SMB3 and Linux Seamless POSIX File Serving
Samba Team Samba Jeremy Allison [email protected] SMB3 SMB3 Linux and This image cannot currently be displayed. Seamless POSIX file serving This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
apps.
Isn't Isn't storage cloud ? the future Yes, but not usable for many existing This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Cloud Storage Storage Cloud is a store blob Apps are changing are Apps cope no random with accessto semantics cloud of stores,but this will take time. Blob Blob don'tstores map very well onto the open/read/write/close random access semantics of most applications. ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
NFS (v4) –
But But Windows supports SMB3 much NFS than better It's the clients.. We We need still accessfile protocols – – and SMB2+ from and SMB2+ (known SMB3 as on). now Both NFS and SMB are supported are by and SMB NFS Both the only clients that matter, Windows and X MacOS Linux. Why SMB3 and not NFSv4 ? NFSv4 and not SMB3 Why Only viable two options Even running running Even pointingcloud, in the useful.servers isexistingfile apps at ● ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
DFS) - lived handles)
SMB3 vs vs SMB3 NFSv4 file file and directory (SMB2 –
Sessions- (long SMB Adapted ACL model (disaster) NFS (pNFS) Parallel Defined over RDMA Delegations Delegations Name spaces (MS SMB3 SMB3 has features. more leases) – – – – – – – NFSv4 includes:NFSv4 Roughlycomparable. ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
want to use SMB3. towant
really SMB3 vs vs SMB3 NFSv4
side copies Leasing files/directories Snapshots Server- SMB over RDMA Multichannel (multiple NIC) Encryption Transparent failover Transparent (Active/Active Clustering shares) – – – – – – – – Windows clients Rapid development (whatever Microsoft adds next). adds development MicrosoftRapid (whatever SMB3 includes: SMB3 ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
ons.
SMB3 vs vs SMB3 NFSv4
Add POSIXsemantics to Windowsa protocol. Advisory locking, rename open files, unlink open files etc. files open unlink files, open rename locking, Advisory Extended attributes things and other added later. ● ● ● SMB3 SMB3 UNIX extensions ! Linux.→ Linux for we need what to SMB3 closeisreally Designed around POSIX POSIX POSIX clients→ around servers. Designed clientsModificationsWindows for add- are Close to POSIX POSIX Close to semantics. – – – – – How How do we thisfix for SMB3 ? NFSv4 NFSv4 has one current advantage in Linux Linux → environments: ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
insane) and HP. SCO
Symlinks POSIX & behaviors (rename delete file locking) POSIX pathnames POSIX level encryption tranport POSIXACLs Method of adding POSIX POSIX levels' SMB1 adding into of query/set 'info Method file requests. info SMB1 “UNIX extensions”. Enter flexible flexible Enter Samba – – – – – – – Later extended Samba by bothfor client and server: Originally - old (non created by Wehave a history making this work. ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Server UNIX specificUNIX reply: Open file handle SetFSinfo reply: SetFSinfo will bits I UNIX support UNIX capabilitiesUNIX Negprot reply: Negprot
Client SMB1 SMB1 ExtensionsUnix Negprot req:Negprot SetFSinfo req: SetFSinfo UNIX bits I want bits I UNIX UNIX UNIX specific req: Open with Openwith POSIX Pathname/foo/bar This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
. abusing the protocol to add protocolto abusingthe
- specific info levels for get/set. change behavior change
What SMB1 SMB1 What Unix Once UNIX extensionswere existing negotiated operations are expected to Tridge: “Using SetFSinfo “Using SetFSinfo Tridge: to set on the global state protocol makes me want connection to vomit !” Extensions Extensions got wrong – – Biggest problem server “global settingwas the state”. Apple Apple ended up doing the same thing adding by Macintosh- share Horrible hack job elements it was never designed to do: ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
follow follow symlinks on server. the
this is a disaster zone:
- of) (More MUST NOT
Windows EA's EA's Windows not a good match. are Windows clientsWindows want to follow symlinks on the server. clientsUNIX
– – –
No other server than Samba Samba server other implementedNo than them. Extended Attributes (EA's) differencesExtended (EA's) ignored.Attributes Transport level security (SMB1 encrypt) poorly encrypt) (SMB1 levelTransport security designed. Symlinks and security ● ● ●
● What What SMB1 Extensions UNIX wrong got This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
–
based. -
A Clean A Clean Slate
All the areas where POSIX requirements differ from from differ POSIX where All requirements areas the Windows. The only pathname operation is to use “Create” is into to operation turn “Create” to use The only pathname a handle. – – Handlesdelete/rename/locking/extended used for are attributes. POSIX semanticsone place. into POSIX Handles collect all the properties needed to implement SMB3 is entirely handle is SMB3 SMB3 SMB3 Extensions UNIX ● ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
built mechanism to extend the
SMB3 Create Create SMB3 Contexts Examples include “TWrp” (Timewarp) Examples and request snapshot (Timewarp) include “TWrp” “SMB2_CREATE_APP_INSTANCE_ID” (identified request by a GUID). Unknown create contexts are ignored. are Unknown contextscreate Create contexts are named “blobs” of data attached to the the to attached data of “blobs” named are contexts Create request and reply. “Create” – – – A create named contextA more (or “POsx” likely GUID) a will do nicely to add features POSIX to a create Create Create contextsallowed Microsoftextend toSMB2 → “Create” adding named elements toby features SMB3 operations. pathname conversion:→ Create Contexts. SMB3 SMB3 has in- an ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Still
bit field. field. bit
a 16- –
( -
built mechanism to extend the Extensions ? Extensions used for SMB3 allocated). SMB3 already for (bit used bit capabilities initial field in the server a GUID (missed IMHO) opportunity How to to How negotiate SMB3 UNIX Modeled after SMB3 Create contexts, but done at SMB3 SMB3 at done but contexts, SMB3 Create after Modeled initial time. negotiate Not Required coordination with with coordination Required Microsoft. - be re Could have to with coordinate Microsoft : – – – – Do we need UNIX we extensionsneed UNIX Do negotiation ? all at SMB3 SMB3 has- an in negotiation client of server → capabilities. negotiate response. SMB1 Unix extensions used a “POSIX CAPABILITY” CAPABILITY” extensionsUnix SMB1 “POSIX useda bit in the 32- ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
levels once negotiated.
specific features: -
Negotiation step done on an initial Create call on a name of of a name call on an initial Create on done step Negotiation in “” share. the sins SMB1 (global of the Unix extensionsReproduces on by a turned server state single request). AAPL AAPL context in create (implemented Samba by vfs_fruit). - info of returned Modifies contents – – – –
AAPL a very cleanAAPL isn't design. Mac Apple similar Apple add used a methodto ● ● ● Solution Apple The This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Design
Server Server gives “all or POSIX nothing” semantics if context returned. This lead to lots of complexity in the SMB1 SMB1 complexity the in lots of code.to lead This creation. handle → pathname for context create Add new parsing (UCS2, Use not existing pathname Windows names. stream data No UTF8). alternate The (proposed) (proposed) The Samba – – – – New handle flagged as “UNIX” internally, all operations internally, all “UNIX” flaggedas handle New become on POSIX this handle. No No negotiation on featuresCreate at time: Minimal Minimal protocol negotiation. absent) (or ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Design UNIX UNIX same on the open file). handles Do we expose the user. / system. or other EA namespacesexposeotherEAsystem. we Do or user.the / ? ShouldQueryDirectory ? returns change levelinfo ● ● Directory Directory listings POSIX return namespace. Get/Set EA's use UNIX not Windows namespace. Reads/Writes ignore POSIX POSIX ignore Reads/Writes locks Windows). (not Lock advisory requests become (not mandatory). Unlinks/renames are allowed on handlesopen (if no other non- The (proposed) (proposed) The Samba – – – – – What are semanticsthe POSIX on a handle ? ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
byte SMB2+ byte SMB2+ 0x2FF). –
bytes (0x200
0B), 0B), won’t but fit into existing 1-
Issues Unsolved –
As set/query info levels are attached to a file handle, we we a file to handle, attached levelsinfo are As set/query info could extra levels define only on POSIX handles. POSIX ? extra Use requests callsfor FSCTL instead What are the the EA are What on them ? ACL permitted and operations Few used - (00 How How we do ? them create info levelinfo space. The (proposed) (proposed) The Samba – – – – – Windows lock ranges are unsigned, POSIX are signed. are unsigned,ranges are Windows POSIX lock POSIX InfoPOSIX levels are 2-
Symlinks are still a problem. Design Design ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Removed the evil 'lp_posix_pathnames()' global callglobal from evilRemoved the 'lp_posix_pathnames()' the VFS. Samba 'POSIX' flag now to on a the state onlyhandle required server determine operation. Internal Samba issues prevented this code going into this going into Samba issuescode Internal prevented production. Extensions Extensions in Samba – – –
Still Still some cleanup do exposeto to all theLinux → Linux operations over SMB3 but mostly done 'Global' statefinally removed Samba from git master 2016. branch March Have already been prototyped by both Volker Volker both already Have been prototyped by Team. Samba the of Sharpe Richard Lendeckeand ● ●
● Implementing Implementing the UNIX SMB3 This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
The The Problem ACL
Do Do we into Windows ACLs, map these new create or info levels ? We already have info levels mapped to get/set POSIX POSIX info to levels already haveget/set We mapped ACLs. Similar but not the same as NFSv4 ACLs. same the Similar not but – – – Linux may be adding RichACLs (Andreas Gruenbacher'scode) Linux uses POSIX ACL draft spec, coded up by coded up spec, draft ACL POSIX Linux uses Gruenbacher Andreas SMB3 SMB3 natively uses Windows ACLs Implementing Implementing Samba: in ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
known this would allow local allow would known this kown mapping for POSIX POSIX kownmapping for
Does this cover ACL the mask ? Leave it to the client to sort out what that mapping means mapping that what out sort client to it the to Leave locally. is- well this mapping that Given Linux RichACL mapping to server. Get/Set ACL on Unix Extension handle could return “best “best return could ACL Get/Set on Unix Extension handle client. disk what is the of on to mapping effort” The The Solution ACL ? – – – –
Microsoft- has a well permissions mapped NFS their Windows into for ACLs implementation. Implementing Implementing Samba: in ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
month club and Solaris ? Solaris and monthclub the- -
of -
Make available to to Make VFS Gnome available users. Avoid SMB1 UNIX mistakesextensions like encryption the support. Extensions Extensions in Samba – –
What aboutWhat the BSD Eventually expose to libsmbclientby used library to Eventually expose Gnome applications like Nautilus browser). (file Feature set and behavior be agreed setFeature upon with must the Linux clientCIFSFS implementors. Prototyping will be done by adding calls to smbclient adding tocalls bydone Prototyping will be exercise cli_XXXX() new internal library) Samba (the to features in the server. ● ● ●
● Implementing Implementing the UNIX SMB3 This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
relevent
delete on a Unix Unix extensionsdelete on a handle the Details in Devil The How much of these are Samba Samba “implementationsare these How much of behavior” how protocolmany- are notes,
Recent issue – a previouslyby added streamscontaining named Windows crash. client server causedto the details? Interactions between different handles will have to be to have handleswill different between Interactions explicitly defined and documented. ● ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Don't repeat mistakes of SMB1 UNIX extensions Don't repeat mistakes of SMB1 Microsoft Azure Azure Microsoft SMB3 file server might easiestbe target as here it's a new implementation. This will be dependent on market demand for for Linux clients This will demand on market be dependent cloud. in a Windows
– – It's worth spending worth design gettingtimeright to the It's make this possible. Long term, to support Linux clients in a Windows cloud a in Linux clientssupport to Long term, up needing end support may server, Microsoftfile to extensions. UNIX SMB3
The The Success: of Definition Windows Windows Server ? support ● ● This image cannot currently be displayed. This image cannot Opening Windows to a Wider World
Questions Questions Comments and ?
Slides available at:
Email: [email protected] Email: This image cannot currently be displayed. This image cannot Opening Windows to a Wider World