Trouble avoiding CIFS errors

[mfavinsk]

I've been having a lot of trouble getting rid of the "CIFS message too long" error generated by my firewall. In researching this issue, I found many people achieved good results by increasing their asm_cifs_max_buffer. I increased this value to its maximum size and I still had the CIFS message too long issue.

The next thing I did was create a new service called "nbsession_none", where I set the protocol type to "None" and unchecked "Match for Any." I then created a rule above the previous netbios rule allowing nbsession_none connections to the specific server in question. I was still getting the CIFS message too long error, but now with the service of nbsession_none!

Finally, I changed the regular nbsession service Protocol type to "None." Now everything worked! It seems that even though my traffic was matching the nbsession_none service, somehow the Protocol type of the nbsession service was still being used for SD / AI processing.

My questions:

Since Tracker shows that the rule matched was for the nbsession_none service, why is there still CIFS SD / AI processing happening on the data?

Why did I have to change the Protocol Type of the nbsession service to finally make this work? Since the nbsession_none service is the one that got matched, why is the nbsession service getting involved at all?

Am I doing something wrong here? Is there some other way I should be doing this?

Thanks for your help everyone.