From: David Howells <dhowells@redhat.com>
To: Tom Talpey <tom@talpey.com>
Cc: dhowells@redhat.com, Steve French <smfrench@gmail.com>,
Steve French <sfrench@samba.org>,
Shyam Prasad N <nspmangalore@gmail.com>,
Rohith Surabattula <rohiths.msft@gmail.com>,
Long Li <longli@microsoft.com>,
Namjae Jeon <linkinjeon@kernel.org>,
Stefan Metzmacher <metze@samba.org>,
Jeff Layton <jlayton@kernel.org>,
linux-cifs@vger.kernel.org
Subject: Re: pcap of misbehaving fallocate over cifs rdma
Date: Thu, 26 Jan 2023 20:47:55 +0000 [thread overview]
Message-ID: <2899394.1674766075@warthog.procyon.org.uk> (raw)
In-Reply-To: <104c2782-4d9a-22ce-d680-08d01733fb4e@talpey.com>
Tom Talpey <tom@talpey.com> wrote:
> That's a really large SMBDirect Send operation, it looks like it's
> trying to send the entire write in one message and it overflows
> the receive buffer.
>
> I'm still fighting with wireshark and can't decode the layers
> above TCP. Can you look at the SMBDirect negotiation at the
> start of the trace, and tell me what the max send/receive
> values were set by each side?
Frame 8: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 33, Ack: 33, Len: 44
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
NegotiateRequest
MinVersion: 0x0100
MaxVersion: 0x0100
CreditsRequested: 255
PreferredSendSize: 1364
MaxReceiveSize: 1364
MaxFragmentedSize: 1048576
Frame 9: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac), Dst: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30)
Internet Protocol Version 4, Src: 192.168.6.1, Dst: 192.168.6.2
Transmission Control Protocol, Src Port: 5445, Dst Port: 50018, Seq: 33, Ack: 77, Len: 56
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
NegotiateResponse
MinVersion: 0x0100
MaxVersion: 0x0100
NegotiatedVersion: 0x0100
CreditsRequested: 255
CreditsGranted: 254
Status: STATUS_SUCCESS (0x00000000)
MaxReadWriteSize: 524224
PreferredSendSize: 1364
MaxReceiveSize: 1364
MaxFragmentedSize: 173910
Frame 10: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 77, Ack: 89, Len: 44
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
DataMessage
CreditsRequested: 255
CreditsGranted: 255
Flags: 0x0000
.... .... .... ...0 = ResponseRequested: False
RemainingLength: 0
DataOffset: 0
DataLength: 0
Frame 11: 346 bytes on wire (2768 bits), 346 bytes captured (2768 bits) on interface enp2s0, id 0
Ethernet II, Src: IntelCor_bb:e6:30 (00:1b:21:bb:e6:30), Dst: IntelCor_bb:e6:ac (00:1b:21:bb:e6:ac)
Internet Protocol Version 4, Src: 192.168.6.2, Dst: 192.168.6.1
Transmission Control Protocol, Src Port: 50018, Dst Port: 5445, Seq: 121, Ack: 89, Len: 280
iWARP Marker Protocol data unit Aligned framing
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
SMB-Direct (SMB RDMA Transport)
DataMessage
CreditsRequested: 255
CreditsGranted: 0
Flags: 0x0000
.... .... .... ...0 = ResponseRequested: False
RemainingLength: 0
DataOffset: 24
DataLength: 232
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Negotiate Protocol (0)
Credits requested: 10
Flags: 0x00000000
Chain Offset: 0x00000000
Message ID: 0
Process Id: 0x000013c5
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
[Response in: 13]
Negotiate Protocol Request (0x00)
[Preauth Hash: 81cd52dea94ed363a171b7effe222c0003574f5c54f6c7a1cbb041676ea9ddf15245b2a4…]
StructureSize: 0x0024
Dialect count: 4
Security mode: 0x01, Signing enabled
Reserved: 0000
Capabilities: 0x00000077, DFS, LEASING, LARGE MTU, PERSISTENT HANDLES, DIRECTORY LEASING, ENCRYPTION
Client Guid: c494649a-e636-d94c-a55e-be00d5a02a30
NegotiateContextOffset: 0x00000070
NegotiateContextCount: 4
Reserved: 0000
Dialect: SMB 2.1 (0x0210)
Dialect: SMB 3.0 (0x0300)
Dialect: SMB 3.0.2 (0x0302)
Dialect: SMB 3.1.1 (0x0311)
Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
DataLength: 38
Reserved: 00000000
HashAlgorithmCount: 1
SaltLength: 32
HashAlgorithm: SHA-512 (0x0001)
Salt: 1d6e14b44264b6cc1db622478c3826c4cd09df1dc70abf73f13b9261724d4181
Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES
Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
DataLength: 8
Reserved: 00000000
CipherCount: 3
CipherId: AES-128-GCM (0x0002)
CipherId: AES-256-GCM (0x0004)
CipherId: AES-128-CCM (0x0001)
Negotiate Context: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
Type: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID (0x0005)
DataLength: 22
Reserved: 00000000
Netname: 192.168.6.1
Negotiate Context: SMB2_POSIX_EXTENSIONS_CAPABILITIES
Type: SMB2_POSIX_EXTENSIONS_CAPABILITIES (0x0100)
DataLength: 16
Reserved: 00000000
POSIX Reserved: 93ad25509cb411e7b42383de968bcd7c
next prev parent reply other threads:[~2023-01-26 20:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 17:48 cifs-rdma: KASAN-detected UAF when using rxe driver David Howells
2023-01-25 7:48 ` David Howells
2023-01-25 14:02 ` [PATCH] cifs: Fix oops due to uncleared server->smbd_conn in reconnect David Howells
2023-01-25 14:47 ` Tom Talpey
2023-01-26 15:20 ` David Howells
2023-01-26 19:22 ` Tom Talpey
2023-01-26 19:49 ` David Howells
2023-01-25 15:52 ` Tom Talpey
2023-01-25 20:41 ` David Howells
2023-01-25 22:24 ` Tom Talpey
2023-01-25 22:43 ` David Howells
2023-01-25 22:56 ` Tom Talpey
2023-01-26 14:42 ` pcap of misbehaving fallocate over cifs rdma David Howells
[not found] ` <CAH2r5mupuFEw4hY7uOYjeHi08pS9vv3n30KppR_CTrKZ4xAdnw@mail.gmail.com>
2023-01-26 19:54 ` David Howells
2023-01-26 20:29 ` Tom Talpey
2023-01-26 20:47 ` David Howells [this message]
2023-01-25 23:42 ` [PATCH] cifs: Fix oops due to uncleared server->smbd_conn in reconnect Namjae Jeon
2023-01-25 16:20 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2899394.1674766075@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=jlayton@kernel.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=longli@microsoft.com \
--cc=metze@samba.org \
--cc=nspmangalore@gmail.com \
--cc=rohiths.msft@gmail.com \
--cc=sfrench@samba.org \
--cc=smfrench@gmail.com \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox