[cifs-protocol] RE: [Pfif] erroneous references to little-endian

Bill Wesse billwe at microsoft.com
Thu Apr 30 17:33:06 GMT 2009 

Good day once again Mr. French! I have verified that our [MS-SMB] working document has already incorporated the necessary deletion of the DialectCount field (2.2.4). The changes will be available in a future document refresh; notifications concerning protocol documentation updates to the Open Specifications are announced via our Protocols Perspective e-Newsletter.

I also checked Network Monitor 3.3 smb2.npl, which has the 'struct SMB2ResponseNegotiate.DialectCount' field defined, and have filed a bug against that. Please read on for further information about this!

Thank you very much for bringing this to our attention. Please let me know if this answers your question satisfactorily; if so, I will consider your question resolved.

If you haven't already done so, you can subscribe to the newsletter at the below link:

Receive the Protocols Perspective e-Newsletter http://www.microsoft.com/protocols/optin.aspx

Each month you'll receive helpful information about:
	Protocol Documentation Updates 
	Patent License Program 
	Other Licensing Programs 
	Community Events 
	Helpful Tips 
	Licensee Case Studies

==============================================================================
Network Monitor 3.3 can be obtained at: http://connect.microsoft.com/

%SystemDrive%\ProgramData\Microsoft\Network Monitor 3\NPL\Microsoft Parsers\Common\smb2.npl

smb2.npl

Line 180:

Modify:
struct SMB2ResponseNegotiate
{
	UINT16	Size;
	UINT16	DialectCount;
	UINT16	SecurityMode = SMB2SecurityMode(this);
	UINT16	DialectRevision = SMB2DialectRevisionTable(this);
	UINT16	Reserved;
	...

Remove:
	UINT16	DialectCount;

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606

-----Original Message-----
From: Bill Wesse 
Sent: Tuesday, April 28, 2009 5:59 AM
To: Steve French; Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [Pfif] erroneous references to little-endian

Good morning Mr. French! I have created case SRX090428600004 for your question, and will begin my investigation shortly. I will keep you advised of progress!

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Steve French [mailto:smfrench at gmail.com] 
Sent: Monday, April 27, 2009 9:14 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [Pfif] erroneous references to little-endian

In implementing SMB2 Negotiate protocol support I noticed that the
structure definition is off by 2 bytes.

Section 2.2.4 of MS-SMB2.pdf shows the SMB2 negotiate response as an
SMB2 header followed by

	le16 StructureSize;	/* Must be 65 */
	le16 DialectCount;
	le16 SecurityMode;
	le16 DialectRevision; /* Should be 0x0202 */
        ... etc

when it actually has no "DialectCount" which is clear when decoding by
hand (or looking at it in Wireshark)

	le16 StructureSize;	/* Must be 65 */
	le16 SecurityMode;
	le16 DialectRevision; /* Should be 0x0202 */
        ... etc

The server in this case is Vista.  The dialect negotiated was 0x0202
in response to an SMB2 only (not SMB) negotiate protocol request.


-- 
Thanks,

Steve

More information about the cifs-protocol mailing list