summaryrefslogtreecommitdiff
path: root/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml')
-rw-r--r--docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml126
1 files changed, 118 insertions, 8 deletions
diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
index 36b61a98f9..882ee6af3f 100644
--- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
+++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml
@@ -31,14 +31,27 @@
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_smb_traffic_analyzer</command> VFS module logs
- client write and read operations on a Samba server and sends this data
- over a socket to a helper program, which feeds a SQL database. More
+ client file operations on a Samba server and sends this data
+ over a socket to a helper program (in the following the "Receiver"),
+ which feeds a SQL database. More
information on the helper programs can be obtained from the
homepage of the project at:
http://holger123.wordpress.com/smb-traffic-analyzer/
+ Since the VFS module depends on a receiver that is doing something with
+ the data, it is evolving in it's development. Therefore, the module
+ works with different protocol versions, and the receiver has to be able
+ to decode the protocol that is used. The protocol version 1 was
+ introduced to Samba at September 25, 2008. It was a very simple
+ protocol, supporting only a small list of VFS operations, and had
+ several drawbacks. The protocol version 2 is a try to solve the
+ problems version 1 had while at the same time adding new features.
</para>
- <para><command>vfs_smb_traffic_analyzer</command> currently is aware
- of the following VFS operations:</para>
+</refsect1>
+
+<refsect1>
+ <title>Protocol version 1 documentation</title>
+ <para><command>vfs_smb_traffic_analyzer</command> protocol version 1 is aware
+ of the following VFS operations:</para>
<simplelist>
<member>write</member>
@@ -72,9 +85,86 @@
</refsect1>
+<refsect1>
+ <title>Drawbacks of protocol version 1</title>
+ <para>Several drawbacks have been seen with protocol version 1 over time.</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <command>Problematic parsing - </command>
+ Protocol version 1 uses hyphen and comma to seperate blocks of data. Once there is a
+ filename with a hyphen, you will run into problems because the receiver decodes the
+ data in a wrong way.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>Insecure network transfer - </command>
+ Protocol version 1 sends all it's data as plaintext over the network.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>Limited set of supported VFS operations - </command>
+ Protocol version 1 supports only four VFS operations.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <command>No subreleases of the protocol - </command>
+ Protocol version 1 is fixed on it's version, making it unable to introduce new
+ features or bugfixes through compatible sub-releases.
+ </para>
+ </listitem>
+ </itemizedlist>
+</refsect1>
+<refsect1>
+ <title>Version 2 of the protocol</title>
+ <para>Protocol version 2 is an approach to solve the problems introduced with protcol v1.
+ From the users perspective, the following changes are most prominent among other enhancements:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The data from the module may be send encrypted, with a key stored in secrets.tdb. The
+ Receiver then has to use the same key. The module does AES block encryption over the
+ data to send.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The module now can identify itself against the receiver with a sub-release number, where
+ the receiver may run with a different sub-release number than the module. However, as
+ long as both run on the V2.x protocol, the receiver will not crash, even if the module
+ uses features only implemented in the newer subrelease. Ultimativly, if the module uses
+ a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
+ ignoring the functionality. Of course it is best to have both the receiver and the module
+ running the same subrelease of the protocol.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the
+ data packages in a proper way.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The module now potientially has the ability to create data on every VFS function. As of
+ protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite,
+ rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the
+ upcoming sub-releases.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
+ </para>
+
+</refsect1>
<refsect1>
- <title>OPTIONS</title>
+ <title>OPTIONS with protocol V1 and V2.x</title>
<variablelist>
@@ -111,7 +201,8 @@
<term>smb_traffic_analyzer:anonymize_prefix = STRING</term>
<listitem>
<para>The module will replace the user names with a prefix
- given by STRING and a simple hash number.
+ given by STRING and a simple hash number. In version 2.x
+ of the protocol, the users SID will also be anonymized.
</para>
</listitem>
@@ -125,7 +216,18 @@
smb_traffic_analyzer:anonymize_prefix, without generating
an additional hash number. This means that any transfer data
will be mapped to a single user, leading to a total
- anonymization of user related data.</para>
+ anonymization of user related data. In version 2.x of the
+ protocol, the users SID will also be anonymized.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>smb_traffic_analyzer:protocol_version = STRING</term>
+ <listitem>
+ <para>If STRING matches to V1 or is not given at all, the module
+ will use version 1 of the protocol. If STRING matches to "V2"
+ the module will use version 2 of the protocol.
+ </para>
</listitem>
</varlistentry>
@@ -134,6 +236,15 @@
<refsect1>
<title>EXAMPLES</title>
+ <para>Running protocol V2 on share "example_share", using an internet socket.</para>
+ <programlisting>
+ <smbconfsection name="[example_share]"/>
+ <smbconfoption name="path">/data/example</smbconfoption>
+ <smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
+ <smbconfoption name="smb_traffic_analyzer:protocol_version">V2</smbconfoption>
+ <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
+ <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
+ </programlisting>
<para>The module running on share "example_share", using a unix domain socket</para>
<programlisting>
@@ -183,5 +294,4 @@
<para>The original version of the VFS module and the
helper tools were created by Holger Hetterich.</para>
</refsect1>
-
</refentry>
generated by cgit (git 2.34.1) at 2024-07-09 21:53:09 +0000