Samba Transaction Implementation
Mahendran
shmahendran at gmail.com
Wed Dec 24 15:10:58 GMT 2008
Thanks Derrel!
I could come out of this problem. I have missed the field ResumeKey for each
data entry that caused the incorrect packet formation. I am actually
following "Common Internet File System Protocol (CIFS/1.0)" document. This
was missed in the document. Is there any latest document available?
The problem that I face now is, after the FIND_FIRST2 response the client
sends FIND_NEXT2 request with the filename as last name returned in the
FIND_FIRST2. I think this should not come as I have only 3 files on the
shared drive.
I have attached the capture (Capture2.pcap) with this mail. Please look at
the packet the packet no 26 for the FIND_FIRST2 response and packet no 27
for FIND_NEXT2 request.
Am I still missing anything in the FIND_FIRST2 response?
Your help will be highly appreciated. Thanks.
Best Regards,
Mahendran
On Tue, Dec 23, 2008 at 8:39 PM, Derrell Lipman <
derrell.lipman at unwireduniverse.com> wrote:
> On Tue, Dec 23, 2008 at 9:38 AM, Mahendran <shmahendran at gmail.com> wrote:
>
>> ...
>> It first sends Trans2_Request, FIND_FIRST2 command with the level of
>> interest as SMB_INFO_QUERY_EA_SIZE. I send the response for this request.
>> I
>> have totally 3 files (for implementation purpose I have only 3 files) in
>> the
>> shared drive. I could form the packet and send response for this request.
>> I
>> am sending all 3 files in the same packet. I am also sending 2
>> directories,
>> one for root and one for parent.
>>
>> While forming the data block I set 2 bytes each for CreationDate,
>> CreationTime, LastAccessDate, LastAccessTime, LastWriteDate and
>> LastWriteTime. I set the values as 0 for now.
>>
>
> Your FIND_FIRST2 response is malformed, as indicated by wireshark (formerly
> ethereal). If you look at the attached dump of your response, you'll see
> that the file name lengths are zero for the first two files, the allocation
> size is garbage, etc. Furthermore, when file names do show up in the packet
> data, they are in the wrong place. The file bootrom.sys, for example, is in
> the data area expected of Allocation Size, File Attributes, EA List Length,
> and File Name Len.
>
> I suspect that much of your problem is that the times are expected to be
> four bytes, not two, so you're throwing off the entire remainder of the
> packet with your two-byte timestamps.
>
> Here's the parse, but you can get this same info from wireshark. Try
> clicking on the Allocation Size for the third file (indicated as 1868696576)
> and you'll see it highlight the range of packet bytes from which it's
> retrieving that data.
>
> Derrell
>
> No. Time Source Destination Protocol
> Info
> 26 1.305777 10.255.105.150 10.255.104.103 SMB
> Trans2 Response, FIND_FIRST2, Files: [Malformed Packet]
>
> Frame 26 (293 bytes on wire, 293 bytes captured)
> Ethernet II, Src: GrassVal_00:41:bf (00:b0:09:00:41:bf), Dst: Dell_b3:69:b9
> (00:1a:a0:b3:69:b9)
> Internet Protocol, Src: 10.255.105.150 (10.255.105.150), Dst:
> 10.255.104.103 (10.255.104.103)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
> tr-rsrb-p2 (1988), Seq: 314, Ack: 686, Len: 239
> [Reassembled TCP Segments (243 bytes): #24(4), #26(239)]
> NetBIOS Session Service
> SMB (Server Message Block Protocol)
> SMB Header
> Trans2 Response (0x32)
> Subcommand: FIND_FIRST2 (0x0001)
> [Level of Interest: Info Query EA Size (2)]
> [Search Pattern: \*.*]
> Word Count (WCT): 10
> Total Parameter Count: 10
> Total Data Count: 171
> Reserved: 0000
> Parameter Count: 10
> Parameter Offset: 56
> Parameter Displacement: 0
> Data Count: 171
> Data Offset: 68
> Data Displacement: 0
> Setup Count: 0
> Reserved: 00
> Byte Count (BCC): 184
> Padding: 00
> FIND_FIRST2 Parameters
> Level of Interest: Info Query EA Size (2)
> Search ID: 0x1000
> Search Count: 5
> End Of Search: 1
> EA Error offset: 0
> Last Name Offset: 160
> Padding: 0000
> FIND_FIRST2 Data
> Info Query EA Size File:
> Resume Key: 0
> Created: No time specified (0x00000000)
> Last Access: No time specified (0x00000000)
> Last Write: No time specified (0x00000000)
> Data Size: 0
> Allocation Size: 16
> File Attributes: 0x00000000
> EA List Length: 11778
> File Name Len: 0
> File Name:
> Info Query EA Size File:
> Resume Key: 0
> Created: No time specified (0x00000000)
> Last Access: No time specified (0x00000000)
> Last Write: No time specified (0x00000000)
> Data Size: 4096
> Allocation Size: 50331648
> File Attributes: 0x00002e2e
> EA List Length: 0
> File Name Len: 0
> File Name:
> Info Query EA Size
> Resume Key: 0
> Created: Invalid time
> Last Access: No time specified (0x00000000)
> Last Write: Invalid time
> Data Size: 0
> Allocation Size: 1868696576
> File Attributes: 0x0000746f
> EA List Length: 778923890
> File Name Len: 115
> [Malformed Packet: SMB]
>
> Frame (293 bytes):
>
> 0000 00 1a a0 b3 69 b9 00 b0 09 00 41 bf 08 00 45 00 ....i.....A...E.
> 0010 01 17 00 48 40 00 40 06 51 9e 0a ff 69 96 0a ff ...H at .@.Q...i...
> 0020 68 67 00 8b 07 c4 80 9f 2b 0f d5 06 9d 52 50 18 hg......+....RP.
> 0030 80 00 61 ff 00 00 ff 53 4d 42 32 00 00 00 00 98 ..a....SMB2.....
> 0040 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 ................
> 0050 ff fe 00 00 42 01 0a 0a 00 ab 00 00 00 0a 00 38 ....B..........8
> 0060 00 00 00 ab 00 44 00 00 00 00 00 b8 00 00 00 10 .....D..........
> 0070 05 00 01 00 00 00 a0 00 00 00 00 00 00 00 00 00 ................
> 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 ................
> 0090 00 00 00 00 02 2e 00 00 00 00 00 00 00 00 00 00 ................
> 00a0 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 ................
> 00b0 00 03 2e 2e 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00c0 00 1a 00 00 00 00 00 00 00 20 00 00 00 00 00 0c ......... ......
> 00d0 62 6f 6f 74 72 6f 6d 2e 73 79 73 00 00 00 00 00 bootrom.sys.....
> 00e0 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 ................
> 00f0 20 00 00 00 00 00 08 76 78 57 6f 72 6b 73 00 00 ......vxWorks..
> 0100 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 ................
> 0110 00 00 00 20 00 00 00 00 00 0b 6c 6f 67 63 66 67 ... ......logcfg
> 0120 2e 65 6c 63 00 .elc.
>
> Reassembled TCP (243 bytes):
>
> 0000 00 00 00 ef ff 53 4d 42 32 00 00 00 00 98 07 00 .....SMB2.......
> 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 02 ff fe ................
> 0020 00 00 42 01 0a 0a 00 ab 00 00 00 0a 00 38 00 00 ..B..........8..
> 0030 00 ab 00 44 00 00 00 00 00 b8 00 00 00 10 05 00 ...D............
> 0040 01 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 ................
> 0050 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 ................
> 0060 00 00 02 2e 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 0070 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 03 ................
> 0080 2e 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 1a ................
> 0090 00 00 00 00 00 00 00 20 00 00 00 00 00 0c 62 6f ....... ......bo
> 00a0 6f 74 72 6f 6d 2e 73 79 73 00 00 00 00 00 00 00 otrom.sys.......
> 00b0 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 20 00 .............. .
> 00c0 00 00 00 00 08 76 78 57 6f 72 6b 73 00 00 00 00 .....vxWorks....
> 00d0 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 ................
> 00e0 00 20 00 00 00 00 00 0b 6c 6f 67 63 66 67 2e 65 . ......logcfg.e
> 00f0 6c 63 00 lc.
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture2.pcap
Type: application/octet-stream
Size: 7178 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20081224/084bc0b4/Capture2.obj
More information about the samba-technical
mailing list