Bug 9057 - SMB2 credit handling code has bugs.
Summary: SMB2 credit handling code has bugs.
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: SMB2 (show other bugs)
Version: unspecified
Hardware: All All
: P1 regression
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2012-07-20 23:17 UTC by Jeremy Allison
Modified: 2012-07-24 18:51 UTC (History)
1 user (show)

See Also:

Patches for v3-6-test (28.61 KB, patch)
2012-07-23 12:45 UTC, Stefan Metzmacher
jra: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-07-20 23:17:52 UTC
Found (and fixed in master) by metze:

1. If the client starts with a SMB1 negprot, we never removed seqnum 0.

2. when moving the seqnum_low, we didn't calculate the bitmap_offset

3. we moved seqnum_low + 1 (as lowest value) instead of id == seqnum_low.

4. we didn't stop granting credits if the client didn't use seqnum_low.

5. first we granted all credits that client asked for in the first response
   and our 1/16th logic, removed credits the client already had.
   I guess the windows client doesn't expect the server to remove credits
   if he asks to keep the current credit level.

Back-ports of patches from master to follow.
Comment 1 Stefan Metzmacher 2012-07-23 12:45:52 UTC
Created attachment 7716 [details]
Patches for v3-6-test
Comment 2 Jeremy Allison 2012-07-23 21:37:22 UTC
Comment on attachment 7716 [details]
Patches for v3-6-test

Great work Metze ! Thanks.
Comment 3 Jeremy Allison 2012-07-23 21:37:46 UTC
Re-assigning to Karolin for inclusion in 3.6.next.
Comment 4 Karolin Seeger 2012-07-24 18:51:04 UTC
Pushed to v3-6-test.
Closing out bug report.