[cifs-protocol] SMB1 maximum packet size with signing enabled

Jeff Layton jlayton at samba.org
Mon Jun 20 13:56:54 MDT 2011

On Mon, 20 Jun 2011 11:42:01 -0700
George K Colley <gcolley at apple.com> wrote:

> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote:
> > Hash: SHA1
> > 
> > I've been doing some testing with signing enabled and have found that
> > win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I
> > send it a SMB that's larger than 16704 bytes. It seems to have no issue
> > with larger sized SMBs when signing is disabled.
> > 
> > It seems sort of like a protocol violation since the NEGOTIATE response
> > from the server has the CAP_LARGE_READX and WRITEX bits set. It's
> > possible though that I've missed something in the spec.
> > 
> > In any case, my questions:
> > 
> > 1) is this a known limitation in windows, or a bug?
> This has been a known issue for a very long time. When signing is on you need to use the negotiated buffer size not the Large CAP size.
> > 
> > 2) is this common to all (most?) versions of windows?
> Yes
> > 
> > 3) is there some way we can detect what the server's limit is in this situation?
> If the UNIX CAPS is not set and they have signing on then I turn off CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX.

Thanks George...

So we need to use the max buffer size advertised by the server? When I
look at captures, I can see that the server is sending a max buffer
size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller
than the max size that gives me errors (~16k).

Also, I'll note that Shirish looked at some captures between windows
and found that sends around 16k packets when signing is negotiated.
I'll bet we can exceed that size by some amount, it would be good
though to know how big a size we can get away with...

Jeff Layton <jlayton at samba.org>

More information about the cifs-protocol mailing list