SMB_COM_READ_ANDX MaxCount != filesize

Sailaja Josyula sailaja at us.ibm.com
Thu Mar 17 19:01:51 GMT 2005 

Question:

If SMB_COM_READ_ANDX requests data beyond the EOF what should be the 
correct response to the command.  Setting BytesRead=0 does not seem to 
make a difference.  I still get SMB_COM_READ_ANDX commands that request 
data beyond the EOF character.  Here is a sequence of SMB_COM_READ_ANDX 
commands I am receiving from NortonAntiVirus Software for file of size 
68bytes.

NT_CREATE_ANDX Request .... (Response is File Opened; End_Of_File = 68)
SMB_COM_READ_ANDX    with Offset=0    and MaxCount=512 .... (Response; 
BytesRead=68, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=444   .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=0    and MaxCount=256   .... (Response; 
BytesRead=68, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=188  .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=1    and MaxCount=256  .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=189  .... (Response; 
BytesRead=0, Buf) 
SMB_COM_READ_ANDX    with Offset=0    and MaxCount=512 .... (Response; 
BytesRead=68, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=444   .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=0    and MaxCount=4292   .... (Response; 
BytesRead=68, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=4292   .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=4292   .... (Response; 
BytesRead=0, Buf)
SMB_COM_READ_ANDX    with Offset=68  and MaxCount=4292   .... (Response; 
BytesRead=0, Buf)
NT_CREATE_ANDX Request .... (Response is File Opened; End_Of_File = 68)
NT_CREATE_ANDX Request .... (Response is File Opened; End_Of_File = 68)

The two open files are the last commands I receive from NAV.   The 
sequence of SMB_COM_READ_ANDX is very peculiar.  The MaxCount is never set 
to the FileSize. 
Inspite of it being set correctly in NT_CREATE_ANDX response.  I do not 
understand where SMB_COM_READ_ANDX is picking the seq of MaxCounts from. 
On a regular VFS (using Windows SMB)
I see that the MaxCount for SMB_COM_READ_ANDX is set to the filesize. 

Any insight into this sequence will be very helpful.  Thanks

Sailaja Josyula
Websphere Odyssey (On Demand Client) Development
IBM Software Group
Phone: 914-784-5472 Tie Line: 863-5472 Fax: 914-784-3833
sailaja at us.ibm.com




"Nadav Danieli" <nadavd at exanet.com>
03/17/2005 07:35 AM
 
        To:     Sailaja Josyula/Hawthorne/IBM at IBMUS, "Christopher R. 
Hertel" <crh at ubiqx.mn.org>
        cc:     <samba-technical at lists.samba.org>
        Subject:        RE: SMB_COM_READ_ANDX MaxCount != filesize


Observing windows behavior, I've noticed that for operation like copy that 
has no oplock w2k sends one read_andx for an offset beyond EOF (in fact 
two reads try to read beyond EOF, but one overlapped some data in the 
file.)
Also, every copy operation send open_andx requests twice, one for the read 
and the other ithink is a "stat" open, which has to break the first's 
oplock if granted. With kernel oplocks = yes, this always break the oplock 
to none.
My tests were done with large files though.

                 -----Original Message----- 
                 From: Sailaja Josyula [mailto:sailaja at us.ibm.com] 
                 Sent: Thu 3/17/2005 4:01 AM 
                 To: Christopher R. Hertel 
                 Cc: samba-technical at lists.samba.org 
                 Subject: Re: SMB_COM_READ_ANDX MaxCount != filesize
 
 

                 Thanks for your reply Chris.
 
                 I need to clarify some aspects.
 
                 SMB_COM_READ_ANDX is asking for MaxCount much greater 
than the filesize.
 
                 If say I have a file of size 68 bytes.  I am seeing the 
following
                 sequence:
 
                   NT_CREATE_ANDX response End_Of_File set to 68
 
                   follows the first SMB_COM_READ_ANDX with offset = 0; 
MaxCount = 512
                   second SMB_COM_READ_ANDX with offset = 68; MaxCount = 
444
                   and so on ... some 10 more SMB_COM_READ_ANDX commands 
follow.
 
 
                 On a regular VFS (Using Windows SMB) the same file is 
opened with the
                 following sequence:
 
                 NT_CREATE_ANDX response End_Of_File set to 68
                 follows the first SMB_COM_READ_ANDX with offset = 0; 
MaxCount = 68
 
 
                 Is this to do with the negotiated protocol?  I am not 
sure what the
                 Application uses to get the MaxCount for 
SMB_COM_READ_ANDX.
 
                 Thanks
 
                 Sailaja Josyula
                 Websphere Odyssey (On Demand Client) Development
                 IBM Software Group
                 Phone: 914-784-5472 Tie Line: 863-5472 Fax: 914-784-3833
                 sailaja at us.ibm.com
 
 
 
 
                 "Christopher R. Hertel" <crh at ubiqx.mn.org>
                 03/16/2005 03:12 PM
 
                         To:     Sailaja Josyula/Hawthorne/IBM at IBMUS
                         cc:     samba-technical at lists.samba.org
                         Subject:        Re: SMB_COM_READ_ANDX MaxCount != 
filesize
 
 
                 Hmmm...
 
                 So if I understand this correctly, the clients (Windows 
clients, I
                 presume) are never asking for as many bytes as they could 
actually read.
                 Is the difference consistent?  That is, for small files 
is MaxCount
                 always, say, 8 bytes less than you'd expect?
 
                 My guess is that some parameter in the initial 
negotiation is off by a
                 fixed number of bytes.  If that guess is correct, it's 
probably a result
                 of not counting soe field that un-obviously needs to be 
counted.  SMB
                 field offsets and such are sometimes a little weird that 
way.
 
                 Chris -)----
 
                 On Wed, Mar 16, 2005 at 02:49:35PM -0500, Sailaja Josyula 
wrote:
                 > Hi,
                 >
                 > I have written my own SMBserver to run as a VFS.  I 
have question
                 > regarding SMB_COM_READ_ANDX command.
                 >
                 > The MaxCount parameter in the command SMB_COM_READ_ANDX 
is never set to
                 > the filesize. Even though I am setting
                 > the End_Of_File parameter correctly in the response to 
NT_CREATE_ANDX
                 > command.
                 >
                 > In the windows SMB I see that the SMB_COM_READ_ANDX 
requests come with
                 the
                 > Count set to the Filesize specified
                 > in the NT_CREATE_ANDX command.  The MaxCount field not 
being set
                 correctly
                 > is causing multiple SMB_COM_READ_ANDX
                 > commands to be triggered with different offset and 
Count values, even if
 
                 > the filesize is as small as 8 bytes.
                 >
                 > Is there something I am missing or not setting prior to 
the
                 > SMB_COM_READ_ANDX? How does this parameter get set in
                 > the SMB_COM_READ_ANDX command.
                 >
                 > The protocol I have negotiated is NT LM 0.12.
                 >
                 > Thanks
                 >
                 > Sailaja Josyula
                 > Websphere Portal
                 > IBM Software Group
                 > Phone: 914-784-5472 Tie Line: 863-5472 Fax: 
914-784-3833
                 > sailaja at us.ibm.com
 
                 --
                 "Implementing CIFS - the Common Internet FileSystem" 
ISBN: 013047116X
                 Samba Team -- http://www.samba.org/     -)----- 
Christopher R. Hertel
                 jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx 
development,
                 uninq.
                 ubiqx Team -- http://www.ubiqx.org/     -)----- 
crh at ubiqx.mn.org
                 OnLineBook -- http://ubiqx.org/cifs/    -)----- 
crh at ubiqx.org

More information about the samba-technical mailing list