536 and unix extensions not > supported, large read andx and large write andx supported. > > > I'll bet we can exceed that size by some amount, it would be good > > though to know how big a size we can get away with... > > > > Thanks, > > -- Thanks for the info everyone. I think I've got it sorted out now. Cheers, -- Jeff Layton ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
Re: [cifs-protocol] [REG:111062056241038] SMB1 maximum packet size with signing enabled
On Jun 20, 2011, at 3:11 PM, Hongwei Sun wrote: > Moving Interoperability Documentation Help (dochelp) to bcc. > > Hi, all > >This is an expected behavior. I have a blog about this topic that > should explain the behaviors you have observed > (http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx). > You should update your doc, Reads are not affected. > > Jeff, > >Please let me know if you have more questions. I can provide you more > clarification if needed. > > Thanks! > > > > Hongwei Sun - Sr. Escalation Engineer > DSC Protocol Team, Microsoft > hongw...@microsoft.com > Tel: 469-7757027 x 57027 > > Exceeding your expectations is my highest priority. If you would like to > provide feedback on your case you may contact my manager at > allis...@microsoft.com. > > - > > > > -Original Message- > From: cifs-protocol-boun...@cifs.org [mailto:cifs-protocol-boun...@cifs.org] > On Behalf Of Shirish Pargaonkar > Sent: Monday, June 20, 2011 4:16 PM > To: Jeff Layton > Cc: Interoperability Documentation Help; cifs-proto...@samba.org > Subject: Re: [cifs-protocol] SMB1 maximum packet size with signing enabled > > On Mon, Jun 20, 2011 at 2:56 PM, Jeff Layton wrote: >> On Mon, 20 Jun 2011 11:42:01 -0700 >> George K Colley wrote: >> >>> >>> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been doing some testing with signing enabled and have found that win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I send it a SMB that's larger than 16704 bytes. It seems to have no issue with larger sized SMBs when signing is disabled. It seems sort of like a protocol violation since the NEGOTIATE response from the server has the CAP_LARGE_READX and WRITEX bits set. It's possible though that I've missed something in the spec. In any case, my questions: 1) is this a known limitation in windows, or a bug? >>> This has been a known issue for a very long time. When signing is on you >>> need to use the negotiated buffer size not the Large CAP size. 2) is this common to all (most?) versions of windows? >>> Yes 3) is there some way we can detect what the server's limit is in this situation? >>> If the UNIX CAPS is not set and they have signing on then I turn off >>> CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX. >>> >> >> Thanks George... >> >> So we need to use the max buffer size advertised by the server? When I >> look at captures, I can see that the server is sending a max buffer >> size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller >> than the max size that gives me errors (~16k). >> >> Also, I'll note that Shirish looked at some captures between windows >> and found that sends around 16k packets when signing is negotiated. > > In negrprot response (from a Windows 2008 server to a Windows 2003 client), > max buffer size is 16634, max raw buffer 65536 and unix extensions not > supported, large read andx and large write andx supported. > >> I'll bet we can exceed that size by some amount, it would be good >> though to know how big a size we can get away with... >> >> Thanks, >> -- >> Jeff Layton >> ___ >> cifs-protocol mailing list >> cifs-protocol@cifs.org >> https://lists.samba.org/mailman/listinfo/cifs-protocol >> > ___ > cifs-protocol mailing list > cifs-protocol@cifs.org > https://lists.samba.org/mailman/listinfo/cifs-protocol > > ___ > cifs-protocol mailing list > cifs-protocol@cifs.org > https://lists.samba.org/mailman/listinfo/cifs-protocol ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
Re: [cifs-protocol] [REG:111062056241038] SMB1 maximum packet size with signing enabled
Moving Interoperability Documentation Help (dochelp) to bcc. Hi, all This is an expected behavior. I have a blog about this topic that should explain the behaviors you have observed (http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx). Jeff, Please let me know if you have more questions. I can provide you more clarification if needed. Thanks! Hongwei Sun - Sr. Escalation Engineer DSC Protocol Team, Microsoft hongw...@microsoft.com Tel: 469-7757027 x 57027 Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at allis...@microsoft.com. - -Original Message- From: cifs-protocol-boun...@cifs.org [mailto:cifs-protocol-boun...@cifs.org] On Behalf Of Shirish Pargaonkar Sent: Monday, June 20, 2011 4:16 PM To: Jeff Layton Cc: Interoperability Documentation Help; cifs-proto...@samba.org Subject: Re: [cifs-protocol] SMB1 maximum packet size with signing enabled On Mon, Jun 20, 2011 at 2:56 PM, Jeff Layton wrote: > On Mon, 20 Jun 2011 11:42:01 -0700 > George K Colley wrote: > >> >> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote: >> >> > -BEGIN PGP SIGNED MESSAGE- >> > Hash: SHA1 >> > >> > I've been doing some testing with signing enabled and have found >> > that >> > win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I >> > send it a SMB that's larger than 16704 bytes. It seems to have no >> > issue with larger sized SMBs when signing is disabled. >> > >> > It seems sort of like a protocol violation since the NEGOTIATE >> > response from the server has the CAP_LARGE_READX and WRITEX bits >> > set. It's possible though that I've missed something in the spec. >> > >> > In any case, my questions: >> > >> > 1) is this a known limitation in windows, or a bug? >> This has been a known issue for a very long time. When signing is on you >> need to use the negotiated buffer size not the Large CAP size. >> > >> > 2) is this common to all (most?) versions of windows? >> Yes >> > >> > 3) is there some way we can detect what the server's limit is in this >> > situation? >> If the UNIX CAPS is not set and they have signing on then I turn off >> CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX. >> > > Thanks George... > > So we need to use the max buffer size advertised by the server? When I > look at captures, I can see that the server is sending a max buffer > size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller > than the max size that gives me errors (~16k). > > Also, I'll note that Shirish looked at some captures between windows > and found that sends around 16k packets when signing is negotiated. In negrprot response (from a Windows 2008 server to a Windows 2003 client), max buffer size is 16634, max raw buffer 65536 and unix extensions not supported, large read andx and large write andx supported. > I'll bet we can exceed that size by some amount, it would be good > though to know how big a size we can get away with... > > Thanks, > -- > Jeff Layton > ___ > cifs-protocol mailing list > cifs-protocol@cifs.org > https://lists.samba.org/mailman/listinfo/cifs-protocol > ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol