???`: ??????: When the keep-alive packet sent out,rfc1002 says
Christopher R. Hertel
crh at ubiqx.mn.org
Tue Apr 1 07:28:38 GMT 2003
On Tue, Apr 01, 2003 at 01:33:14PM +0800, Aladdin_Cai at asus.com.cn wrote:
> ...but they will be in sequence, not mixed. The WriteRaw OK message will
> be a complete SMB message, so you will not have any trouble parsing them.
> Just read the number of bytes specified in the NBT header's length field.
> ~~~~~~~~~~~ Here I'd ask a quite stupid question:) :If server sends
> client two packets, one by one.
> Until both are in socket buffer,client calls recv( ) to get
> the all in buffer, will client get a mixture
> or only the first packet?
That's a very good question, actually...
TCP provides a stream. The packets will be made available in the order in
which they were sent, but *not* as discreet packets. You might call
recv() and get the end of the last packet, all of the current packet, and
the first part of the next packet. You have to collect and parse the
The nature of the SMB protocol hides that fact. In general, the client
will only get a message from the server if the client asked for it. You
send a request, wait for the entire reply, then send another request.
The keep-alive is one situation in which the messages can get interleaved.
It can also happen if there are multiple processes using the same SMB
> If it is the first situation,Then,I have to suppose that it
> is possible
> that keep-alive is in front of WriteRaw OK,then I have to
> remove first 4Bytes and get
> WriteRaw OK.It is more troublesome.
Could be ahead, could be behind. Fortunately, the NBT Session Service
headers all provide a message length field. Yes, you do have to watch for
and handle this situation.
> ~~~~~~~~~~ I 'd like to show you the read raw packet format, which I
> have got using NAI sniffer4.6.
Ethereal is recommended, if only because the rest of us know how to read
> I have make a picture,pls
> see the attached file. You can see that in read raw,the first
> packet has a netbios header,yet the others haven't.
Okay. I wasn't sure about that. Thanks for letting me know.
> As I have seen in rfc1002, server or client should reset
> timer when they receive a packet.
When they receive an *NBT* packet. The NBT keepalive timer is managed at
the NBT layer. The TCP stream won't reset the timer, but the initial READ
RAW request *should* reset the timer.
> If so, we won't have to worry about keep-alive packet.
> I don't know why they ignore this rule, introducing
> so much complexity.
What I can't tell from the graphic you sent is whether the keep-alive
message is interleaved with the raw read messages. It shouldn't be
because, as I've said, the initial READ RAW request from the client should
reset the timer and the READ RAW itself should be finished before the
I really can't imagine Samba making the mistake of sending the keep-alive
while it is in the middle of a READ RAW operation, but I would believe it
if I saw a capture that shows it (an Ethereal capture would be
Windows... well, I suppose it would be easier to imagine, but I'd still
want to see the capture.
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical