???`: ??????: When the keep-alive packet sent out,rfc1002 says different things!!

Christopher R. Hertel crh at ubiqx.mn.org
Tue Apr 1 07:28:38 GMT 2003

On Tue, Apr 01, 2003 at 01:33:14PM +0800, Aladdin_Cai at asus.com.cn wrote:
> ...but they will be in sequence, not mixed.  The WriteRaw OK message will 
> be a complete SMB message, so you will not have any trouble parsing them.
> Just read the number of bytes specified in the NBT header's length field.
> ~~~~~~~~~~~ Here  I'd ask a quite stupid question:) :If  server sends
>             client two packets, one by one.
> 	      Until both are in socket buffer,client calls recv( ) to get
>             the all in buffer, will client get a mixture 
> 	      or only the first packet?

That's a very good question, actually...
TCP provides a stream.  The packets will be made available in the order in 
which they were sent, but *not* as discreet packets.  You might call 
recv() and get the end of the last packet, all of the current packet, and 
the first part of the next packet.  You have to collect and parse the 

The nature of the SMB protocol hides that fact.  In general, the client 
will only get a message from the server if the client asked for it.  You 
send a request, wait for the entire reply, then send another request.

The keep-alive is one situation in which the messages can get interleaved.  
It can also happen if there are multiple processes using the same SMB 

>             If it is the first situation,Then,I have to suppose that it 
>             is possible
> 	      that keep-alive is in front of WriteRaw OK,then I have to
>             remove first 4Bytes and get 
> 	      WriteRaw OK.It is more troublesome.

Could be ahead, could be behind.  Fortunately, the NBT Session Service 
headers all provide a message length field.  Yes, you do have to watch for 
and handle this situation.

> ~~~~~~~~~~ I 'd like to show you the read raw packet format, which I 
>            have got using NAI sniffer4.6.

Ethereal is recommended, if only because the rest of us know how to read 

>            I have make a picture,pls
>            see the attached file. You can see that in read raw,the first
>            packet has a netbios header,yet the others haven't.

Okay.  I wasn't sure about that.  Thanks for letting me know.

>               As I have seen in rfc1002, server or client should reset
>               timer when they receive a packet.

When they receive an *NBT* packet.  The NBT keepalive timer is managed at
the NBT layer.  The TCP stream won't reset the timer, but the initial READ
RAW request *should* reset the timer.

>               If so, we won't have to worry about keep-alive packet.
>               I don't know why they ignore this rule, introducing 
> 		so much complexity.

What I can't tell from the graphic you sent is whether the keep-alive 
message is interleaved with the raw read messages.  It shouldn't be 
because, as I've said, the initial READ RAW request from the client should 
reset the timer and the READ RAW itself should be finished before the 
timer expires.

I really can't imagine Samba making the mistake of sending the keep-alive 
while it is in the middle of a READ RAW operation, but I would believe it 
if I saw a capture that shows it (an Ethereal capture would be 
best...www.ethereal.com...it's free).

Windows... well, I suppose it would be easier to imagine, but I'd still 
want to see the capture.

Chris -)-----

Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list