From: David Howells <dhowells@redhat.com>
To: Tom Talpey <tom@talpey.com>
Cc: dhowells@redhat.com, Steve French <smfrench@gmail.com>,
Steve French <sfrench@samba.org>,
Shyam Prasad N <nspmangalore@gmail.com>,
Rohith Surabattula <rohiths.msft@gmail.com>,
Long Li <longli@microsoft.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Stefan Metzmacher <metze@samba.org>,
Jeff Layton <jlayton@kernel.org>,
linux-cifs@vger.kernel.org
Subject: Re: pcap of misbehaving fallocate over cifs rdma
Date: Thu, 26 Jan 2023 20:47:55 +0000 [thread overview]
Message-ID: <2899394.1674766075@warthog.procyon.org.uk> (raw)
In-Reply-To: <104c2782-4d9a-22ce-d680-08d01733fb4e@talpey.com>
Tom Talpey <tom@talpey.com> wrote:
> That's a really large SMBDirect Send operation, it looks like it's
> trying to send the entire write in one message and it overflows
> the receive buffer.
>
> I'm still fighting with wireshark and can't decode the layers
> above TCP. Can you look at the SMBDirect negotiation at the
> start of the trace, and tell me what the max send/receive
> values were set by each side?
Frame 8: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 33, Ack: 33, Len: 44
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
NegotiateRequest
MinVersion: 0x0100
MaxVersion: 0x0100
CreditsRequested: 255
PreferredSendSize: 1364
MaxReceiveSize: 1364
MaxFragmentedSize: 1048576
Frame 9: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac), Dst: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30)
Internet Protocol Version 4, Src: 192.168.6.1, Dst: 192.168.6.2
Transmission Control Protocol, Src Port: 5445, Dst Port: 50018, Seq: 33, Ack: 77, Len: 56
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
NegotiateResponse
MinVersion: 0x0100
MaxVersion: 0x0100
NegotiatedVersion: 0x0100
CreditsRequested: 255
CreditsGranted: 254
Status: STATUS_SUCCESS (0x00000000)
MaxReadWriteSize: 524224
PreferredSendSize: 1364
MaxReceiveSize: 1364
MaxFragmentedSize: 173910
Frame 10: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 77, Ack: 89, Len: 44
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
DataMessage
CreditsRequested: 255
CreditsGranted: 255
Flags: 0x0000
.... .... .... ...0 = ResponseRequested: False
RemainingLength: 0
DataOffset: 0
DataLength: 0
Frame 11: 346 bytes on wire (2768 bits), 346 bytes captured (2768 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 121, Ack: 89, Len: 280
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
DataMessage
CreditsRequested: 255
CreditsGranted: 0
Flags: 0x0000
.... .... .... ...0 = ResponseRequested: False
RemainingLength: 0
DataOffset: 24
DataLength: 232
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Negotiate Protocol (0)
Credits requested: 10
Flags: 0x00000000
Chain Offset: 0x00000000
Message ID: 0
Process Id: 0x000013c5
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
[Response in: 13]
Negotiate Protocol Request (0x00)
[Preauth Hash: 81cd52dea94ed363a171b7effe222c0003574f5c54f6c7a1cbb041676ea9ddf15245b2a4…]
StructureSize: 0x0024
Dialect count: 4
Security mode: 0x01, Signing enabled
Reserved: 0000
Capabilities: 0x00000077, DFS, LEASING, LARGE MTU, PERSISTENT HANDLES, DIRECTORY LEASING, ENCRYPTION
Client Guid: c494649a-e636-d94c-a55e-be00d5a02a30
NegotiateContextOffset: 0x00000070
NegotiateContextCount: 4
Reserved: 0000
Dialect: SMB 2.1 (0x0210)
Dialect: SMB 3.0 (0x0300)
Dialect: SMB 3.0.2 (0x0302)
Dialect: SMB 3.1.1 (0x0311)
Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
DataLength: 38
Reserved: 00000000
HashAlgorithmCount: 1
SaltLength: 32
HashAlgorithm: SHA-512 (0x0001)
Salt: 1d6e14b44264b6cc1db622478c3826c4cd09df1dc70abf73f13b9261724d4181
Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES
Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
DataLength: 8
Reserved: 00000000
CipherCount: 3
CipherId: AES-128-GCM (0x0002)
CipherId: AES-256-GCM (0x0004)
CipherId: AES-128-CCM (0x0001)
Negotiate Context: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
Type: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID (0x0005)
DataLength: 22
Reserved: 00000000
Netname: 192.168.6.1
Negotiate Context: SMB2_POSIX_EXTENSIONS_CAPABILITIES
Type: SMB2_POSIX_EXTENSIONS_CAPABILITIES (0x0100)
DataLength: 16
Reserved: 00000000
POSIX Reserved: 93ad25509cb411e7b42383de968bcd7c
next prev parent reply other threads:[~2023-01-26 20:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 17:48 cifs-rdma: KASAN-detected UAF when using rxe driver David Howells
2023-01-25 7:48 ` David Howells
2023-01-25 14:02 ` [PATCH] cifs: Fix oops due to uncleared server->smbd_conn in reconnect David Howells
2023-01-25 14:47 ` Tom Talpey
2023-01-25 15:52 ` Tom Talpey
2023-01-25 16:20 ` Steve French
2023-01-25 20:41 ` David Howells
2023-01-25 22:24 ` Tom Talpey
2023-01-25 22:43 ` David Howells
2023-01-25 22:56 ` Tom Talpey
2023-01-25 23:42 ` Namjae Jeon
2023-01-26 14:42 ` pcap of misbehaving fallocate over cifs rdma David Howells
2023-01-26 19:54 ` David Howells
2023-01-26 20:29 ` Tom Talpey
2023-01-26 20:47 ` David Howells [this message]
2023-01-26 15:20 ` [PATCH] cifs: Fix oops due to uncleared server->smbd_conn in reconnect David Howells
2023-01-26 19:22 ` Tom Talpey
2023-01-26 19:49 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2899394.1674766075@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=jlayton@kernel.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=longli@microsoft.com \
--cc=metze@samba.org \
--cc=nspmangalore@gmail.com \
--cc=rohiths.msft@gmail.com \
--cc=sfrench@samba.org \
--cc=smfrench@gmail.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.