[cifs-protocol] [REG:111062056241038] SMB1 maximum packet size with signing enabled
Jeff Layton
jlayton at samba.org
Tue Jun 21 06:12:46 MDT 2011
On Mon, 20 Jun 2011 22:11:57 +0000
Hongwei Sun <hongweis at microsoft.com> wrote:
> Moving Interoperability Documentation Help (dochelp) to bcc.
>
> Hi, all
>
> This is an expected behavior. I have a blog about this topic that should explain the behaviors you have observed (http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx).
>
> Jeff,
>
> Please let me know if you have more questions. I can provide you more clarification if needed.
>
> Thanks!
>
>
> --------------------------------------------------------------------
> Hongwei Sun - Sr. Escalation Engineer
> DSC Protocol Team, Microsoft
> hongweis at microsoft.com
> Tel: 469-7757027 x 57027
>
> Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at allisong at microsoft.com.
>
> ---------------------------------------------------------------------
>
>
>
> -----Original Message-----
> From: cifs-protocol-bounces at cifs.org [mailto:cifs-protocol-bounces at cifs.org] On Behalf Of Shirish Pargaonkar
> Sent: Monday, June 20, 2011 4:16 PM
> To: Jeff Layton
> Cc: Interoperability Documentation Help; cifs-protocol at samba.org
> Subject: Re: [cifs-protocol] SMB1 maximum packet size with signing enabled
>
> On Mon, Jun 20, 2011 at 2:56 PM, Jeff Layton <jlayton at samba.org> wrote:
> > On Mon, 20 Jun 2011 11:42:01 -0700
> > George K Colley <gcolley at apple.com> wrote:
> >
> >>
> >> On Jun 20, 2011, at 6:43 AM, Jeff Layton wrote:
> >>
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > I've been doing some testing with signing enabled and have found
> >> > that
> >> > win2k8 seems to consistently return STATUS_ACCESS_DENIED whenever I
> >> > send it a SMB that's larger than 16704 bytes. It seems to have no
> >> > issue with larger sized SMBs when signing is disabled.
> >> >
> >> > It seems sort of like a protocol violation since the NEGOTIATE
> >> > response from the server has the CAP_LARGE_READX and WRITEX bits
> >> > set. It's possible though that I've missed something in the spec.
> >> >
> >> > In any case, my questions:
> >> >
> >> > 1) is this a known limitation in windows, or a bug?
> >> This has been a known issue for a very long time. When signing is on you need to use the negotiated buffer size not the Large CAP size.
> >> >
> >> > 2) is this common to all (most?) versions of windows?
> >> Yes
> >> >
> >> > 3) is there some way we can detect what the server's limit is in this situation?
> >> If the UNIX CAPS is not set and they have signing on then I turn off CAP_LARGE_WRITEX. Note this does not affect CAP_LARGE_READX.
> >>
> >
> > Thanks George...
> >
> > So we need to use the max buffer size advertised by the server? When I
> > look at captures, I can see that the server is sending a max buffer
> > size of 4356 bytes in the NEGOTIATE reply. That's quite a bit smaller
> > than the max size that gives me errors (~16k).
> >
> > Also, I'll note that Shirish looked at some captures between windows
> > and found that sends around 16k packets when signing is negotiated.
>
> In negrprot response (from a Windows 2008 server to a Windows 2003 client), max buffer size is 16634, max raw buffer 65536 and unix extensions not supported, large read andx and large write andx supported.
>
> > I'll bet we can exceed that size by some amount, it would be good
> > though to know how big a size we can get away with...
> >
> > Thanks,
> > --
Thanks for the info everyone. I think I've got it sorted out now.
Cheers,
--
Jeff Layton <jlayton at samba.org>
More information about the cifs-protocol
mailing list