Here's a toy we can play with. ECHO is really as simple as it sounds. It's sort of the SMB equivalent of ping . The client sends a packet with a data block full of bytes, and the server echoes the block back. Simple. ...but this is CIFS we're talking about. Although the ECHO itself is simple, there are many quirks to be found in existing implementations . We will dig into this just a tiny bit to give you a taste of the kinds of problems you are likely to encounter. Let's start with a quick look at the ECHO REQUEST structure: SMB_PARAMETERS { WordCount = 1 EchoCount = <In theory, anything from 0 to 65535> } SMB_DATA { ByteCount = <Number of data bytes to follow> Bytes = <Your favorite soup recipe?> } The EchoCount field is a multiplier . It tells the server to respond EchoCount times. If EchoCount is zero, you shouldn't get any reply at all. If EchoCount is 9,999, then you are likely to get nine thousand, nine hundred, and ninety-nine replies. We say likely because of the wide variety of weirdity that can be seen in testing. One bit of weirdation is that all of the systems that were tested would respond to an ECHO REQUEST even if no SESSION SETUP had been sent and no authentication performed. This behavior is, in fact, per design, but it means that any client that can talk to your server from anywhere can ask for EchoCount replies to a single request. (It would probably be safer for the server to send a ERRSRV/ERRnosupport error message in response to an un-authenticated ECHO REQUEST .) Other strangisms of note:
No apologies. This is CIFS we're talking about. The ECHO SMB may be one of those things that get coded up just because they're in the documentation and they seem easy. It also appears as though ECHO hasn't been tested much. Certainly, the more it is stressed, the more variation can be seen. There is, however, something to note in the last example in the above list and in the message from Conrad: Once you know what you're looking at, you will find common themes that appear and reappear across a given implementation. These common themes are derived from common internals, and they can provide many clues about the inner workings of the implementation. Another fine point highlighted by our quick look at the ECHO SMB is that TCP is designed to carry streams of data not discrete packets. This can be seen in the results of the tests against Samba, in which multiple replies were contained in a single TCP packet. At the other extreme, several TCP packets are needed to transfer a single ECHO if it has a very large data payload. As a result, a single read operation may or may not return one and only one complete SMB message. Oversimplification Alert
|