smb3 protocol update
play

SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft - PowerPoint PPT Presentation

Jul 11, 2023 •980 likes •1.45k views

SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol since last year SMB3 Protocol update in current 20H1 SMB3 Protocol changes coming Other related developments 2 SambaXP 2020

  1. SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft Corporation 1

  2. Outline • SMB3 Protocol since last year • SMB3 Protocol update in current “20H1” • SMB3 Protocol changes coming • Other related developments 2 SambaXP 2020 Online

  3. Important • This presentation has been prepared with all appropriate social distancing • It has been quarantined and is free of viral influence • Probably. • Ok, maybe. 3 SambaXP 2020 Online

  4. MS-SMB2 Document • Updated March 4 • At the “familiar” URL ☺ • https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- smb2/5606ad47-5ee0-437a-817e-70c366052962 • Errata are published regularly • Updated May 25, 2020 • https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- winerrata/2cdafcfa-ce51-426a-9678-630a505a1a35 • N.B. try these without the GUID (just the doc name) 4 SambaXP 2020 Online

  5. SMB3 Protocol Changes SambaXP 2020 Online 5

  6. MS-SMB2 • Windows and Windows Server “20H1” release • A.k.a. Windows 10 version “2004” • Any Day Now • Updated doc March 4 • https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- smb2/5606ad47-5ee0-437a-817e-70c366052962 • Also covering 19H2 today • To catch up since SambaXP 2019 SambaXP 2020 Online 6

  7. MS-SMB2 changes Summer/Fall 2019 • [MS-SMB2]-190923-diff.pdf • 19H2 is “quality release” overall – no new SMB3 features • Document is similarly changed, maintenance only • E.g. Netname negotiate context is not null-terminated • Fileid’s and their relation to MS-FSCC and caching • Document structural cleanup and common text merged • Document template fixes (Abstract Data Model, etc) • It was also relatively quiet for Technical Document Issues (“TDIs”) SambaXP 2020 Online 7

  8. MS-SMB2 Changes Winter/Spring 2019-2020 • [MS-SMB2]-200304-diff.pdf • 20H1 contains new SMB3 changes • Chained compression, new Pattern_V1 • Much more on this shortly! • Somewhat increased TDI level • From protocol partners (Samba!) • And Microsoft protocol validation testing, performed with any “major” changes • Document maintenance • Oplock and Leasing additional new discussion SambaXP 2020 Online 8

  9. MS-SMB2 Changes – Recent Errata • Significant clarifications for Pattern_V1 and chained compression • Multichannel processing • Session scavenger processing and ClientGUID handling • Miscellaneous reconnection, lease cleanup and encryption fixes • https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- winerrata/2cdafcfa-ce51-426a-9678-630a505a1a35 SambaXP 2020 Online 9

  10. SMB3 New Protocol Features SambaXP 2020 Online 10

  11. SMB3 Changes • New SMB3 features (negotiate contexts) • “Pattern_V1” compression • Chained compression • All other compression processing and policies remain • Again, no dialect change • No dialect bump foreseen SambaXP 2020 Online 11

  12. Compression • Modifies negotiate context SMB2_COMPRESSION_CAPABILITIES • Adds SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED • Adds new algorithm “Pattern_V1”, defined in MS -SMB2 itself • MS-SMB2 section 2.2.3.1.3 (request) and 2.2.4.1.3 (response) • Modifies new SMB2_COMPRESSION_PAYLOAD_HEADER • Makes OriginalPayloadSize optional to LZ algorithms • Adds chained flag • Adds new SMB2_COMPRESSION_PATTERN_PAYLOAD_V1 • For chained compressed payloads • No changes to existing negotiation, or algorithms • See last year’s SambaXP for those ☺ SambaXP 2020 Online 12

  13. SMB Compression (review) • Client optionally negotiates compression by appending negotiation context (ID = 0x0003) 1 2 3 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 0 0 0 CompressionAlgorithmCount Padding Flags CompressionAlgorithms (variable) … • Server responds with the supported algorithms, sorted. • New SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED SambaXP 2020 Online 13

  14. Compression Transform (review) • Eligible segment is replaced with compression transform (MS-SMB2 section 2.2.42) in SMB2 transform header • Previously defined for 3 algorithms 1 2 3 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 0 0 0 ProtocolId OriginalCompressedSegmentSize CompressionAlgorithm Flags Offset/Length SambaXP 2020 Online 14

  15. New Compression negotiation flags and algorithm Value Meaning Chained compression is not supported. SMB2_COMPRESSION_CAPABILITIES_FLAG_NONE 0x00000000 Chained compression is supported on this connection. SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED 0x00000001 Value Meaning NONE No compression 0x0000 LZNT1 LZNT1 compression algorithm 0x0001 LZ77 LZ77 compression algorithm 0x0002 LZ77+Huffman LZ77+Huffman compression algorithm 0x0003 Pattern_V1 Pattern Scanning algorithm 0x0004 SambaXP 2020 Online 15

  16. Chained Compression • Compresses multiple segments within each message • With potentially different supported algorithms Value Meaning Chained compression is not supported. SMB2_COMPRESSION_FLAG_NONE 0x0000 The Compressed message is chained with multiple compressed payloads. SMB2_COMPRESSION_FLAG_CHAINED 0x0001 SambaXP 2020 Online 16

  17. Chained transforms • SMB2_COMPRESSION_PAYLOAD_HEADER 1 2 3 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 0 0 0 AlgorithmId Reserved Length OriginalPayloadSize (optional) • 2.2.42.2 SMB2_COMPRESSION_PATTERN_PAYLOAD_V1 1 2 3 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 1 0 0 0 Pattern Reserved1 Reserved2 Repetitions SambaXP 2020 Online 17

  18. Pattern_V1 Compression • “Run length” pattern matching • Sequential, equivalent values which repeat for a specified count • Match anywhere within a block • Typically, at “front” and/or “back” • Valid only with chained compression SambaXP 2020 Online 18

  19. Chained Compression Example • An SMB2_WRITE of 4KB of data • With the data to write containing: 000000…55AA55AA55AA…FFFFFF • This is recognized as three compressible segments: • Pattern_v1 of 00’s • Compressible data (e.g. LZ77) • Pattern_v1 of FF’s • Here’s how the block is sent: SambaXP 2020 Online 19

  20. Chained Compression Example (2) SMB2_WRITE 4KB Data = 0000…55AA…FFFF 1 2 3 4 5 6 7 8 1. SMB2_COMPRESSION_TRANSFORM_HEADER(Chained=1) 2. SMB2_COMPRESSION_PAYLOAD_HEADER(Pattern_v1, len1) 3. SMB2_COMPRESSION_PATTERN_PAYLOAD_v1(0x00) 4. SMB2_COMPRESSION_PAYLOAD_HEADER(e.g. LZ77, len2) [or None] 5. (LZ77 compressed data) [or uncompressed data] 6. SMB2_COMPRESSION_PAYLOAD_HEADER(Pattern_v1, len2) 7. SMB2_COMPRESSION_PATTERN_PAYLOAD_v1(0xFF) 8. Remaining HEADER+SMB2_WRITE and any additional uncompressed segments SambaXP 2020 Online 20

  21. Pattern_V1 Compression processing • Eligible for any payload • Most interesting for Virtual Disk and VM Live Migration • Where potentially long runs of 0’s (and other patterns) are present • “Front” and “Back” pattern scanning • “ I nternal” segments also eligible • Matches well to observed payloads • Certain other heuristics are applied (length, max expected savings… ) • In Windows, applied only on >=4KB segments • E.g. per-MDL segment in read or write (1 page or more) SambaXP 2020 Online 21

  22. Warning – Alignment! • Take another look at slide 20 • What is the size of the LZ77 segment? • Anything! ➢ The SMB2_COMPRESSION_PAYLOAD_HEADER (in 6) may not be aligned • This may be addressed in a future protocol update SambaXP 2020 Online 22

  23. Notice - Uncompressed segments! • If a segment is “short” (<64B), or doesn’t compress • And segment is “in between” two compressible segments • i.e. not eligible, but additional compressible data follows it • Then it becomes a “None” • Not compressed • Note previous warning on alignment • Note, the lengths and limits are behaviors , and may differ among implementations SambaXP 2020 Online 23

  24. Multiple TRANSFORMs • Encryption is also a transform • And is different from Chaining • Always applied after compression • Entire compressed transform is wrapped in TRANSFORM_HEADER • As previously defined by protocol SambaXP 2020 Online 24

  25. Yes, it can be complex • Nature of the beast? • Many strange and wonderful patterns, and algorithms • Test, Test, Test • I guarantee you’ll find issues • Let me tell you some stories… SambaXP 2020 Online 25

  26. Documenting Compression (https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- • Getting the compression text winerrata/2cdafcfa-ce51-426a-9678-630a505a1a35) “right” has been a challenge • Several issues found in manual and automated document testing review • Others found when fixing those • Look to the Errata! • And a future updated document SambaXP 2020 Online 26

  27. To really convince you • https://www.microsoft.com/security/blog/2020/05/04/mitigating- vulnerabilities-endpoint-network-stacks/ • Please not another “Hold M y Beer” moment! ☺ SambaXP 2020 Online 27

  28. SMB3 Protocol Futures SambaXP 2020 Online 28

  29. Possible protocol features Yes, you’ve seen some of these before • Client compression control • SMB over QUIC • New transforms and signing • High performance AES-GMAC signing • Enhanced encryption algorithms • Compression alignment enhancement • Signing/Encryption over RDMA • RDMA direct access to persistent storage SambaXP 2020 Online 29

Recommend

SMB3 Protocol Update Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol changes

SMB3 Protocol Update Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol changes

SMB3 Protocol Update Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol changes SMB3 Protocol futures Possible Microsoft/Samba collaborations sambaXP 2019 Gttingen 2 SMB3 Protocol Changes sambaXP 2019 Gttingen 3

977 views • 36 slides
Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the

Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the

Microsoft SMB Looking Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the works in Windows The SMB1 situation Other uses of SMB3 sambaXP 2018 Gttingen 2 SMB3 Today SMB3 is the key

677 views • 28 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda

SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda

SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda History of SMB History of Samba SMB 2+ SMB 2+ in Samba SMB3 Multi-Channel Outlook: SMB3 over RDMA Outlook: SMB3 Clustering/Witness Outlook: SMB3

573 views • 56 slides
SMB3 Multichannel Update Gnther Deschner &lt;gd@samba.org&gt; Sachin Prabhu

SMB3 Multichannel Update Gnther Deschner &lt;gd@samba.org&gt; Sachin Prabhu

SMB3 Multichannel Update Gnther Deschner &lt;gd@samba.org&gt; Sachin Prabhu &lt;sprabhu@redhat.com&gt; A g e n d a S a mb a / C T D B C l u s t e r i n g w i t h G l u s t e r F S S M B 3 M u

862 views • 33 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file

SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file

SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file servers Steve French Principal Software Engineer Azure Storage - Microsoft Legal Statement This work represents the views of the author(s) and does

748 views • 51 slides
Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba

Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba

Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba Steve French Principal Systems Engineer Primary Data Legal Statement T h i s w o r k r e p r e s e n t s t h e v i e w s o f t h e a u t h

513 views • 30 slides
ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1.

ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1.

ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1. Process update 2. Issues for discussion 3. Protocol changes 4. Audience questions 5. Next steps 2 Item 1 PROCESS UPDATE 3 Process update

553 views • 20 slides
SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary

SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary

SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary Data Legal Statement T h i s w o r k r e p r e s e n t s t h e v i e w s o f t h e a u t h o r ( s ) a n d d o e s n o t necessarily reflect the

637 views • 34 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement

SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement

SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement Storage Class Memory A new, disruptive class of storage Nonvolatile medium with RAM-like performance Low latency, high throughput, high

519 views • 36 slides
SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner &lt;gd@samba.org&gt; Sachin

SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner &lt;gd@samba.org&gt; Sachin

SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner &lt;gd@samba.org&gt; Sachin Prabhu &lt;sprabhu@redhat.com&gt; A g e n d a S a mb a / C T D B C l u s t e r i n g w i t h G l u s t e r F S

322 views • 31 slides
AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET

AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET

AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET TESHOME ENVIRONMENTAL LAWYER AFRICAN UNION COMMISSION DEPARTMENT OF HUMAN RESOURCES SCIENCE AND TECHNOLOGY 8 th PAN AFRICAN WORKSHOP ON ABS MARCH

248 views • 11 slides
INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019 About me Linux kernel contributor since 2011 Co-Creator of Samsung internal NTFS Filesystem Introduce collapse and insert range syscall

406 views • 26 slides
Metadata format and Update Notification Protocol Yuji Nomura Fujitsu Laboratories Ltd. Henning

Metadata format and Update Notification Protocol Yuji Nomura Fujitsu Laboratories Ltd. Henning

Metadata format and Update Notification Protocol Yuji Nomura Fujitsu Laboratories Ltd. Henning Schulzrinne Columbia University Background Standardization activities for electronic program guides (EPGs) MPEG-7, TV Anytime Forum, DVB,

594 views • 9 slides
TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol must specify a NETWORK ADDRESS

899 views • 22 slides
The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

Objectives Objectives How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol

433 views • 10 slides
Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internet Protocol Suite: Transport Internet Protocol Suite: Transport TCP: Transmission Control Protocol Byte stream transfer Internet Protocol Suite Internet Protocol Suite Reliable, connection-oriented service Point-to-point

374 views • 3 slides
An Update on the Zone Routing Protocol (ZRP) Zygmunt J. Haas &amp; Marc R. Pearlman Wireless

An Update on the Zone Routing Protocol (ZRP) Zygmunt J. Haas &amp; Marc R. Pearlman Wireless

An Update on the Zone Routing Protocol (ZRP) Zygmunt J. Haas &amp; Marc R. Pearlman Wireless Networks Laboratory Cornell University The Routing Zone Framework - Proactively track local topology (routing zone) - Reactively query between

61 views • 5 slides
FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol Ltd Americas Committee martinkoopman@gmail.com Australia Was Early to Electronic Trading But Late to FIX Very early use of electronic trading

809 views • 12 slides
Forth Valley Royal Hospital Natalizumab Audit and DMT Protocol Update Tim Soane Neurology

Forth Valley Royal Hospital Natalizumab Audit and DMT Protocol Update Tim Soane Neurology

Forth Valley Royal Hospital Natalizumab Audit and DMT Protocol Update Tim Soane Neurology Registrar, Forth Valley Royal Hospital Background I have just started a post at FVRH It seemed like a good time to review the MS service

562 views • 17 slides
EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A

EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A

EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A RESOURCE PROTOCOL A comparison between one session of the standard protocol versus the reinforced resource protocol The basic EMDR protocol

368 views • 15 slides

More recommend