Ethereal-dev: Re: [Ethereal-dev] smb-browse
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 12 Jul 2001 15:11:09 -0700 (PDT)
> I tried to keep the functionality as close as possible to the original
> dissector, but there is one exception:
> I assume that every instance of a string for a ServerName is always exactly
> 16 characters (which might not
> be 0 terminated).
Nope.
In a Get Backup List response, there are multiple host names, *not*
padded to 16 characters, and NUL-terminated. One capture on the network
here showed that.
I've attached an old "PRELIMINARY DRAFT OF AN INTERNET-DRAFT" (yes, the
document says it's a draft of an Internet-Draft, using the word "draft"
twice; the document may or may not 100% accurately reflect what Windows
actually does), from the old CIFS mailing list, for the browser
protocol; for Get Backup List responses, it says
6.3 GetBackupListResponse Browser Frame
The GetBackupListResponse frame is sent by a Master Browser in response
to a GetBackupListRequest frame. If the GetBackupListRequest was sent
from the computer whose name is "ComputerName", the
GetBackupListResponse frame is sent to the ComputerName(00) NETBIOS
unique name and mailslot "\MAILSLOT\LANMAN". Note: this name is not part
of the request and the Master Browser needs to *deduce* this name with
some cooperation from the transport protocol involved. The definition
of the GetBackupListResponse frame is:
struct {
unsigned short OpCode;
unsigned short BackupServerCount;
unsigned short Token;
unsigned char BackupServerList[][]
}
where:
Opcode -- Identifies this structure as a backup list.
BackupServerCount -- Specifies the number of backup servers
that follow this list.
Token -- Is returned unmodified to the client. This is used by
the client to associate an incoming BackupListResponse
with its BackupListRequest.
BackupServerList -- ASCII backup servers. Each server name is
null terminated and up to 16 bytes in length.
"Up to 16 bytes" means "could be less than 16 bytes".
Network Working Group Paul J. Leach, Microsoft
INTERNET-DRAFT Dilip C. Naik, Microsoft
draft-leach-cifs-browser-spec-00.txt
Category: Informational
Expires June 10, 1997 January 10, 1997
CIFS/E Browser Protocol
Preliminary Draft
STATUS OF THIS MEMO
THIS IS A PRELIMINARY DRAFT OF AN INTERNET-DRAFT. IT DOES NOT REPRESENT
THE CONSENSUS OF ANY WORKING GROUP.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress".
To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
Distribution of this document is unlimited. Please send comments to the
authors or the CIFS mailing list at <cifs@xxxxxxxxxxxxxxxx>. Discussions
of the mailing list are archived at
<URL:http://microsoft.ease.lsoft.com/archives/cifs.html>.
ABSTRACT
The CIFS/E (CIFS extensions for enterprise networks) family of protocols
includes a protocol for browsing. Browsing is a mechanism for
discovering servers that are running particular services (not just CIFS
file services). Servers are organized into named groups called domains,
which form browsing scopes. This document specifies version 1.15 of the
browsing protocol. It also specifies the mailslot protocol, because the
browsing protocol depends on it (and is the only CIFS/E protocol which
does).
Leach, Naik [Page 1]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
Table of Contents
1. INTRODUCTION........................................................3
2. PREREQUISITES.......................................................3
3. BROWSER OVERVIEW....................................................3
4. BROWSING PROTOCOL ARCHITECTURE......................................5
4.1 LAYERING OF BROWSING PROTOCOL REQUESTS ...........................5
4.2 BROWSER CLIENT ...................................................7
4.3 NON-BROWSER SERVER ...............................................8
4.4 BROWSER SERVERS ..................................................8
4.4.1 Potential Browser Server ......................................8
4.4.2 Backup Browser ................................................9
4.4.3 Master Browser ................................................9
4.4.4 Domain Master Browser ........................................12
5. MAILSLOT PROTOCOL SPECIFICATION....................................12
6. BROWSER PROTOCOL SPECIFICATION.....................................12
6.1 NETBIOS NAME NOTATION ...........................................13
6.2 GETBACKUPLISTREQUEST BROWSER FRAME ..............................13
6.3 GETBACKUPLISTRESPONSE BROWSER FRAME .............................13
6.4 THE NETSERVERENUM2 RAP SERVICE ..................................14
6.4.1 Transaction Request Parameters section .......................15
6.4.2 Transaction Request Data section .............................16
6.4.3 Transaction Response Parameters section ......................16
6.4.4 Transaction Response Data section ............................16
6.5 HOSTANNOUNCEMENT BROWSER FRAME ..................................18
6.6 ANNOUNCEMENTREQUEST BROWSER FRAME ...............................19
6.7 REQUESTELECTION BROWSER FRAME ...................................19
6.8 BROWSER ELECTIONS ...............................................20
6.9 BECOMEBACKUP BROWSER FRAME ......................................21
6.10 LOCALMASTERANNOUNCEMENT BROWSER FRAME ..........................22
6.11 MASTERANNOUNCEMENT BROWSER FRAME ...............................23
6.12 DOMAINANNOUNCEMENT BROWSER FRAME ...............................23
7. REFERENCES.........................................................25
8. AUTHOR'S ADDRESSES.................................................25
9. APPENDIX A - MULTI-NET CONSIDERATIONS..............................25
Leach, Naik [Page 2]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
10. APPENDIX B - PRIMARY DOMAIN CONTROLLER LOCATION PROTOCOL..........25
11. APPENDIX C - SUMMARY OF SPECIAL NETBIOS NAMES.....................27
11.1 REGISTERED UNIQUE NAMES ........................................27
11.2 REGISTERED GROUP NAMES .........................................28
12. APPENDIX D - BROWSING PROTOCOL EVOLUTION..........................28
1. Introduction
The CIFS/E (CIFS extensions for enterprise networks) family of protocols
includes a protocol for "browsing". Browsing is a mechanism for
discovering servers that are running particular services (not just CIFS
file services). Servers are organized into named groups called
"domains", which form browsing scopes. This document specifies version
1.15 of the browsing protocol. It also specifies the mailslot protocol,
because the browsing protocol depends on it (and is the only CIFS/E
protocol which does).
This document uses the traditional RFC keywords MUST, SHOULD, etc., (now
documented in [Bradner 96]) to indicate requirement levels for
interoperability.
Note: This document is about CIFS/E browsers and has nothing to do
whatsoever with Web browsers such as Internet Explorer and Netscape
Navigator. This is a specification for persons interested in
implementing a browser server or client that can inter-operate with
other CIFS/E browsers and clients.
2. Prerequisites
. Familiarity with Common Internet File System specification (CIFS) in
general and the Transact2 SMB as well as Remote Administration
Protocol in particular [CIFS 96]
. Familiarity with concepts of subnets and NETBIOS [RFC 1001].
Additional information about browsing may be found in the MSDN articles
"Browsing and Windows 95" Parts I, II and III. These articles cover
considerations for browser deployment, especially in a WAN environment.
3. Browser Overview
Hosts involved in the browsing process can be separated into two
distinct groups, browser clients and browser servers (often referred to
simply as "browsers").
A browser is a server which maintains information about servers -
primarily the domain they are in and the services that they are running
- and about domains. Browsers may assume several different roles in
their lifetimes, and dynamically switch between them.
Leach, Naik [Page 3]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
Browser clients are of two types: workstations and (non-browser)
servers. In the context of browsing, workstations query browsers for the
information they contain; servers supply browsers the information by
registering with them. Note that, at times, browsers may themselves
behave as browser clients and query other browsers.
For the purposes of this specification, a domain is simply a name with
which to associate a group of resources such as computers, servers and
users. Domains allow a convenient means for browser clients to restrict
the scope of a search when they query browser servers. Every domain has
a "master" server called the Primary Domain Controller (PDC) that
manages various activities within the domain.
One browser for each domain on a subnet is designated the Local Master
Browser for that domain. Servers in its domain on the subnet register
with it, as do the Local Master Browsers for other domains on the
subnet. It uses these registrations to maintain authoritative
information about its domain on its subnet. If there are other subnets
in the network, it also knows the name of the server running the
domain's Domain Master Browser; it registers with it, and uses it to
obtain information about the rest of the network (see below).
Clients on a subnet query browsers designated as the Backup Browsers for
the subnet (not the Master Browser). Backup Browsers maintain a copy of
the information on the Local Master Browser; they get it by periodically
querying the Local Master Browser for all of its information. Clients
find the Backup Browsers by asking the Local Master Browser. Clients are
expected to spread their queries evenly across Backup Browsers to
balance the load.
The Local Master Browser is dynamically elected automatically. Multiple
Backup Browser Servers may exist per subnet; they are selected from
among the potential browser servers by the Local Master Browser, which
is configured to select enough to handle the expected query load.
When the re are multiple subnets, a Domain Master Browser is assigned
the task of keeping the multiple subnets in synchronization. The Primary
Domain Controller (PDC) always acts as the Domain Master Browser. The
Domain Master Browser periodically acts as a client and queries all the
Local Master Browsers for its domain, asking them for a list containing
all the domains and all the servers in their domain known within their
subnets; it merges all the replies into a single master list. This
allows a Domain Master Browser server to act as a collection point for
inter-subnet browsing information. Local Master Browsers periodically
query the Domain Master Browser to retrieve the network-wide information
it maintains.
When a domain spans only a single subnet, there will not be any distinct
Local Master Browser; this role will be handled by the Domain Master
Browser. Similarly, the Domain Master Browser is always the Local Master
Browser for the subnet it is on.
Leach, Naik [Page 4]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
When a browser client suspects that the Local Master Browser has failed,
the client will instigate an election in which the browser servers
participate, and some browser servers may change roles.
Some characteristics of a good browsing mechanism include:
. minimal network traffic
. minimum server discovery time
. minimum change discovery latency
. immunity to machine failures
Historically, Browser implementations had been very closely tied to
NETBIOS and datagrams. The early implementations caused a lot of
broadcast traffic. See Appendix D for an overview that presents how the
Browser specification evolved.
4. Browsing Protocol Architecture
This section first describes the how the browsing protocol is layered,
then describes the roles of clients, servers, and browsers in the
browsing subsystem.
4.1 Layering of Browsing Protocol Requests
Most of the browser functionality is implemented using mailslots.
Mailslots provide a mechanism for fast, unreliable unidirectional data
transfer; they are named via ASCII "mailslot (path) name". Mailslots are
implemented using the CIFS Transact SMB which is encapsulated in a
NETBIOS datagram. Browser protocol requests are sent to browser specific
mailslots using some browser-specific NETBIOS names. These datagrams can
either be unicast or broadcast, depending on whether the NETBIOS name is
a "unique name" or a "group name". Various data structures, which are
detailed subsequently within this document, flow as the data portion of
the Transact SMB.
Here is an example of a generic browser SMB, showing how a browser
request is encapsulated in a TRANSACT SMB request. Note that the PID,
TID, MID, UID, and Flags are all 0 in mailslot requests.
Leach, Naik [Page 5]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
SMB: C transact, File = \MAILSLOT\BROWSE
SMB: SMB Status = Error Success
SMB: Error class = No Error
SMB: Error code = No Error
SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
SMB: Tree ID (TID) = 0 (0x0)
SMB: Process ID (PID) = 0 (0x0)
SMB: User ID (UID) = 0 (0x0)
SMB: Multiplex ID (MID) = 0 (0x0)
SMB: Flags Summary = 0 (0x0)
SMB: Command = C transact
SMB: Word count = 17
SMB: Word parameters
SMB: Total parm bytes = 0
SMB: Total data bytes = 33
SMB: Max parm bytes = 0
SMB: Max data bytes = 0
SMB: Max setup words = 0
SMB: Transact Flags Summary = 0 (0x0)
SMB: ...............0 = Leave session intact
SMB: ..............0. = Response required
SMB: Transact timeout = 0 (0x0)
SMB: Parameter bytes = 0 (0x0)
SMB: Parameter offset = 0 (0x0)
SMB: Data bytes = 33 (0x21)
SMB: Data offset = 86 (0x56)
SMB: Setup word count = 3
SMB: Setup words
SMB: Mailslot opcode = Write mailslot
SMB: Transaction priority = 1
SMB: Mailslot class = Unreliable (broadcast)
SMB: Byte count = 50
SMB: Byte parameters
SMB: Path name = \MAILSLOT\BROWSE
SMB: Transaction data
SMB: Data: Number of data bytes remaining = 33 (0x0021)
Note the SMB command is Transact, the opcode within the Transact SMB is
Mailslot Write, and the browser data structure is carried as the
Transact data.
The Transaction data begins with an opcode, that signifies the operation
and determines the size and structure of data that follows. This opcode
is named as per one of the below:
HostAnnouncement 1
AnnouncementRequest 2
RequestElection 8
GetBackupListReq 9
GetBackupListResp 10
BecomeBackup 11
DomainAnnouncment 12
MasterAnnouncement 13
LocalMasterAnnouncement 15
Leach, Naik [Page 6]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
Browser datagrams are often referred to as simply browser frames. The
frames are in particular, referred to by the name of the opcode within
the Transaction data e.g. a GetBackupListReq browser frame, a
RequestElection browser frame, etc.
The structures that are sent as the data portion of the Transact SMB are
described in section(s) 6.2 through 6.12 in this document. These
structures are tightly packed, i.e. there are no intervening pad bytes
in the structure, unless they are explicitly described as being there.
All quantities are sent in native Intel format and multi-byte values are
transmitted least significant byte first.
Besides mailslots and Transaction SMBs, the other important piece of the
browser architecture is the NetServerEnum2 request. This request that
allows an application to interrogate a Browser Server and obtain a
complete list of resources (servers, domains, etc) known to that Browser
server. Details of the NetServerEnum2 request are presented in section
6.4. Some examples of the NetServerEnum2 request being used are when a
Local Master Browser sends a NetServerEnum2 request to the Domain Master
Browser and vice versa. Another example is when a browser client sends a
NetServerEnum2 request to a Backup Browser server.
4.2 Browser Client
A browser client is a system running applications which may wish to
query for a list of servers for a particular domain (often its own) or a
list of all the domains in the network. (For example, such an
application is launched when a user clicks on the Network Neighborhood
icon on a Windows machine.) A browser client may send a NetServerEnum2
request (see section 6.4) to any Backup Browser serving that domain to
obtain such information.
A browser client SHOULD keep a list of a few Backup Browsers for its own
domain; it MAY cache lists of Backup Browsers for other domains if it
browses them frequently, or it may obtain them upon demand. The
objective is to minimize the cost of locating Backup Browsers each time
it wants to make a NetServerEnum2 request.
A browser client SHOULD distribute its NetServerEnum2 requests randomly
among all the Backup Browsers for a domain in its list. The objective is
to enable multiple Backup Browsers to effectively handle high browsing
loads.
A browser client can locate browser servers for the domain it wants to
browse by sending a GetBackupListRequest frame to the Local Master
Browser for that domain and waiting for a GetBackupListResponse frame.
See section 6.2 and section 6.3, respectively. Once the Local Master
Browser server responds with a list of Backup Browser servers, the
client should choose several at random from within the response, and
cache them. If there is no response after a delay, the
GetBackupListRequest frame may be retransmitted. The delay MUST be at
least twice the expected service time, and the delay should be doubled
after each time-out.
Leach, Naik [Page 7]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
A browser client SHOULD force an election by sending a RequestElection
frame (see section 6.7) if it does not get a response to a
GetBackupListRequest for its own domain after several retransmissions,
since it must be assumed that the Local Master browser has crashed.
Details of the election process are in sections 6.7 and 6.8.
A browser client that wants to issue a NetServerEnum2 request to query a
domain other than its own MAY send the request to any Backup Browser in
its domain if it is unable to locate Backup Browsers for the other
domain (there may be none on its subnet).
4.3 Non-Browser Server
A non-browser server is a server that has some resource(s) or service(s)
it wishes to advertise as being available using the browsing protocol.
Examples of non-browser servers would be an SQL server, print server,
etc.
A non-browser server MUST periodically send a HostAnnouncement browser
frame, specifying the type of resources or services it is advertising.
Details are in section 6.5.
A non-browser server SHOULD announce itself relatively frequently when
it first starts up in order to make its presence quickly known to the
browsers and thence to potential clients. The frequency of the
announcements SHOULD then be gradually stretched, so as to minimize
network traffic. Typically, non-browser servers announce themselves
once every minute upon start up and then gradually adjust the frequency
of the announcements to once every 12 minutes.
A non-browser server SHOULD send a HostAnnouncement browser frame
specifying a type of 0 just prior to shutting down, to allow it to
quickly be removed from the list of available servers.
A non-browser server MUST receive and process AnnouncementRequest frames
from the Local Master Browser, and MUST respond with a HostAnnouncement
frame, after a delay chosen randomly from the interval [0,30] seconds.
AnnouncementRequests typically happen when a Local Master Browser starts
up with an empty list of servers for the domain, and wants to fill it
quickly. The 30 second range for responses prevents the Master Browser
from becoming overloaded and losing replies, as well as preventing the
network from being flooded with responses.
4.4 Browser Servers
The following sections describe the roles of the various types of
browser servers.
4.4.1 Potential Browser Server
A Potential Browser server is a browser server that is capable of being
a Backup Browser server or Master Browser server, but is not currently
fulfilling either of those roles.
Leach, Naik [Page 8]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
A Potential Browser MUST set type SV_TYPE_POTENTIAL_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of 0.
A Potential Browser server MUST receive and process BecomeBackup frames
(see section 6.9) and become a backup browser upon their receipt.
A Potential Browser MUST participate in browser elections (see section
6.8).
4.4.2 Backup Browser
Backup Browser servers are a subset of the Potential Browsers that have
been chosen by the Master Browser on their subnet to be the Backup
Browsers for the subnet.
A Backup Browser MUST set type SV_TYPE_BACKUP_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of 0.
A Backup Browser MUST listen for a LocalMasterAnnouncement frame (see
section 6.10) from the Local Master Browser, and use it to set the name
of the Master Browser it queries for the server and domain lists.
A Backup Browsers MUST periodically make a NetServerEnum2 request of
the Master Browser on its subnet for its domain to get a list of servers
in that domain, as well as a list of domains. The period is a
configuration option balancing currency of the information with network
traffic costs - a typical value is 15 minutes.
A Backup Browser SHOULD force an election by sending a RequestElection
frame (see section 6.7) if it does not get a response to its periodic
NetServeEnum2 request to the Master Browser.
A Backup Browser MUST receive and process NetServerEnum2 requests from
browser clients, for its own domain and others. If the request is for a
list of servers in its domain, or for a list of domains, it can answer
from its internal lists. If the request is for a list of servers in a
domain different than the one it serves, it sends a NetServerEnum2
request to the Domain Master Browser for that domain (which it can in
find in its list of domains and their Domain Master Browsers).
A Backup Browser MUST participate in browser elections (see section
6.8).
4.4.3 Master Browser
Master Browsers are responsible for:
. indicating it is a Master Browser
. receiving server announcements and building a list of such servers
and keeping it reasonably up-to-date.
Leach, Naik [Page 9]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
. returning lists of Backup Browsers to browser clients.
. ensuring an appropriate number of Backup Browsers are available.
. announcing their existence to other Master Browsers on their subnet,
to the Domain Master Browser for their domain, and to all browsers in
their domain on their subnet
. forwarding requests for lists of servers on other domains to the
Master Browser for that domain
. keeping a list of domains in its subnet
. synchronizing with the Domain Master Browser (if any) for its domain
. participating in browser elections
. ensuring that there is only one Master Browser on its subnet
A Master Browser MUST set type SV_TYPE_MASTER_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of 0.
A Master Browser MUST receive and process HostAnnouncement frames from
servers, adding the server name and other information to its servers
list; it must mark them as "local" entries. Periodically, it MUST check
all local server entries to see if a server's HostAnnouncement has timed
out (no HostAnnouncement received for three times the periodicity the
server gave in the last received HostAnnouncement) and remove timed-out
servers from its list.
A Master Browser MUST receive and process DomainAnnouncement frames (see
section 6.12) and maintain the domain names and their associated (Local)
Master Browsers in its internal domain list until they time out; it must
mark these as "local" entries. Periodically, it MUST check all local
domain entries to see if a server's DomainAnnouncement has timed out (no
DomainAnnouncement received for three times the periodicity the server
gave in the last received DomainAnnouncement) and remove timed-out
servers from its list.
A Master Browser MUST receive and process GetBackupListRequest frames
from clients, returning GetBackupListResponse frames containing a list
of the Backup Servers for its domain.
A Master Browser MUST eventually send BecomeBackup frames (see section
6.9) to one or more Potential Browser servers to increase the number of
Backup Browsers if there are not enough Backup Browsers to handle the
anticipated query load. Note: possible good times for checking for
sufficient backup browsers are after being elected, when timing out
server HostAnnouncements, and when receiving a server's HostAnnouncement
for the first time.
A Master Browser MUST periodically announce itself and the domain it
serves to other (Local) Master Browsers on its subnet, by sending a
DomainAnnouncement frame (see section 6.12) to its subnet.
A Master Browser MUST send a MasterAnnouncement frame (see section 6.11)
to the Domain Master Browser after it is first elected, and periodically
thereafter. This informs the Domain Master Browser of the presence of
all the Master Browsers.
Leach, Naik [Page 10]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
A Master Browser MUST periodically announce itself to all browsers for
its domain on its subnet by sending a LocalMasterAnnouncement frame (see
section 6.10).
A Master Browser MUST receive and process NetServerEnum2 requests from
browser clients, for its own domain and others. If the request is for a
list of servers in its domain, or for a list of domains, it can answer
from its internal lists. Entries in its list marked "local" MUST have
the SV_TYPE_LOCAL_LIST_ONLY bit set in the returned results; it must be
clear for all other entries. If the request is for a list of servers in
a domain different than the one it serves, it sends a NetServerEnum2
request to the Domain Master Browser for that domain (which it can in
find in its list of domains and their Domain Master Browsers).
Note: The list of servers that the Master Browser maintains and
returns to the Backup Browsers, is limited in size to 64K of
data. This will limit the number of systems that can be in a
browse list in a single workgroup or domain to approximately two
thousand systems.
A Master Browser SHOULD request all servers to register with it by
sending an AnnouncementRequest frame, if, on becoming the Master Browser
by winning an election, its server list is empty. Otherwise, clients
might get an incomplete list of servers until the servers' periodic
registrations fill the server list.
If the Master Browser on a subnet is not the Primary Domain Controller
(PDC), then it is a Local Master Browser.
A Local Master Browser MUST periodically synchronize with the Domain
Master Browser (which is the PDC). This synchronization is performed by
making a NetServerEnum2 request to the Domain Master Browser and merging
the results with its list of servers and domains. An entry from the
Domain Master Browser should be marked "non-local", and must not
overwrite an entry with the same name marked "local". The Domain Master
Browser is located as specified in Appendix B.
A Master Browser MUST participate in browser elections (see section
6.8).
A Master Browser MUST, if it receives a HostAnnouncement,
DomainAnnouncement, or LocalMasterAnnouncement frame another system that
claims to be the Master Browser for its domain, demote itself from
Master Browser and force an election. This ensures that there is only
ever one Master Browser in each workgroup or domain.
A Master Browser SHOULD, if it loses an election, become a Backup
Browser (without being told to do so by the new Master Browser). Since
it has more up-to-date information in its lists than a Potential
Browser, it is more efficient to have it be a Backup Browser than to
promote a Potential Browser.
Leach, Naik [Page 11]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
4.4.3.1 Preferred Master Browser
A Preferred Master Browser supports exactly the same protocol elements
as a Potential Browser, except as follows.
A Preferred Master Browser MUST always force an election when it starts
up.
A Preferred Master Browser MUST participate in browser elections (see
section 6.8).
A Preferred Master Browser MUST set the Preferred Master bit in the
RequestElection frame (see section 6.7) to bias the election in its
favor.
A Preferred Master Browser SHOULD, if it loses an election,
automatically become a Backup Browser, without being told to do so by
the Master Browser.
4.4.4 Domain Master Browser
Since the Domain Master Browser always runs on the PDC, it must
implement all the protocols required of a PDC in addition to the
browsing protocol, and that is way beyond the scope of this
specification.
5. Mailslot Protocol Specification
The only transaction allowed to a mailslot is a mailslot write. Mailslot
writes requests are encapsulated in TRANSACT SMBs. The following table
shows the interpretation of the TRANSACT SMB parameters for a mailslot
transaction:
Name Value Description
Command SMB_COM_TRANSACTION
Name <name> STRING name of mail slot to write;
must start with "\MAILSLOT\"
SetupCount 3 Always 3 for mailslot writes
Setup[0] 1 Command code == write mailslot
Setup[1] Ignored
Setup[2] Ignored
TotalDataCount n Size of data in bytes to write to
the mailslot
Data[ n ] The data to write to the mailslot
6. Browser Protocol Specification
As already explained, browser datagrams are also referred to as Browser
frames. What distinguishes one browser datagram from another is the
opcode that is carried as the data portion of the Transact SMB, the
mailslot and the NETBIOS name the browser datagram is sent to. Browser
frames are often referred to by the opcode that is within the data
portion of the Transact SMB. The following sections describe the various
Browser frames.
Leach, Naik [Page 12]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
6.1 NETBIOS Name Notation
NAME(xx) denotes the ASCII string "NAME," padded with spaces (0x20) to
15 bytes, with a hex xx value in the 16th byte. For example, the
notation FOOBAR(15) indicates a NETBIOS name consisting of the bytes:
[69,79,79,65,64,82,20,20,20,20,20,20,20,20,20, 15]
Names that are placeholders and that need to be substituted with their
actual values are bracketed within <>. Thus the string <Domain> would
become "Redmond" if the domain under consideration is named "Redmond".
Details of the various NETBIOS names used for browsing are described in
Appendix C.
6.2 GetBackupListRequest Browser Frame
The GetBackupListRequest frame is sent by a browser client to any Master
Browser for a domain to allow the client to learn the identities of
Backup Browsers. To get the list of Backup Browsers for domain "D", the
GetBackupListRequest browser frame is sent on mailslot
"\MAILSLOT\MSBROWSE" and to NETBIOS unique names D(1d) and D(1b). (The
frame is sent simultaneously to both NETBIOS names; the first response
is used.) The definition of the GetBackupListRequest frame is:
struct {
unsigned short OpCode;
unsigned short Token;
}
where :
OpCode identifies this structure as a request to return a list of Backup
servers. Opcode is defined as GetBackupListRequest and has a value of
decimal 9.
Token is a handle of meaning only to the client issuing the browser
frame. The Local Master Browser will return this token unmodified in the
response. The client should use this to distinguish replies to multiple
outstanding GetBackupList requests. This implies that every
GetBackupListRequest should have an unique handle, at least within the
outstanding lifetime of a request.
The expected response is a GetBackupListResponse frame (see next
section).
6.3 GetBackupListResponse Browser Frame
The GetBackupListResponse frame is sent by a Master Browser in response
to a GetBackupListRequest frame. If the GetBackupListRequest was sent
from the computer whose name is "ComputerName", the
GetBackupListResponse frame is sent to the ComputerName(00) NETBIOS
unique name and mailslot \MAILSLOT\LANMAN. Note: this name is not part
of the request and the Master Browser needs to *deduce* this name with
some cooperation from the transport protocol involved. The definition
of the GetBackupListResponse frame is:
Leach, Naik [Page 13]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
struct {
unsigned short OpCode;
unsigned short BackupServerCount;
unsigned short Token;
unsigned char BackupServerList[][]
}
where:
Opcode - Identifies this structure as a backup list.
BackupServerCount - Specifies the number of backup servers
that follow this list.
Token - Is returned unmodified to the client. This is used by
the client to associate an incoming BackupListResponse
with its BackupListRequest.
BackupServerList - ASCII backup servers. Each server name is
null terminated and up to 16 bytes in length.
6.4 The NetServerEnum2 RAP Service
The NetServerEnum2 RAP service lists all computers of the specified type
or types that are visible in the specified domains. It may also
enumerate domains.
The following definition uses the notation and terminology defined in
the CIFS Remote Administration Protocol specification, which is required
in order to make it well-defined. The definition is:
unsigned short NetServerEnum2 (
unsigned short sLevel,
RCVBUF pbBuffer,
RCVBUFLEN cbBuffer,
ENTCOUNT pcEntriesRead,
unsigned short *pcTotalAvail,
unsigned long fServerType,
char *pszDomain,
);
where:
sLevel specifies the level of detail (0 or 1) requested.
pbBuffer points to the buffer to receive the returned data. If the
function is successful, the buffer contains a sequence of
server_info_x structures, where x is 0 or 1, depending on the
level of detail requested.
cbBuffer specifies the size, in bytes, of the buffer pointed to by
the pbBuffer parameter.
Leach, Naik [Page 14]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
pcEntriesRead points to a 16 bit variable that receives a count of
the number of servers enumerated in the buffer. This count is
valid only if NetServerEnum2 returns the NERR_Success or
ERROR_MORE_DATA values.
pcTotal Avail points to a 16 bit variable that receives a count of
the total number of available entries. This count is valid only if
NetServerEnum2 returns the NERR_Success or ERROR_MORE_DATA values.
fServerType specifies the type or types of computers to enumerate.
Computers that match at least one of the specified types are
returned in the buffer. Possible values are defined in the request
parameters section.
pszDomain points to a null-terminated string that contains the
name of the workgroup in which to enumerate computers of the
specified type or types. If the pszDomain parameter is a null
string or a null pointer, servers are enumerated for the current
domain of the computer.
6.4.1 Transaction Request Parameters section
The Transaction request parameters section in this instance contains:
. The 16 bit function number for NetServerEnum2 which is 104.
. The parameter descriptor string which is "WrLehDz".
. The data descriptor string for the (returned) data which is "B16" for
level detail 0 or "B16BBDz" for level detail 1.
. The actual parameters as described by the parameter descriptor
string.
The parameters are:
. A 16 bit integer with a value of 0 or 1 (corresponding to the "W" in
the parameter descriptor string. This represents the level of detail
the server is expected to return
. A 16 bit integer that contains the size of the receive buffer.
. A 32 bit integer that represents the type of servers the function
should enumerate. The possible values may be any of the following or
a combination of the following:
SV_TYPE_WORKSTATION 0x00000001 All workstations
SV_TYPE_SERVER 0x00000002 All servers
SV_TYPE_SQLSERVER 0x00000004 Any server running with SQL
server
SV_TYPE_DOMAIN_CTRL 0x00000008 Primary domain controller
SV_TYPE_DOMAIN_BAKCTRL 0x00000010 Backup domain controller
SV_TYPE_TIME_SOURCE 0x00000020 Server running the timesource
service
SV_TYPE_AFP 0x00000040 Apple File Protocol servers
SV_TYPE_NOVELL 0x00000080 Novell servers
SV_TYPE_DOMAIN_MEMBER 0x00000100 Domain Member
SV_TYPE_PRINTQ_SERVER 0x00000200 Server sharing print queue
SV_TYPE_DIALIN_SERVER 0x00000400 Server running dialin service.
SV_TYPE_XENIX_SERVER 0x00000800 Xenix server
SV_TYPE_NT 0x00001000 NT server
Leach, Naik [Page 15]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
SV_TYPE_WFW 0x00002000 Server running Windows for
Workgroups
SV_TYPE_SERVER_NT 0x00008000 Windows NT non DC server
SV_TYPE_POTENTIAL_BROWSER 0x00010000 Server that can run the browser
service
SV_TYPE_BACKUP_BROWSER 0x00020000 Backup browser server
SV_TYPE_MASTER_BROWSER 0x00040000 Master browser server
SV_TYPE_DOMAIN_MASTER 0x00080000 Domain Master Browser server
SV_TYPE_LOCAL_LIST_ONLY 0x40000000 Enumerate only entries marked
"local"
SV_TYPE_DOMAIN_ENUM 0x80000000 Enumerate Domains. The pszDomain
parameter must be NULL.
. A null terminated ASCII string representing the pszDomain parameter
described above
6.4.2 Transaction Request Data section
There is no data or auxiliary data to send as part of the request.
6.4.3 Transaction Response Parameters section
The transaction response parameters section consists of:
. A 16 bit word indicating the return status. The possible values are:
Code Value Description
NERR_Success 0 No errors encountered
ERROR_MORE_DATA 234 Additional data is available
NERR_ServerNotStarted 2114 The RAP service on the remote computer
is not running
NERR_BadTransactConfig 2141 The server is not configured for
transactions, IPC$ is not shared
. A 16 bit "converter" word.
. A 16 bit number representing the number of entries returned.
. A 16 bit number representing the total number of available entries.
If the supplied buffer is large enough, this will equal the number of
entries returned.
6.4.4 Transaction Response Data section
The return data section consists of a number of SHARE_INFO_1 structures.
The number of such structures present is determined by the third entry
(described above) in the return parameters section.
At level detail 0, the Transaction response data section contains a
number of SERVER_INFO_0 data structure. The number of such structures is
equal to the 16 bit number returned by the server in the third parameter
in the Transaction response parameter section. The SERVER_INFO_0 data
structure is defined as:
Leach, Naik [Page 16]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
struct SERVER_INFO_0 {
char sv0_name[16];
};
where:
sv0_name is a null-terminated string that specifies the name of a
computer or domain .
At level detail 1, the Transaction response data section contains a
number of SERVER_INFO_1 data structure. The number of such structures is
equal to the 16 bit number returned by the server in the third parameter
in the Transaction response parameter section. The SERVER_INFO_1 data
structure is defined as:
struct SERVER_INFO_1 {
char sv1_name[16];
char sv1_version_major;
char sv1_version_minor;
unsigned long sv1_type;
char *sv1_comment_or_master_browser;
};
sv1_name contains a null-terminated string that specifies the name
of a computer, or a domain name if SV_TYPE_DOMAIN_ENUM is set in
sv1_type.
sv1_version_major whatever was specified in the HostAnnouncement
or DomainAnnouncement frame with which the entry was registered.
sv1_version_minor whatever was specified in the HostAnnouncement
or DomainAnnouncement frame with which the entry was registered.
sv1_type specifies the type of software the computer is running.
The member can be one or a combination of the values defined above
in the Transaction request parameters section for fServerType.
sv1_comment_or_master_browser points to a null-terminated string. If
the sv1_type indicates that the entry is for a domain, this
specifies the name of server running the domain master browser;
otherwise, it specifies a comment describing the server. The comment
can be a null string or the pointer may be a null pointer.
In case there are multiple SERVER_INFO_1 data structures to
return, the server may put all these fixed length structures in
the return buffer, leave some space and then put all the variable
length data (the actual value of the sv1_comment strings) at the
end of the buffer.
There is no auxiliary data to receive.
Leach, Naik [Page 17]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
6.5 HostAnnouncement Browser Frame
To advertise its presence, i.e. to publish itself as being available, a
non-browser server sends a HostAnnouncement browser frame. If the server
is a member of domain "D", this frame is sent to the NETBIOS unique name
D(1d) and mailslot "\MAILSLOT\MSBROWSE". The definition of the
HostAnnouncement frame is:
struct {
unsigned short Opcode;
unsigned char UpdateCount;
unsigned long Periodicity;
unsigned char ServerName[];
unsigned char VersionMajor;
unsigned char VersionMinor;
unsigned long Type;
unsigned long Signature;
unsigned char Comment[];
}
where:
Opcode - Identifies this structure as a browser server
announcement and is defined as HostAnnouncement with a
value of decimal 1.
UpdateCount - must be sent as zero and ignored on receipt.
Periodicity - The announcement frequency of the server (in
seconds). The server will be removed from the browse list
if it has not been heard from in 3X its announcement
frequency. In no case will the server be removed from the
browse list before the period 3X has elapsed. Actual
implementations may take more than 3X to actually remove
the server from the browse list.
ServerName - Null terminated ASCII server name (up to 16 bytes
in length).
VersionMajor - The major version number of the OS the server
is running. it will be returned by NetServerEnum2.
VersionMinor - The minor version number of the OS the server
is running. This is entirely informational and does not
have any significance for the browsing protocol.
Type - Specifies the type of the server. The server type bits
are specified in the NetServerEnum2 section.
Signature - The browser protocol minor version number in the
low 8 bits, the browser protocol major version number in
the next higher 8 bits and the signature 0xaa55 in the
high 16 bits of this field. Thus, for this version of the
browser protocol (1.15) this field has the value
0xaa55010f. This may used to isolate browser servers that
Leach, Naik [Page 18]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
are running out of revision browser software; otherwise,
it is ignored.
Comment - Null terminated ASCII comment for the server.
Limited to 43 bytes.
When a non-browser server starts up, it announces itself in the manner
described once every minute. The frequency of these statements is
gradually stretched to once every 12 minutes.
Note: older non-browser servers in a domain "D" sent HostAnnouncement
frames to the NETBIOS group name D(00). Non-Browser servers supporting
version 1.15 of the browsing protocol SHOULD NOT use this NETBIOS name,
but for backwards compatibility Master Browsers MAY receive and process
HostAnnouncement frames on this name as described above for D(1d).
6.6 AnnouncementRequest Browser Frame
When a Master Browser starts up and its browse list is empty, it may
force all servers to announce themselves by broadcasting an
AnnouncementRequest frame. If the Master Browser serves domain "D", the
AnnouncementRequest frame is broadcast using the NETBIOS group name
D(00) and mailslot "\MAILSLOT\LANMAN". The definition of the
AnnouncementRequest frame is:
struct {
unsigned short Opcode;
unsigned char ResponseComputerName[];
};
Opcode - Identifies this structure as an announcement request
and is defined as AnnounceMent Request with a value of
decimal 2.
ResponseComputerName - Specifies the name of the computer to
send the server announcement to and is up to 16 bytes in
length. This is ignored . The response to this browser
frame is a HostAnnouncement browser frame as described
immediately above. That browser frame does not use this
parameter at all.
Recipients of this packet should reply by sending an HostAnnouncement
frame as described above. The reply should be sent within a randomly
determined time period that may have a duration of up to 30 seconds. The
random delay ensures that the Master Browser who sent out the packet
does not get flooded with replies, all at the same time.
6.7 RequestElection Browser Frame
To force the election of a new Master Browser for a domain, any browser
client or server can broadcast a RequestElection frame. If the election
is for domain "D", the frame is broadcast using the NETBIOS group name
D(1e) and mailslot "\MAILSLOT\MSBROWSE". The definition of the
RequestElection frame is:
Leach, Naik [Page 19]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
struct {
unsigned short Opcode;
unsigned char Version;
unsigned long Criteria;
unsigned long TimeUp;
unsigned long MustBeZero;
unsigned char ServerName[];
}
Opcode - Identifies this structure as an election request, and is
defined as RequestElection, with a value of decimal 8.
Version - Specifies the version of this election packet. This is a
constant and always has the value 0x00010f00
Criteria - Specifies the election criteria of the sender. Produced
by OR'ing together the Version and the following:
OS info:
Windows for Workgroups & Windows 95: 0x00000000
Windows NT: 0x01000000
Windows NT Server: 0x02000000
Role:
PDC: 0x00000080
Preferred Master: 0x00000008
Running Master: 0x00000004
Backup Browser which was
recently a Master Browser: 0x00000002
Running Backup Browser: 0x00000001
Using NBNS for NETBIOS: 0x00000020
The following masks can be used to isolate parts of the Criteria:
Operating System Type Mask 0xFF000000
Election Protocol Version Mask: 0x00FFFF00
Per version criteria mask: 0x000000FF
TimeUp - The number of seconds that the server has been up.
MustBeZero- Must be zero.
ServerName - Null terminated ASCII server name (up to 16 bytes in
length).
6.8 Browser Elections
All browsers for a domain "D" MUST listen for RequestElection frames on
the group name D(1e) and mailslot "\MAILSLOT\MSBROWSE".
Leach, Naik [Page 20]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
Elections proceed in rounds. A round is initiated when a RequestElection
frame is sent. When a Browser receives a RequestElection frame, it
determines if it has won the round using the following rules:
If it has lost an election in the last several seconds, it loses
If its election Version is greater than the senders election
Version, it wins
Else if its election Criteria (including the election version)
is greater than the senders Criteria, it wins
Else if it has been up longer than the sender, it wins
Else if its name is lexically lower than the sender's name, it
wins
(I.e., at this point, a sever named A will become Master
Browser over a server named X)
(Note that many browsers which receive a RequestElection frame may win a
round.)
Each time it wins a round, a browser sends out a RequestElection frame,
after a delay based on the browser's current role in the domain:
. Master Browsers and Domain Master Browsers delay for 100 ms.
. Backup Browsers delay for an amount randomly chosen from the interval
200-600 ms.
. All other browsers delay for an amount randomly chosen from the
interval 800-3000 ms.
If a browser loses a round it drops out of the election by ignoring
RequestElection frames until it receives a LocalMasterAnnouncement frame
that tells which system is the new Master Browser.
If a browser wins 4 rounds in a row, it becomes the Master Browser.
6.9 BecomeBackup Browser Frame
If a Local Master Browser for a domain "D" wants to promote a Potential
Browser to Backup Browser, it broadcasts a BecomeBackup frame using the
NETBIOS group name D(1e) and the "\MAILSLOT\MSBROWSE" mailslot. The
definition of the BecomeBackup frame is:
struct {
unsigned short Opcode;
unsigned char BrowserToPromote[];
}
Opcode - Identifies this structure as a browser server
announcement, is defined as BecomeBackup, with a value of
decimal 11
BrowserToPromote - Specifies the name of the browser server to
be promoted to backup. Maximum of 16 bytes in length.
Leach, Naik [Page 21]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
6.10 LocalMasterAnnouncement Browser Frame
A Local Master Browser for a domain announces itself to all the other
browsers in its domain that are on its subnet using the
LocalMasterAnnouncement frame. If the Local Master Browser serves domain
"D", the LocalMasterAnnouncement frame is broadcast using the NETBIOS
group name D(1e) and the mailslot "\MAILSLOT\MSBROWSE". The definition
of the LocalMasterAnnouncement frame is:
struct {
unsigned short Opcode;
unsigned char UpdateCount;
unsigned long Periodicity;
unsigned char ServerName[];
unsigned char VersionMajor;
unsigned char VersionMinor;
unsigned long Type;
unsigned long Signature;
unsigned char Comment[];
}
where:
Opcode - Identifies this structure as a browser server
announcement and is defined as LocalMasterAnnouncement
with a value of decimal 15.
UpdateCount - must be sent as zero and ignored on receipt.
Periodicity - The announcement frequency of the browser (in
seconds). The browser will be removed from the browse list
if it has not been heard from in 3X its announcement
frequency. In no case will the server be removed from the
browse list before the period 3X has elapsed. Actual
implementations may take more than 3X to remove the server
from the browse list.
ServerName - Null terminated ASCII server name (up to 16 bytes
in length).
VersionMajor - The major version of the OS the server is
running. This value is informational and irrelevant to the
browsing protocol.
VersionMinor - The minor version of the OS the server is
running. This value is informational and irrelevant to the
browsing protocol.
Type - Specifies the type of the browser. The type bits are
specified in the description of NetServerEnum2.
Signature - The browser protocol minor version number in the
low 8 bits, the browser protocol major version number in
the next higher 8 bits and the signature 0xaa55 in the
high 16 bits of this field. This may used to isolate
Leach, Naik [Page 22]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
browser servers that are running out of revision browser
software; otherwise, it is ignored. Thus, for this version
of the browser protocol (1.15) this field has the value
0xaa55010f.
Comment - Null terminated ASCII comment for the browser.
Limited to 43 bytes.
Local Master Browsers do not need to send HostAnnouncement frames; the
LocalMasterAnnouncement accomplishes that function.
6.11 MasterAnnouncement browser Frame
The MasterAnnouncement frame is sent by a Local Master Browser to the
Domain Master Browser, which runs on the PDC. If the name of the PDC is
"PDCName", then the MasterAnnouncement frame is sent to the NETBIOS
unique name PDCName(00) and mailslot "\MAILSLOT\MSBROWSE". Appendix B
describes how to determine the name of the Primary Domain Controller.
The definition of the MasterAnnouncement frame is::
struct {
unsigned short Opcode;
unsigned char MasterBrowserServerName[];
};
Opcode - Identifies this structure as a master browser server
announcement and is defined as MasterAnnouncement with a value
of decimal 13.
MasterBrowserServerName - Specifies the name of the master browser
server (up to 16 bytes in length).
6.12 DomainAnnouncement Browser Frame
Master Browsers (including Local Master Browsers and Domain Master
Browsers) announce the domain they serve to any other Master Browsers on
their subnet by broadcasting a DomainAnnouncement frame using the
NETBIOS group name _(01)(02)_MSBROWSE_(02)(01)_ and mailslot
"\MAILSLOT\MSBROWSE". The definition of the DomainAnnouncement frame is:
Leach, Naik [Page 23]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
struct {
unsigned short Opcode;
unsigned char UpdateCount;
unsigned long Periodicity;
unsigned char DomainName[];
unsigned char VersionMajor;
unsigned char VersionMinor;
unsigned long Type;
unsigned long Signature;
unsigned char MasterBrowserName[];
}
where:
Opcode - Identifies this structure as a browser server
announcement and is defined as DomainAnnouncement with a
value of decimal 12.
UpdateCount - must be sent as zero and ignored on receipt.
Periodicity - The announcement frequency of the domain (in
seconds). The domain will be removed from the browse list
if it has not been heard from in 3X its announcement
frequency. In no case will the domain be removed from the
browse list before the period 3X has elapsed. Actual
implementations may take more than 3X to actually remove
the domain from the browse list.
DomainName - Null terminated ASCII server name (up to 16 bytes
in length).
VersionMajor - The major version of the OS the server is
running. This value is informational and irrelevant to the
browsing protocol.
VersionMinor - The minor version of the OS the server is
running. This value is informational and irrelevant to the
browsing protocol.
Type - Specifies the type of the server. The server type bits
are specified in the previous section.
Signature - The browser protocol minor version number in the
low 8 bits, the browser protocol major version number in
the next higher 8 bits and the signature 0xaa55 in the
high 16 bits of this field. This may used to isolate
browser servers that are running out of revision browser
software; otherwise, it is ignored. Thus, for this version
of the browser protocol (1.15) this field has the value
0xaa55010f.
MasterBrowserName - Null terminated ASCII string containing
the name of the master browser server for this domain.
Leach, Naik [Page 24]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
7. References
[CIFS 96} I. Heizer, P. Leach, D. Perry, "Common Internet Files
System Protocol (CIFS/1.0)", Internet-Draft, <draft-heizer-cifs-
v1-spec-00.txt>,June 30, 1996 . (Work in Progress)
[RFC 1001] K. Auerbach, A. Aggarwal, "Protocol Standard for a
NETBIOS Service on a TCP/UDP Transport: Concepts and Methods",
RFC 1001, Epilogue Technology, March 1987.
[Bradner 96] S. Bradner, ""Key words for use in RFCs to Indicate
Requirement Levels", Internet-Draft, <draft-bradner-key-words-
02.txt>, August 1996 (Work in Progress)
8. Author's Addresses
Paul Leach
Dilip Naik
Microsoft
1 Microsoft Way
Redmond, WA 98052
paulle@xxxxxxxxxxxxx
v-dilipn@xxxxxxxxxxxxx
9. Appendix A - Multi-net considerations
To begin with, let's clearly define what is meant by multiple networks
here. A computer can be running one or more network protocols on a
single network adapter card such as IP and IPX. Each of these is
considered to be a "network" for the purposes of this paragraph. A
computer could also have multiple network adapter cards, and there could
be different protocols running on the different adapter cards, or even
the same protocol(s) on all of the adapter cards. So, more precisely, a
network here means a transport protocol per adapter card. A computer
with 2 physical network cards, running 2 different transport protocols
on each network card, would have 4 logical networks.
Browsers need to remember which logical network a server is located on.
When a client queries a browser for a list of servers, the browser
server needs to return a list of servers that are on the same logical
network on which the client query arrived at the browser server. So a
client that sends a browser frame using say IP will only be returned
information about servers that sent announcements using IP.
To summarize, browser servers need to understand the concept of logical
networks and track server announcements as well as client queries on a
per logical network basis.
10. Appendix B - Primary Domain Controller Location Protocol
This appendix details how a client goes about locating a Primary Domain
Controller (PDC). The process is rather involved, because different
versions of the PDC have used different versions of the protocol, and
hence a client that does not know what protocol is supported by its PDC
has to try them all.
A Primary Domain Controller (PDC) for a domain "D" is located by sending
a mailslot message containing a NETLOGON_QUERY frame to a NETBIOS name
and mailslot "\NET\NETLOGON" and then waiting for a reply mailslot
Leach, Naik [Page 25]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
message, which will be sent to the mailslot name specified by the client
in the NETLOGON_QUERY structure., and which will contain a
NETLOGON_RESPONSE structure. If there is no response after a delay, the
message may be retransmitted. The delay MUST be at least twice the
expected service time, and the delay should be doubled after each time-
out.
If a reply is received, the name of the PDC SHOULD be cached for future
use, so as time minimize network traffic. If no reply is received after
several retransmissions, the PDC may be declared to be unreachable, and
no further attempt to locate it should be made for a while (exactly how
long depends on the expected recovery time for a PDC and/or for the
network; typically a minute or so, but should be increased after each
failure).
The only difference between versions of the protocol is the NETBIOS name
to which the message is sent, as follows:
NETBIOS name PDC's OS version
name type =============
=========== ========
D(1b) unique Windows NT 3.51 or later or compatible
D(1c) group Windows NT 3.1 or later or compatible
D(00) group all
Clients which are configured to know or are willing to assume what
version of the protocol their PDC is running may directly use the
appropriate NETBIOS name for that version. Otherwise, they SHOULD first
attempt D(1b), since it is unicast and creates the least network
traffic; if there is no response, then they SHOULD try the others. They
MAY try them in parallel.
The NETLOGON_QUERY structure is defined as :
struct NETLOGON_QUERY{
unsigned short Opcode;
char ComputerName[];
char MailslotName[];
unsigned short Lm20Token;
} ;
Opcode - Identifies this structure as a NETLOGON_QUERY and has a
value of 0x07.
ComputerName - Specifies the ASCII name of the computer sending the
query, and is up to 16 bytes in length. The response is sent to
NETBIOS unique name <ComputerName>(00).
MailslotName - Specifies the ASCII name of the mailslot to which the
response is to be sent, and is up to 256 bytes in length; cannot
be "\MAILSLOT\LANMAN" or "\MAILSLOT\MSBROWSE" or
"\NET\NETLOGON".
Lm20Token - has a value of 0xFFFF.
Leach, Naik [Page 26]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
The response mailslot message contains a NETLOGON_RESPONSE data
structure that is defined as the following for non Windows NT clients:
struct NETLOGON_RESPONSE
{
unsigned short Opcode;
char PrimaryDCName[16];
unsigned short Lm20Token;
};
where
Opcode - Identifies this structure as a NETLOGON_RESPONSE and has a
value of 0x12.
PrimaryDCName - Specifies the ASCII name of the Primary Domain
Controller and is up to 16 bytes in length.
Lm20Token - has a value of 0xFFFF
Note that this procedure to locate a Primary Domain Controller is
expensive in terms of network traffic. The Microsoft implementations
attempt to alleviate this by caching the PDC Name. Before using the
cached PDC Name, a NetServerEnum2 API is remoted to the PDC and a sanity
check is performed to ensure that the server type returned indicates a
Primary Domain Controller
11. Appendix C - Summary of Special NETBIOS Names
This section details the various NETBIOS names that are involved in
sending and receiving browser frames. The different mailslots involved
in browsing (there are only 3) are described later on when the browser
frames are detailed.
11.1 Registered unique names
<COMPUTER>(00)
This name is used by all servers and clients to receive second
class mailslot requests. A system must add this name in order to
receive mailslots. The only browser requests that should appear on
this name are BecomeBackup, GetBackupListResp, MasterAnnouncement,
and LocalMasterAnnouncement frames. All other datagrams (other than
the expected non-browser datagrams) may be ignored and an error
logged.
<DOMAIN>(1d)
This name is used to identify a master browser server for domain
"DOMAIN" on a subnet. A master browser server adds this name as a
unique NETBIOS name when it comes up. If the attempt to add the
name fails, the master browser server assumes that there is another
master in the domain and will fail to come up. It may log an error
if the failure occurs more than 3 times in a row (this either
Leach, Naik [Page 27]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
indicates some form of network misconfiguration or a software
error). The only requests that should appear on this name are
GetBackupListRequest and HostAnnouncement requests. All other
datagrams on this name may be ignored (and an error logged). If
running a NETBIOS name service (NBNS, such as WINS), this name
should not be registered with the NBNS.
<DOMAIN>(1b)
This name is used to identify the Domain Master Browser for domain
"DOMAIN" (which is also the primary domain controller). It is a
unique name added only by the primary domain controller. The
primary domain controller will respond to GetBackupListRequest on
this name just as it responds to these requests on the <DOMAIN>(1d)
name.
11.2 Registered group names
(01)(02)__MSBROWSE__(02)(01)
This name is used by Master Browsers to announce themselves to the
other Master Browsers on a subnet. It is added as a group name by
all masters browser servers. The only broadcasts that should appear
on this name is DomainAnnouncement requests. All other datagrams
can be ignored.
<DOMAIN>(00)
This name is used by clients and servers in domain "DOMAIN" to
process server announcements. The only requests that should appear
on this name that the browser is interested in are
AnnouncementRequest and NETLOGON_QUERY (to locate the PDC) packets.
All other unidentifiable requests may be ignored (and an error
logged).
<DOMAIN>(1e)
This name is used for announcements to browsers for domain "DOMAIN"
on a subnet. This name is registered by all the browser servers in
the domain. The only requests that should appear on this name are
RequestElection and AnnouncementRequest packets. All other
datagrams may be ignored (and an error logged).
<DOMAIN>(1c)
This name is registered by Primary Domain Controllers.
12. Appendix D - Browsing Protocol Evolution
This Appendix details how the Microsoft Browser specification evolved
and correlates the evolution to specific Microsoft products.
The first browser implementation was with Lan Manager 1.0. Here, there
were no browser servers as such. Each client acted as its own browser
server. All servers announced themselves by means of datagrams and every
client and server listened for those datagrams. Obviously, the amount of
Leach, Naik [Page 28]
INTERNET-DRAFT CIFS/E Browser Protocol January 10, 1997
browser datagram traffic is fairly high and scales extremely poorly with
an increase in the number of servers.
The next major revision in the browser specification was with Windows
For Workgroups. This is where the concept of a browser server was really
introduced.
Windows NT 3.51 expanded upon what Windows For Workgroups built. Windows
NT 3.51 introduced the special NETBIOS name <Domain>(1b) that is
registered with WINS. Windows NT 3.51 also shipped a new redirector for
Windows For Workgroups that could take advantage of this new
<Domain>(1b) name.
In a domain which spans multiple broadcast areas, it may be necessary to
have a configuration file available that can resolve the address of a
browser server. This is because browsers rely on broadcasts for name
resolution, for historical reasons. But these name resolution broadcast
packets are not forwarded by routers that span the multiple broadcast
areas of a domain. One example of such a configuration file is the
LMHOSTS file on Windows NT machines.
Leach, Naik [Page 29]
- Follow-Ups:
- Re: [Ethereal-dev] smb-browse
- From: Richard Sharpe
- Re: [Ethereal-dev] smb-browse
- From: Ronnie Sahlberg
- Re: [Ethereal-dev] smb-browse
- References:
- [Ethereal-dev] smb-browse
- From: Ronnie Sahlberg
- [Ethereal-dev] smb-browse
- Prev by Date: Re: [Ethereal-dev] PGM dissector
- Next by Date: Re: [Ethereal-dev] smb-browse
- Previous by thread: [Ethereal-dev] smb-browse
- Next by thread: Re: [Ethereal-dev] smb-browse
- Index(es):