Internet DRAFT - draft-palanivelan-netbios-smb
draft-palanivelan-netbios-smb
INTERNET-DRAFT A.Palanivelan
Intended Status: Informational EMC Corporation
Expires: July 14, 2013 January 10, 2013
Server Message Block and NetBIOS
draft-palanivelan-netbios-smb-04
Abstract
The Server Message Block (SMB) is a presentation layer protocol
providing file and print sharing functions for LAN Manager, and other
network operating systems.
The Network Basic I/O System (NetBIOS) NetBIOS was developed in the
early 1980s to allow applications to communicate over a network. The
TCP/IP version called NetBIOSoverTCP/IP(NetBT), was developed to
support communications between symbolically named stations and
transfer of arbitrary data.NetBT supports all three services (Name,
Datagram and Session) supported by NetBIOS.
This document attempts to provide, Control and Operational details on
SMB over NetBT session, which is otherwise not clearly explained in
the RFCs [Netbios concepts] and [Netbios specification] or any
available documentation.
This document is intended for documentation purpose and for
informational use only.This document does not attempt to define a
standard, rather tries explaining an existing implementation.
This document puts together pieces of information scattered in
multiple documents and offers a single complete documentation for
this specific application (smb over NetBT).
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
A.Palanivelan Expires July 14, 2013 [Page 1]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Server Message Block packet structure . . . . . . . . . . . . . 4
4 Netbios Session Service Packet structure . . . . . . . . . . . 5
5 File and Printer Sharing Operations . . . . . . . . . . . . . . 6
6 Security Considerations . . . . . . . . . . . . . . . . . . . . 9
7 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1 Normative References . . . . . . . . . . . . . . . . . . . 9
8.2 Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
A.Palanivelan Expires July 14, 2013 [Page 2]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
1 Introduction
NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking
protocol that allows legacy node applications relying on the NetBIOS
API to scale for the modern TCP/IP networks.This shall support all
the three NetBIOS services (given below) over secured tcp/ip
connections.
* Name service for name registration and resolution (port: 137)
* Datagram distribution service for connectionless communication
(port: 138)
* Session service for connection-oriented communication (port: 139)
The file and printer sharing services are provided by the Server
Message Block (SMB) protocol. This shall run on top of NetBT session
or run directly over TCP.
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Overview
In NetBIOS, The following three services are supported.
Name Service : Each participant must register on the network
using a unique name of at most 16 characters. NetBT Name Service
handles and records all name registrations.(Port: 137/UDP or 137/TCP)
Datagram Service: Datagram mode is connectionless. A datagram is
sent to unique or multiple NetBIOS participants on the network.(Port
138/UDP)
Session Service : Session mode lets two hosts in the network to
access and transfer data in a secured way.(Port 139/TCP)
Direct hosted "NetBIOS-less" SMB traffic uses port 445 (TCP and
UDP)and SMB over NetBT uses the nbsession service Port (139/TCP).
NetBT allows handling of larger messages, while also providing error
detection and recovery.This document is focused on the NetBT Session
service for message transfer between hosts, and hence shall discuss
SMB and SMB over NetBT in detail.
A.Palanivelan Expires July 14, 2013 [Page 3]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
3. Server Message Block packet structure
Server Message Block (SMB) allows hosts to control sessions like
share files, printers, disks etc. SMB thus enables access of shared
resources between nodes across the network. SMB packet structure is
given below.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0xff | S | M | B |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Command | Status .. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .. Status | Flags | Flags2 .. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .. Flags2 | TreeID | PID .. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .. PID | User | MultiplexID..|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ..MultiplexID | WordCount | ParameterWords[Wordcount] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Byte count | DATA |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ /
/ /
/ /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
A successful connection from a client machine to the server returns a
Treeid that identifies the transactions through this particular
connection. Each of the operations from the client is identified by
the caller process id (PID) and the userid (UID) is used for the
authenticated requests/operations.
Multiplexing the single client and server connection among the
client's multiple processes, threads, and requests per thread is
identified by the Multiplex id (MID).
The Size of the data portion of the packet is given by Bytecount and
the actual data follows this field.
A.Palanivelan Expires July 14, 2013 [Page 4]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
4 Netbios Session Service Packet structure
The [Netbios specification] describes the session service packet
structure. File and printer services are the primary uses of the
NetBIOS Session service.All session packets are of the following
general structure:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TYPE | FLAGS | LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ TRAILER (Packet Type Dependent) /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The TYPE, FLAGS, and LENGTH fields are present in every session
packet.
TYPE - Message Type ( SESSION MESSAGE
SESSION REQUEST
POSITIVE SESSION RESPONSE
NEGATIVE SESSION RESPONSE
RETARGET SESSION RESPONSE
SESSION KEEP ALIVE )
4.1 Session Message
The actual data transfer in NetBT session is through session
messages.The Session service Packet Type "Session message" is
represented in hexadecimal as 00.
00 - SESSION MESSAGE
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TYPE | FLAGS | LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ /
/ USER_DATA /
/ /
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The NetBT session is established on TCP port 139 and the data
transfer is done through the session messages.The connection is then
closed after the data transfer. There may be one or more session
messages during an active session based on the size of data.
A.Palanivelan Expires July 14, 2013 [Page 5]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
5 File and Printer Sharing Operations
The file and printer sharing services are provided by the Server
Message Block (SMB) protocol. This shall run on top of NetBT session
or run directly over TCP. SMB fits well with the client-server
topology, where client makes specific requests and the server
responds accordingly.
5.1 Direct hosted SMB
Direct hosted SMB traffic uses port 445. This does not use NetBT.
Here, a four-byte header precedes the SMB traffic. The first byte of
this header is always 0x00, and the next three bytes are the length
of the data.
This is useful in systems that do not support NetBT and in network
where NetBT is not preferred.
If the Client has NetBT disabled, it will always try to connect to
the server at port 445 only. If the server answers on port 445, the
session shall be established and continued on that port. If it
doesn't answer, the session will fail completely.When the server has
NetBT disabled, it shall listen on port 445 only and respond to
requests to this port.
5.2 SMB over NetBT
If both the direct hosted and NetBT interfaces are enabled, both
methods are tried at the same time and the first to respond is
used.This allows interoperability with operating systems that do not
support direct hosting of SMB traffic or NetBT.
5.2.1. NetBT Session Establishment
When the client and the remote machine have NetBT enabled, the
Netbios Sessions are established by exchanging packets on TCP port
139. The node establishing the session attempts to make a TCP
connection to port 139 on the remote node/server.
On establishing the TCP connection, the client then sends over this
connection a "Session Request" packet with the NetBIOS names of the
client to the NetBIOS name to remote machine/server.The remote node
shall respond with a "Positive Session Response" indicating that a
session can be established or a "Negative Session Response"
indicating that no session can be established.
Multiple sessions, each identified with a unique Transaction id, may
exist between any pair of calling and called names.
A.Palanivelan Expires July 14, 2013 [Page 6]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
5.2.2 NetBT session Data Transfer
Data is transmitted during an established session by Session Message
packets. NetBIOS keep-alives are used on each connection to verify
that both the server and workstation are still able to maintain their
session.
For file sharing or printer sharing services, the data transfer shall
be through the SMB packets that are exchanged as NetBT session
message packets.
5.2.3 SMB Data transfer on NetBT
On an established NetBT session,the client through SMB negotiates the
SMB capabilities with the remote machine/server.This is done through
SMB command "Negotiate protocol request" on NetBT session message
which is responded by a"Negotiate protocol response". The negotiated
SMB capabilities includes understanding long file names, extended
attributes, and so on.
All the SMB command messages go on top of the NetBT session message
on port139.The flags field in the SMB header shall indicate the type
of SMB command as request to the server or as response to the client
or the redirector. SMB shall follow this with "Session setup and x
request" command.The User and domain information of the connecting
machine shall be recorded in the local system. The session setup
request shall have the same process id (PID) as the Negotiate
protocol request/response. This command is replied with a "session
setup and x response" command for the same PID.
SMB "Tree connect and X request" command shall follow the session
setup. The "Path" field of this command shall contain the path of the
shared resource in the remote machine/server, the client is
requesting access. The remote machine shall respond with a "Tree
connect and X response" for a successful tree connection with a
unique TreeID.
On establishing the tree connection, further network traffic shall be
generated based on the operation performed including displaying
directory, accessing data files, launching applications, etc. The
subsequent transactions on this tree connection shall have matching
TID,PID,UID information.
The SMB data transfer typically uses "Read and x request", "Read and
xresponse", "Write and x request" and "Write and x response"
commands. "No more data from sender" flag set in these commands shall
indicate that there is no more data to follow.
A.Palanivelan Expires July 14, 2013 [Page 7]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
The client machine sends a "close request" command and the server
shall acknowledge with a "close response". This may be followed by a
further set of transactions on the same tree.
The client may then request to close the tree connection with a "tree
disconnect request".The remote machine/server releases the TID and
responds with a "tree disconnect response".
5.2.4 NetBT Session Close The NetBT Sessions are closed by closing
the TCP connection.When a user requests to close a session, the
service first attempts a graceful close of the TCP connection. If
the connection does not close within the SSN_CLOSE_TIMEOUT the TCP
connection is aborted. No matter how the TCP connection is
terminated, the NetBIOS session service always closes the NetBIOS
session.
A.Palanivelan Expires July 14, 2013 [Page 8]
�
INTERNET DRAFT draft-palanivelan-netbios-smb-04 January 10, 2013
6 Security Considerations
Security considerations discussed in [Netbios concepts] and [Netbios
specification] apply to this document.
7 IANA Considerations
This document does not require any IANA action.
8 References
8.1 Normative References
[Netbios concepts] "Protocol Standard For a NetBIOS
Service on a TCP/UDP Transport: Concepts and Methods", RFC
1001, March 1987.
[Netbios specification] "Protocol Standard For a NetBIOS
Service on a TCP/UDP Transport: Detailed Specifications",
RFC 1002, March 1987.
8.2 Informative References
[1] IBM PC Network Technical Reference, Document Number
6322916, September 1984.
Authors' Addresses
Palanivelan Appanasamy
Principal Software Engineer,
Networking/WAN, EMC Corporation,
Bangalore-560048.
India.
EMail: Palanivelan.Appanasamy@emc.com
A.Palanivelan Expires July 14, 2013 [Page 9]
