SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 File and Disk Sharing Protocols April 2, 2008 Richard Sharpe Senior Software Engineer | Data Robotics Wireshark Contributor SHARKFEST '08 Foothill College March 31 - April 2, 2008

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Agenda Disk serving/sharing protocols File serving/sharing protocols Ethereal issues

File Sharing or Disk Sharing Network Oriented Disk or File blocks?

Disk Sharing Basics

Disk Sharing Dimensions How many Logical Units (LUNs) Size of each LUN Does the protocol restrict LUN size Management Storage protection Mirroring or striping or P+Q Provisioning Do you back all advertised blocks with real blocks? When do you alert user more storage is needed? Mixed LUN sizes? Shared access?

Disk Sharing/Serving Protocols Protocol SCSI ATA Proprietary Transport USB FireWire (IEEE1394) Ethernet FibreChannel and FibreChannel over Ethernet (FCoE) Point-to-point cable (SATA, SAS, PATA, Parallel SCSI)

SCSI Introduction Parallel 8, 16, and 32-bit cables Terminators, LVDS, etc Serial Attached SCSI USB and FireWire TCP/IP – ie, iSCSI SCSI over FibreChannel SCSI over Ethernet - HyperSCSI

SCSI Standards Architecture

Original SCSI Model Eight Phases Bus Free Arbitration Selection Reselection Command (CDB) Data Message Status

SCSI Data Phases COMMAND Target requests Command Descriptor Block (CDB) 6, 10, 12, 16 or variable byte CDBs Bits Bytes Operation Code 1Reserved(MSB) 2 Logical Block Address 3 (LSB) 4Transfer Length or Parameter List Length etc 5Control

SCSI Data Phases, Command 10-Byte CDBs Bits Bytes Operation Code 1ReservedService Action (If required) 2,3(MSB) Logical Block 4,5 Address (If required) (LSB) 6Reserved 7(MSB) Transfer Length or 8 Parameter List Length (LSB) 9Control

SCSI Data Phases, Command 12-Byte CDBs Provides for 6-byte LBAs 32-bit transfer sizes 16-Byte CDBs Provides for 8-byte LBAs 32-bit transfer sizes

SCSI Data Phases Data Transfer Target requests transfer to or from initiator Status Target requests transfer of status to initiator Message Target can request transfer of messages See eg

USB Storage Details SCSI over USB Bulk Only Transport Command Block Wrapper Wraps CDB (max 16-bytes) Data in (to host) or data out (from host) Command Status Wrapper Wraps the status and residue No sense data See: sbulk_10.pdf

Command Block Wrapper Sent to Bulk endpoint by the host Bits Bytes dCBWSignature (0x – USBC) 4-7dCBWTag 8-11bmCBWFlags 13Reserved (0)bCBWLUN 14Reserved(0)bCBWLength 15-31CBWCB(Up to 16 bytes)

Command Status Wrapper Sent on a Bulk In endpoint by the device Bits Bytes dCSWSignature(0x USBS) 4-7dCSWTag 8-11dCSWDataResidue 12 bCSWStatus

Protocol Dissection Issues Capture files? Wireshark understands Linux usbmon captures Request and response matching Match data in or data out to requests Conversations Using the existing SCSI dissector

Use the source epan/dissectors/packet-usb-masstorage.c

USB Storage Details

ATA Serial ATA ATA over Ethernet (ATAoE) SATA over FibreChannel ATA over FireWire? Why not, given Firewire extension to 3+Gbps?

File Sharing Basics

File Operations Create a file Delete a file Rename a file Open a file Read/write a file Lock portions of a file Change permissions Read/write file attributes Extend/truncate a file

Further File Sharing Dimensions One tree of files per server or a forest Namespaces Single network-wide namespace or one (or more) per server Stateless vs Stateful Access permission model Sharing model Locking Caching mechanisms Performance

File Serving/Sharing Protocols NFS NFS v3 NFS v4 CIFS/SMB NetWare Parallel NFS Andrew File System PanFS

NFS v3 RFC1813 ( Improvement of NFS v2 Stateless Operates over UDP and TCP Server does not need to keep client-related state File handles encapsulate state Based on XDR and SunRPC File attributes returned with most calls Reduces number of calls and round trips

NFS v3 continued Locking protocol external to NFS v3 NFS lock manager Mount protocol separate

NFS v4 RFC3010 ( Servers keep state Operates over TCP and UDP Open request establishes state Lease based, with release on timeout Compound operations Locking Caching and delegation

CIFS/SMB Originally NetBEUI Over Ethernet Frame Protocol Server Message Block protocol Renamed CIFS in 1996 State based TCP connection oriented NetBIOS header Forest of trees Shares are the point of access

CIFS/SMB continued Sharing defined in the protocol Read/Write/Delete specified at file open time Locking part of the protocol Ranges of bytes can be locked for reading/writing Client caching protocol part of the protocol OpLock based (callbacks)

CIFS/SMB Packets Request/Response Protocol Basic Header fields repeated in request and response Makes response matching relatively simple Header (Variable Length – Starts with 0xFFSMB) Data, length defined by header

CIFS/SMB Header TypeOffsetsField uchar0-3Protocol (0xFFSMB) uchar4Command ulong5-8Status (Several variants) uchar9Flags ushort10-11Flags2 uchar12-23Security/Extra ushort24-33TID, PID, UID, MID uchar34WordCount ushort35-xxParameterWords[WordCount] ushortxx+1ByteCount ucharxx+2 - yyBuffer[ByteCount]

packet-smb.c Now look at the source code epan/dissectors/packet-smb.c

NetWare Based on XNS Internet Packet Exchange Protocol – IPX Network layer - connectionless Sequenced Packet Exchange – SPX Transport protocol – connection oriented Service Advertisement Protocol Very popular at one time

Parallel NFS Extension to NFSv4 ( Allows direct, parallel, access to storage devices Provides clients with layout information

Andrew File System

PanFS

These Protocols and Ethereal Protocol dissectors reusable Capture formats can inject any packet types Eg, SCSI over FC over Ethernet State keeping

Problems More capture file format need to be included Especially for proprietary tools USB sniffers FireWire sniffers Other sniffer products