Reset connections on zero VC?

Christopher R. Hertel crh at ubiqx.mn.org
Mon Nov 7 16:36:09 GMT 2005 

I have notes on this behavior in my book.  Microsoft actually introduced a
patch to disable this on their servers because of the NAT issue.  There's
a link to the KB article.

jCIFS also had a problem with this for a while because jCIFS would send a
VC=0 so, during testing against W2K[3] servers, jCIFS would disconnect any
SMBFS, CIFSVFS, or smbclient connections coming from the same box.  The
solution was to change the VC value to 1 in jCIFS.

I note that in your fix you've added a boolean smb.conf parameter.  I'd
suggest making this a per-client-IP or per subnet range feature.  If the
connection is via NBT, it might be worth-while checking the CALLING NAME
as well.

2cents.

Chris -)-----

On Mon, Nov 07, 2005 at 05:08:33PM +0100, Volker Lendecke wrote:
> Hi!
> 
> Attached find a patch that gets us closer to Windows behaviour. W2k3 kills all
> connections from a particular IP address when from that same IP address a
> session setup comes in with the VC field set to zero. Yes, this kills
> connections behind NAT, I tried it and it did kill conns.
> 
> I need this in some customer situations with lossy networks. One particular
> situation for example is uploading of user profiles. If a workstation gets
> stuck files with share modes might be left hanging around, the user reboots his
> wks and can't access his profile after that, because the "old" smbd can't tell
> that the workstation has been rebooted. As this is quite a drastic measure, I
> would like some confirmation before I check it in.
> 
> Volker

> Index: smbd/sesssetup.c
> ===================================================================
> --- smbd/sesssetup.c	(Revision 11547)
> +++ smbd/sesssetup.c	(Arbeitskopie)
> @@ -733,6 +733,29 @@
>   a new session setup with VC==0 is ignored.
>  ****************************************************************************/
>  
> +static int shutdown_other_smbds(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
> +				void *p)
> +{
> +	struct sessionid *sessionid = (struct sessionid *)dbuf.dptr;
> +	const char *ip = (const char *)p;
> +
> +	if (!process_exists(pid_to_procid(sessionid->pid))) {
> +		return 0;
> +	}
> +
> +	if (sessionid->pid == sys_getpid()) {
> +		return 0;
> +	}
> +
> +	if (strcmp(ip, sessionid->ip_addr) != 0) {
> +		return 0;
> +	}
> +
> +	message_send_pid(pid_to_procid(sessionid->pid), MSG_SHUTDOWN,
> +			 NULL, 0, True);
> +	return 0;
> +}
> +
>  static void setup_new_vc_session(void)
>  {
>  	DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.\n"));
> @@ -740,6 +763,9 @@
>  	conn_close_all();
>  	invalidate_all_vuids();
>  #endif
> +	if (lp_reset_on_zero_vc()) {
> +		session_traverse(shutdown_other_smbds, client_addr());
> +	}
>  }
>  
>  /****************************************************************************
> Index: smbd/session.c
> ===================================================================
> --- smbd/session.c	(Revision 11547)
> +++ smbd/session.c	(Arbeitskopie)
> @@ -198,7 +198,8 @@
>  	tdb_delete(tdb, key);
>  }
>  
> -static BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *), void *state)
> +BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *),
> +		      void *state)
>  {
>  	if (!session_init()) {
>  		DEBUG(3, ("No tdb opened\n"));
> Index: param/loadparm.c
> ===================================================================
> --- param/loadparm.c	(Revision 11547)
> +++ param/loadparm.c	(Arbeitskopie)
> @@ -303,6 +303,7 @@
>  	int name_cache_timeout;
>  	int client_signing;
>  	int server_signing;
> +	BOOL bResetOnZeroVC;
>  	param_opt_struct *param_opt;
>  }
>  global;
> @@ -954,6 +955,7 @@
>  	{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, FLAG_ADVANCED}, 
>  	{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_ADVANCED}, 
>  	{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED}, 
> +	{"reset on zero vc", P_BOOL, P_GLOBAL, &Globals.bResetOnZeroVC, NULL, NULL, FLAG_ADVANCED}, 
>  
>  	{"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility,  NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, 
>  	{"defer sharing violations", P_BOOL, P_GLOBAL, &Globals.bDeferSharingViolations, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL},
> @@ -1522,6 +1524,7 @@
>  	Globals.bUseMmap = True;
>  #endif
>  	Globals.bUnixExtensions = True;
> +	Globals.bResetOnZeroVC = False;
>  
>  	/* hostname lookups can be very expensive and are broken on
>  	   a large number of sites (tridge) */
> @@ -1810,6 +1813,7 @@
>  FN_GLOBAL_LIST(lp_eventlog_list, &Globals.szEventLogs)
>  
>  FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios)
> +FN_GLOBAL_BOOL(lp_reset_on_zero_vc, &Globals.bResetOnZeroVC)
>  FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard)
>  FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy)
>  FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport)




-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list