[cifs-protocol] SMB1 maximum packet size with signing enabled

Shirish Pargaonkar shirishpargaonkar at gmail.com
Mon Jun 20 15:15:30 MDT 2011


On Mon, Jun 20, 2011 at 2:56 PM, Jeff Layton <jlayton at samba.org> wrote:
> On Mon, 20 Jun 2011 11:42:01 -0700
> George K Colley <gcolley at apple.com> wrote:
>
>>
>> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote:
>>
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > I've been doing some testing with signing enabled and have found that
>> > win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I
>> > send it a SMB that's larger than 16704 bytes. It seems to have no issue
>> > with larger sized SMBs when signing is disabled.
>> >
>> > It seems sort of like a protocol violation since the NEGOTIATE response
>> > from the server has the CAP_LARGE_READX and WRITEX bits set. It's
>> > possible though that I've missed something in the spec.
>> >
>> > In any case, my questions:
>> >
>> > 1) is this a known limitation in windows, or a bug?
>> This has been a known issue for a very long time. When signing is on you need to use the negotiated buffer size not the Large CAP size.
>> >
>> > 2) is this common to all (most?) versions of windows?
>> Yes
>> >
>> > 3) is there some way we can detect what the server's limit is in this situation?
>> If the UNIX CAPS is not set and they have signing on then I turn off CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX.
>>
>
> Thanks George...
>
> So we need to use the max buffer size advertised by the server? When I
> look at captures, I can see that the server is sending a max buffer
> size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller
> than the max size that gives me errors (~16k).
>
> Also, I'll note that Shirish looked at some captures between windows
> and found that sends around 16k packets when signing is negotiated.

In negrprot response (from a Windows 2008 server to a Windows 2003 client),
max buffer size is 16634, max raw buffer 65536 and unix extensions not
supported, large read andx and large write andx supported.

> I'll bet we can exceed that size by some amount, it would be good
> though to know how big a size we can get away with...
>
> Thanks,
> --
> Jeff Layton <jlayton at samba.org>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at cifs.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
>


More information about the cifs-protocol mailing list