Ethereal-dev: Re: [Ethereal-dev] smb-browse

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 12 Jul 2001 15:11:09 -0700 (PDT)
> I tried to keep the functionality as close as possible to the original
> dissector, but there is one exception:
> I assume that every instance of a string for a ServerName is always exactly
> 16 characters (which might not
> be 0 terminated).

Nope.

In a Get Backup List response, there are multiple host names, *not*
padded to 16 characters, and NUL-terminated.  One capture on the network
here showed that.

I've attached an old "PRELIMINARY DRAFT OF AN INTERNET-DRAFT" (yes, the
document says it's a draft of an Internet-Draft, using the word "draft"
twice; the document may or may not 100% accurately reflect what Windows
actually does), from the old CIFS mailing list, for the browser
protocol; for Get Backup List responses, it says

	6.3 GetBackupListResponse Browser Frame

	The GetBackupListResponse frame is sent by a Master Browser in response
	to a GetBackupListRequest frame. If the GetBackupListRequest was sent
	from the computer whose name is "ComputerName", the
	GetBackupListResponse frame is sent to the ComputerName(00) NETBIOS
	unique name and mailslot "\MAILSLOT\LANMAN". Note: this name is not part
	of the request and the Master Browser needs to *deduce* this name with
	some cooperation from the transport protocol involved.  The definition
	of the GetBackupListResponse frame is:

	    struct {
	        unsigned short  OpCode;
	        unsigned short  BackupServerCount;
	        unsigned short  Token;
	        unsigned char   BackupServerList[][]
	    }
	where:
	     Opcode -- Identifies this structure as a backup list.

	     BackupServerCount -- Specifies the number of backup servers
	         that follow this list.

	     Token -- Is returned unmodified to the client. This is used by
	         the client to associate an incoming BackupListResponse
	         with its BackupListRequest.

	     BackupServerList -- ASCII backup servers. Each server name is
	         null terminated and up to 16 bytes in length.

"Up to 16 bytes" means "could be less than 16 bytes".





Network Working Group                    Paul J. Leach, Microsoft
INTERNET-DRAFT                           Dilip C. Naik, Microsoft
draft-leach-cifs-browser-spec-00.txt
Category: Informational
Expires June 10, 1997                            January 10, 1997



                        CIFS/E Browser Protocol
                           Preliminary Draft




STATUS OF THIS MEMO

THIS IS A PRELIMINARY DRAFT OF AN INTERNET-DRAFT. IT DOES NOT REPRESENT
THE CONSENSUS OF ANY WORKING GROUP.

This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress".

To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).

Distribution of this document is unlimited. Please send comments to the
authors or the CIFS mailing list at <cifs@xxxxxxxxxxxxxxxx>. Discussions
of the mailing list are archived at
<URL:http://microsoft.ease.lsoft.com/archives/cifs.html>.

ABSTRACT

The CIFS/E (CIFS extensions for enterprise networks) family of protocols
includes a protocol for browsing. Browsing is a mechanism for
discovering servers that are running particular services (not just CIFS
file services). Servers are organized into named groups called domains,
which form browsing scopes. This document specifies version 1.15 of  the
browsing protocol. It also specifies the mailslot protocol, because the
browsing protocol depends on it (and  is the only CIFS/E protocol which
does).






Leach, Naik                                              [Page 1]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


Table of Contents


1. INTRODUCTION........................................................3


2. PREREQUISITES.......................................................3


3. BROWSER OVERVIEW....................................................3


4. BROWSING PROTOCOL ARCHITECTURE......................................5

 4.1 LAYERING OF BROWSING PROTOCOL REQUESTS ...........................5
 4.2 BROWSER CLIENT ...................................................7
 4.3 NON-BROWSER SERVER ...............................................8
 4.4 BROWSER SERVERS ..................................................8
  4.4.1 Potential Browser Server ......................................8
  4.4.2 Backup Browser ................................................9
  4.4.3 Master Browser ................................................9
  4.4.4 Domain Master Browser ........................................12

5. MAILSLOT PROTOCOL SPECIFICATION....................................12


6. BROWSER PROTOCOL SPECIFICATION.....................................12

 6.1 NETBIOS NAME NOTATION ...........................................13
 6.2 GETBACKUPLISTREQUEST BROWSER FRAME ..............................13
 6.3 GETBACKUPLISTRESPONSE BROWSER FRAME .............................13
 6.4 THE NETSERVERENUM2 RAP SERVICE ..................................14
  6.4.1 Transaction Request Parameters section .......................15
  6.4.2 Transaction Request Data section .............................16
  6.4.3 Transaction Response Parameters section ......................16
  6.4.4 Transaction Response Data section ............................16
 6.5 HOSTANNOUNCEMENT BROWSER FRAME ..................................18
 6.6 ANNOUNCEMENTREQUEST BROWSER FRAME ...............................19
 6.7 REQUESTELECTION BROWSER FRAME ...................................19
 6.8 BROWSER ELECTIONS ...............................................20
 6.9 BECOMEBACKUP BROWSER FRAME ......................................21
 6.10 LOCALMASTERANNOUNCEMENT BROWSER FRAME ..........................22
 6.11 MASTERANNOUNCEMENT BROWSER FRAME ...............................23
 6.12 DOMAINANNOUNCEMENT BROWSER FRAME ...............................23

7. REFERENCES.........................................................25


8. AUTHOR'S ADDRESSES.................................................25


9. APPENDIX A - MULTI-NET CONSIDERATIONS..............................25




Leach, Naik                                              [Page 2]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


10. APPENDIX B - PRIMARY DOMAIN CONTROLLER LOCATION PROTOCOL..........25


11. APPENDIX C - SUMMARY OF SPECIAL NETBIOS NAMES.....................27

 11.1 REGISTERED UNIQUE NAMES ........................................27
 11.2 REGISTERED GROUP NAMES .........................................28

12. APPENDIX D - BROWSING PROTOCOL EVOLUTION..........................28



1. Introduction

The CIFS/E (CIFS extensions for enterprise networks) family of protocols
includes a protocol for "browsing". Browsing is a mechanism for
discovering servers that are running particular services (not just CIFS
file services). Servers are organized into named groups called
"domains", which form browsing scopes. This document specifies version
1.15 of  the browsing protocol. It also specifies the mailslot protocol,
because the browsing protocol depends on it (and  is the only CIFS/E
protocol which does).

This document uses the traditional RFC keywords MUST, SHOULD, etc., (now
documented in [Bradner 96]) to indicate requirement levels for
interoperability.

Note: This document is about CIFS/E browsers and has nothing to do
whatsoever with Web browsers such as Internet Explorer and Netscape
Navigator. This is a specification for persons interested in
implementing a browser server or client that can inter-operate with
other CIFS/E browsers and clients.

2. Prerequisites

. Familiarity with Common Internet File System specification (CIFS) in
  general and the Transact2 SMB as well as Remote Administration
  Protocol in particular [CIFS 96]
. Familiarity with concepts of subnets and NETBIOS [RFC 1001].
  
Additional information about browsing may be found in the MSDN articles
"Browsing and Windows 95" Parts I, II and III. These articles cover
considerations for browser deployment, especially in a WAN environment.

3. Browser Overview

Hosts involved in the browsing process can be separated into two
distinct groups, browser clients and browser servers (often referred to
simply as "browsers").

A browser is a server which maintains information about servers -
primarily the domain they are in and the services that they are running
- and about domains. Browsers may assume several different roles in
their lifetimes, and dynamically switch between them.


Leach, Naik                                              [Page 3]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



 Browser clients are of two types: workstations and (non-browser)
servers. In the context of browsing, workstations query browsers for the
information they contain; servers supply browsers the information by
registering with them. Note that, at times, browsers may themselves
behave as browser clients and query other browsers.

For the purposes of this specification, a domain is simply a name with
which to associate a group of resources such as computers, servers and
users. Domains allow a convenient means for browser clients to restrict
the scope of a search when they query browser servers. Every domain has
a "master" server called the Primary Domain Controller (PDC) that
manages various  activities within the domain.

One browser for each domain on a subnet is designated the Local Master
Browser for that domain. Servers in its domain on the subnet register
with it, as do the Local Master Browsers for other domains on the
subnet. It uses these registrations to maintain authoritative
information about its domain on its subnet. If there are other subnets
in the network, it also knows the name of the server running the
domain's Domain Master Browser; it registers with it, and uses it to
obtain information about the rest of the network (see below).

Clients on a subnet query browsers designated as the Backup Browsers for
the subnet (not the Master Browser). Backup Browsers maintain a copy of
the information on the Local Master Browser; they get it by periodically
querying the Local Master Browser for all of its information. Clients
find the Backup Browsers by asking the Local Master Browser. Clients are
expected to spread their queries evenly across Backup Browsers to
balance the load.

The Local Master Browser is dynamically elected automatically. Multiple
Backup Browser Servers may exist per subnet; they are selected from
among the potential browser servers by the Local Master Browser, which
is configured to select enough to handle the expected query load.

When the re are multiple subnets, a Domain Master Browser is assigned
the task of keeping the multiple subnets in synchronization. The Primary
Domain Controller (PDC) always acts as the Domain Master Browser. The
Domain Master Browser periodically acts as a client and queries all the
Local Master Browsers for its domain, asking them for a list containing
all the domains and all the servers in their domain known within their
subnets; it merges all the replies into a single master list. This
allows a Domain Master Browser server to act as a collection point for
inter-subnet browsing information. Local Master Browsers periodically
query the Domain Master Browser to retrieve the network-wide information
it maintains.

When a domain spans only a single subnet, there will not be any distinct
Local Master Browser; this role will be handled by the Domain Master
Browser. Similarly, the Domain Master Browser is always the Local Master
Browser for the subnet it is on.




Leach, Naik                                              [Page 4]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


When a browser client suspects that the Local Master Browser has failed,
the client will instigate an election in which the browser servers
participate, and some browser servers may change roles.

Some characteristics of a good browsing mechanism include:
. minimal network traffic
. minimum server discovery time
. minimum change discovery latency
. immunity to machine failures

Historically, Browser implementations had been very closely tied to
NETBIOS and datagrams. The early implementations caused a lot of
broadcast traffic. See Appendix D for an overview that presents how the
Browser specification evolved.

4. Browsing Protocol Architecture

This section first describes the how the browsing protocol is layered,
then describes the roles of clients, servers, and browsers in the
browsing subsystem.

4.1 Layering of Browsing Protocol Requests

Most of the browser functionality is implemented using mailslots.
Mailslots provide a mechanism for fast, unreliable unidirectional data
transfer; they are named via ASCII "mailslot (path) name". Mailslots are
implemented using the CIFS Transact SMB which is encapsulated in a
NETBIOS datagram. Browser protocol requests are sent to browser specific
mailslots using some browser-specific NETBIOS names. These datagrams can
either be unicast or broadcast, depending on whether the NETBIOS name is
a "unique name" or a "group name". Various data structures, which are
detailed subsequently within this document, flow as the data portion of
the Transact SMB.

Here is an example of a generic browser SMB, showing how a browser
request is encapsulated in a TRANSACT SMB request. Note that the PID,
TID, MID, UID, and Flags are all 0 in mailslot requests.



















Leach, Naik                                              [Page 5]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


SMB: C transact, File = \MAILSLOT\BROWSE
  SMB: SMB Status = Error Success
    SMB: Error class = No Error
    SMB: Error code = No Error
  SMB: Header: PID = 0x0000 TID = 0x0000 MID = 0x0000 UID = 0x0000
    SMB: Tree ID   (TID) = 0 (0x0)
    SMB: Process ID  (PID) = 0 (0x0)
    SMB: User ID   (UID) = 0 (0x0)
    SMB: Multiplex ID (MID) = 0 (0x0)
    SMB: Flags Summary = 0 (0x0)
  SMB: Command = C transact
    SMB: Word count = 17
    SMB: Word parameters
    SMB: Total parm bytes = 0
    SMB: Total data bytes = 33
    SMB: Max parm bytes = 0
    SMB: Max data bytes = 0
    SMB: Max setup words = 0
    SMB: Transact Flags Summary = 0 (0x0)
      SMB: ...............0 = Leave session intact
      SMB: ..............0. = Response required
    SMB: Transact timeout = 0 (0x0)
    SMB: Parameter bytes = 0 (0x0)
    SMB: Parameter offset = 0 (0x0)
    SMB: Data bytes = 33 (0x21)
    SMB: Data offset = 86 (0x56)
    SMB: Setup word count = 3
    SMB: Setup words
    SMB: Mailslot opcode = Write mailslot
    SMB: Transaction priority = 1
    SMB: Mailslot class = Unreliable (broadcast)
    SMB: Byte count = 50
    SMB: Byte parameters
    SMB: Path name = \MAILSLOT\BROWSE
    SMB: Transaction data
  SMB: Data: Number of data bytes remaining = 33 (0x0021)

Note the SMB command is Transact, the opcode within the Transact SMB is
Mailslot Write, and the browser data structure is carried as the
Transact data.
The Transaction data begins with an opcode, that signifies the operation
and determines the size and structure of data that follows. This opcode
is named as per one of the below:

HostAnnouncement         1
AnnouncementRequest      2
RequestElection          8
GetBackupListReq         9
GetBackupListResp        10
BecomeBackup             11
DomainAnnouncment        12
MasterAnnouncement       13
LocalMasterAnnouncement  15



Leach, Naik                                              [Page 6]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


Browser datagrams are often referred to as simply browser frames. The
frames are in particular, referred to by the name of the opcode within
the Transaction data e.g. a GetBackupListReq browser frame, a
RequestElection browser frame, etc.

The structures that are sent as the data portion of the Transact SMB are
described in section(s) 6.2 through 6.12 in this document. These
structures are tightly packed, i.e. there are no intervening pad bytes
in the structure, unless they are explicitly described as being there.
All quantities are sent in native Intel format and multi-byte values are
transmitted least significant byte first.

Besides mailslots and Transaction SMBs, the other important piece of the
browser architecture is the NetServerEnum2 request. This request that
allows an application to interrogate a Browser Server and obtain a
complete list of resources (servers, domains, etc) known to that Browser
server. Details of the NetServerEnum2 request are presented in section
6.4. Some examples of the NetServerEnum2 request being used are when a
Local Master Browser sends a NetServerEnum2 request to the Domain Master
Browser and vice versa. Another example is when a browser client sends a
NetServerEnum2 request to a Backup Browser server.


4.2  Browser Client

A browser client is a system running applications which may wish to
query for a list of servers for a particular domain (often its own) or a
list of all the domains in the network. (For example, such an
application is launched when a user clicks on the Network Neighborhood
icon on a Windows machine.) A browser client may send a NetServerEnum2
request (see section 6.4) to any Backup Browser serving that domain to
obtain such information.

A browser client SHOULD keep a list of a few Backup Browsers for its own
domain; it MAY cache lists of Backup Browsers for other domains if it
browses them frequently, or it may obtain them upon demand. The
objective is to minimize the cost of locating Backup Browsers each time
it wants to make a NetServerEnum2 request.

A browser client SHOULD distribute its NetServerEnum2 requests randomly
among all the Backup Browsers for a domain in its list. The objective is
to enable multiple Backup Browsers to effectively handle high browsing
loads.

A browser client can locate browser servers for the domain it wants to
browse by sending a GetBackupListRequest frame to the Local Master
Browser for that domain and waiting for a GetBackupListResponse frame.
See section 6.2 and section 6.3, respectively. Once the Local Master
Browser server responds with a list of Backup Browser servers, the
client should choose several at random from within the response, and
cache them. If there is no response after a delay, the
GetBackupListRequest frame may be retransmitted. The delay MUST be at
least twice the expected service time, and the delay should be doubled
after each time-out.


Leach, Naik                                              [Page 7]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



A browser client SHOULD force an election by sending a RequestElection
frame (see section 6.7) if it does not get a response to a
GetBackupListRequest for its own domain after several retransmissions,
since it must be assumed that the Local Master browser has crashed.
Details of the election process are in sections 6.7 and 6.8.

A browser client that wants to issue a NetServerEnum2 request to query a
domain other than its own MAY send the request to any Backup Browser in
its domain if it is unable to locate Backup Browsers for the other
domain (there may be none on its subnet).

4.3 Non-Browser Server

A non-browser server is a server that has some resource(s) or service(s)
it wishes to advertise as being available using the browsing protocol.
Examples of non-browser servers would be an SQL server, print server,
etc.

A non-browser server MUST periodically send a HostAnnouncement browser
frame, specifying the type of resources or services it is advertising.
Details are in section 6.5.

A non-browser server SHOULD announce itself relatively frequently when
it first starts up in order to make its presence quickly known to the
browsers and thence to potential clients. The frequency of the
announcements SHOULD then be gradually stretched, so as to minimize
network traffic. Typically,  non-browser servers announce themselves
once every minute upon start up and then gradually adjust the frequency
of the announcements to once every 12 minutes.

A non-browser server SHOULD send a HostAnnouncement browser frame
specifying a type of  0 just prior to shutting down, to allow it to
quickly be removed from the list of available servers.

A non-browser server MUST receive and process AnnouncementRequest frames
from the Local Master Browser, and MUST respond with a HostAnnouncement
frame, after a delay chosen randomly from the interval [0,30] seconds.
AnnouncementRequests typically happen when a Local Master Browser starts
up with an empty list of servers for the domain, and wants to fill it
quickly. The 30 second range for responses prevents the Master Browser
from becoming overloaded and losing replies, as well as preventing the
network from being flooded with responses.

4.4  Browser Servers

The following sections describe the roles of the various types of
browser servers.

4.4.1  Potential Browser Server

A Potential Browser server is a browser server that is capable of being
a Backup Browser server or Master Browser server, but is not currently
fulfilling either of those roles.


Leach, Naik                                              [Page 8]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



A Potential Browser MUST set type SV_TYPE_POTENTIAL_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of  0.

A Potential Browser server MUST receive and process BecomeBackup frames
(see section 6.9) and become a backup browser upon their receipt.

A Potential Browser MUST participate in browser elections (see section
6.8).

4.4.2  Backup Browser

Backup Browser servers are a subset of the Potential Browsers that have
been chosen by the Master Browser on their subnet to be the Backup
Browsers for the subnet.

A Backup Browser MUST set type SV_TYPE_BACKUP_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of  0.

A Backup Browser MUST listen for a LocalMasterAnnouncement frame (see
section 6.10) from the Local Master Browser, and use it to set the name
of the Master Browser it queries for the server and domain lists.

A  Backup Browsers MUST periodically make a NetServerEnum2 request of
the Master Browser on its subnet for its domain to get a list of servers
in that domain, as well as a list of domains. The period is a
configuration option balancing currency of the information with network
traffic costs - a typical value is 15 minutes.

A Backup Browser SHOULD force an election by sending a RequestElection
frame (see section 6.7) if it does not get a response to its periodic
NetServeEnum2 request to the Master Browser.

A Backup Browser MUST receive and process NetServerEnum2 requests from
browser clients, for its own domain and others. If the request is for a
list of servers in its domain, or for a list of domains, it can answer
from its internal lists. If the request is for a list of servers in a
domain different than the one it serves, it sends a NetServerEnum2
request to the Domain Master Browser for that domain (which it can in
find in its list of domains and their Domain Master Browsers).

A Backup Browser MUST participate in browser elections (see section
6.8).

4.4.3 Master Browser

Master Browsers are responsible for:
. indicating it is a Master Browser
. receiving server announcements and building a list of such servers
  and keeping it reasonably up-to-date.


Leach, Naik                                              [Page 9]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


. returning lists of Backup Browsers to browser clients.
. ensuring an appropriate number of Backup Browsers are available.
. announcing their existence to other Master Browsers on their subnet,
  to the Domain Master Browser for their domain, and to all browsers in
  their domain on their subnet
. forwarding requests for lists of servers on other domains to the
  Master Browser for that domain
. keeping a list of domains in its subnet
. synchronizing with the Domain Master Browser (if any) for its domain
. participating in browser elections
. ensuring that there is only one Master Browser on its subnet

A Master Browser MUST set type SV_TYPE_MASTER_BROWSER (see section
6.4.1) in its HostAnnouncement until it is ready to shut down. In its
last HostAnnouncement frame before it shuts down, it SHOULD specify a
type of  0.

A Master Browser MUST receive and process HostAnnouncement frames from
servers, adding the server name and other information to its servers
list; it must mark them as "local" entries. Periodically, it MUST check
all local server entries to see if a server's HostAnnouncement has timed
out (no HostAnnouncement received for three times the periodicity the
server gave in the last received HostAnnouncement) and remove timed-out
servers from its list.

A Master Browser MUST receive and process DomainAnnouncement frames (see
section 6.12) and maintain the domain names and their associated (Local)
Master Browsers in its internal domain list until they time out; it must
mark these as "local" entries. Periodically, it MUST check all local
domain entries to see if a server's DomainAnnouncement has timed out (no
DomainAnnouncement received for three times the periodicity the server
gave in the last received DomainAnnouncement) and remove timed-out
servers from its list.

A Master Browser MUST receive and process GetBackupListRequest frames
from clients, returning GetBackupListResponse frames containing a list
of the Backup Servers for its domain.

A Master Browser MUST eventually send BecomeBackup frames (see section
6.9) to one or more Potential Browser servers to increase the number of
Backup Browsers if there are not enough Backup Browsers to handle the
anticipated query load. Note: possible good times for checking for
sufficient backup browsers are after being elected, when timing out
server HostAnnouncements, and when receiving a server's HostAnnouncement
for the first time.

A Master Browser MUST periodically announce itself and the domain it
serves to other (Local) Master Browsers on its subnet, by sending a
DomainAnnouncement frame (see section 6.12) to its subnet.

A Master Browser MUST send a MasterAnnouncement frame (see section 6.11)
to the Domain Master Browser after it is first elected, and periodically
thereafter. This informs the Domain Master Browser of the presence of
all the Master Browsers.


Leach, Naik                                             [Page 10]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



A Master Browser MUST periodically announce itself to all browsers for
its domain on its subnet by sending a LocalMasterAnnouncement frame (see
section 6.10).

A Master Browser MUST receive and process NetServerEnum2 requests from
browser clients, for its own domain and others. If the request is for a
list of servers in its domain, or for a list of domains, it can answer
from its internal lists. Entries in its list marked "local" MUST have
the SV_TYPE_LOCAL_LIST_ONLY bit set in the returned results; it must be
clear for all other entries. If the request is for a list of servers in
a domain different than the one it serves, it sends a NetServerEnum2
request to the Domain Master Browser for that domain (which it can in
find in its list of domains and their Domain Master Browsers).

    Note: The list of servers that the Master Browser maintains and
    returns to the Backup Browsers, is limited in size to 64K of
    data. This will limit the number of systems that can be in a
    browse list in a single workgroup or domain to approximately two
    thousand systems.

A Master Browser SHOULD request all servers to register with it by
sending an AnnouncementRequest frame, if, on becoming the Master Browser
by winning an election, its server list is empty. Otherwise, clients
might get an incomplete list of servers until the servers' periodic
registrations fill the server list.

If the Master Browser on a subnet is not the Primary Domain Controller
(PDC), then it is a Local Master Browser.

A Local Master Browser MUST periodically synchronize with the Domain
Master Browser (which is the PDC). This synchronization is performed by
making a NetServerEnum2 request to the Domain Master Browser and merging
the results with its list of servers and domains. An entry from the
Domain Master Browser should be marked "non-local", and must not
overwrite an entry with the same name marked "local". The Domain Master
Browser is located as specified in Appendix B.

A Master Browser MUST participate in browser elections (see section
6.8).

A Master Browser MUST, if it receives a HostAnnouncement,
DomainAnnouncement, or LocalMasterAnnouncement frame another system that
claims to be the Master Browser for its domain, demote itself from
Master Browser and force an election. This ensures that there is only
ever one Master Browser in each workgroup or domain.

A Master Browser SHOULD, if it loses an election, become a Backup
Browser (without being told to do so by the new Master Browser). Since
it has more up-to-date information in its lists than a Potential
Browser, it is more efficient to have it be a Backup Browser than to
promote a Potential Browser.




Leach, Naik                                             [Page 11]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


4.4.3.1 Preferred Master Browser

A Preferred Master Browser supports exactly the same protocol elements
as a Potential Browser, except as follows.

A Preferred Master Browser MUST always force an election when it starts
up.

A Preferred Master Browser MUST participate in browser elections (see
section 6.8).

A Preferred Master Browser MUST set the Preferred Master bit in the
RequestElection frame (see section 6.7) to bias the election in its
favor.

A Preferred Master Browser SHOULD, if it loses an election,
automatically become a Backup Browser, without being told to do so by
the Master Browser.

4.4.4 Domain Master Browser

Since the Domain Master Browser always runs on the PDC, it must
implement all the protocols required of a PDC in addition to the
browsing protocol, and that is way beyond the scope of this
specification.

5. Mailslot Protocol Specification

The only transaction allowed to a mailslot is a mailslot write. Mailslot
writes requests are encapsulated in TRANSACT SMBs. The following table
shows the interpretation of the TRANSACT SMB parameters for a mailslot
transaction:

 Name            Value               Description
 Command         SMB_COM_TRANSACTION
 Name            <name>              STRING name of mail slot to write;
                                     must start with "\MAILSLOT\"
 SetupCount      3                   Always 3 for mailslot writes
 Setup[0]        1                   Command code == write mailslot
 Setup[1]        Ignored
 Setup[2]        Ignored
 TotalDataCount  n                   Size of data in bytes to write to
                                     the mailslot
 Data[ n ]                           The data to write to the mailslot

6. Browser Protocol Specification

As already explained, browser datagrams are also referred to as Browser
frames. What distinguishes one browser datagram from another is the
opcode that is carried as the data portion of the Transact SMB, the
mailslot and the NETBIOS name the browser datagram is sent to. Browser
frames are often referred to by the opcode that is within the data
portion of the Transact SMB. The following sections describe the various
Browser frames.


Leach, Naik                                             [Page 12]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


6.1 NETBIOS Name Notation

NAME(xx) denotes the ASCII string "NAME," padded with spaces (0x20) to
15 bytes, with a hex xx value in the 16th byte. For example, the
notation FOOBAR(15) indicates a NETBIOS name consisting of the bytes:
    [69,79,79,65,64,82,20,20,20,20,20,20,20,20,20, 15]

Names that are placeholders and that need to be substituted with their
actual values are bracketed within <>. Thus the string <Domain> would
become "Redmond" if the domain under consideration is named "Redmond".
Details of the various NETBIOS names used for browsing are described in
Appendix C.

6.2 GetBackupListRequest Browser Frame

The GetBackupListRequest frame is sent by a browser client to any Master
Browser for a domain to allow the client to learn the identities of
Backup Browsers. To get the list of Backup Browsers for domain "D", the
GetBackupListRequest browser frame is sent on mailslot
"\MAILSLOT\MSBROWSE" and to NETBIOS unique names  D(1d) and D(1b).  (The
frame is sent simultaneously to both NETBIOS names; the first response
is used.) The definition of the GetBackupListRequest frame is:

    struct {
        unsigned short OpCode;
        unsigned short Token;
    }

where :

OpCode identifies this structure as a request to return a list of Backup
servers. Opcode is defined as GetBackupListRequest and has a value of
decimal 9.

Token is a handle of meaning only to the client issuing the browser
frame. The Local Master Browser will return this token unmodified in the
response. The client should use this to distinguish replies to multiple
outstanding GetBackupList requests. This implies that every
GetBackupListRequest should have an unique handle, at least within the
outstanding lifetime of a request.

The expected response is a GetBackupListResponse frame (see next
section).

6.3 GetBackupListResponse Browser Frame

The GetBackupListResponse frame is sent by a Master Browser in response
to a GetBackupListRequest frame. If the GetBackupListRequest was sent
from the computer whose name is "ComputerName", the
GetBackupListResponse frame is sent to the ComputerName(00) NETBIOS
unique name and mailslot \MAILSLOT\LANMAN. Note: this name is not part
of the request and the Master Browser needs to *deduce* this name with
some cooperation from the transport protocol involved.  The definition
of the GetBackupListResponse frame is:


Leach, Naik                                             [Page 13]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



    struct {
        unsigned short  OpCode;
        unsigned short  BackupServerCount;
        unsigned short  Token;
        unsigned char   BackupServerList[][]
    }
where:
     Opcode - Identifies this structure as a backup list.

     BackupServerCount - Specifies the number of backup servers
         that follow this list.

     Token - Is returned unmodified to the client. This is used by
         the client to associate an incoming BackupListResponse
         with its BackupListRequest.

     BackupServerList - ASCII backup servers. Each server name is
         null terminated and up to 16 bytes in length.


6.4 The NetServerEnum2 RAP Service

The NetServerEnum2 RAP service lists all computers of the specified type
or types that are visible in the specified domains. It may also
enumerate domains.

The following definition uses the notation and terminology defined in
the CIFS Remote Administration Protocol specification, which is required
in order to make it well-defined. The definition is:

    unsigned short NetServerEnum2 (
        unsigned short  sLevel,
        RCVBUF      pbBuffer,
        RCVBUFLEN   cbBuffer,
        ENTCOUNT        pcEntriesRead,
        unsigned short *pcTotalAvail,
        unsigned long  fServerType,
        char        *pszDomain,
    );

where:

   sLevel specifies the level of detail (0 or 1) requested.

   pbBuffer points to the buffer to receive the returned data. If the
   function is successful, the buffer contains a sequence of
   server_info_x structures, where x is 0 or 1, depending on the
   level of detail requested.

   cbBuffer specifies the size, in bytes, of the buffer pointed to by
   the pbBuffer parameter.




Leach, Naik                                             [Page 14]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


   pcEntriesRead points to a 16 bit variable that receives a count of
   the number of servers enumerated in the buffer. This count is
   valid only if NetServerEnum2 returns the NERR_Success or
   ERROR_MORE_DATA values.

   pcTotal Avail points to a 16 bit variable that receives a count of
   the total number of available entries. This count is valid only if
   NetServerEnum2 returns the NERR_Success or ERROR_MORE_DATA values.

    fServerType specifies the type or types of computers to enumerate.
    Computers that match at least one of the specified types are
    returned in the buffer. Possible values are defined in the request
    parameters section.

   pszDomain points to a null-terminated string that contains the
   name of the workgroup in which to enumerate computers of the
   specified type or types. If the pszDomain parameter is a null
   string or a null pointer, servers are enumerated for the current
   domain of the computer.

6.4.1 Transaction Request Parameters section

The Transaction request parameters section in this instance contains:
. The 16 bit function number for NetServerEnum2 which is 104.
. The parameter descriptor string which is "WrLehDz".
. The data descriptor string for the (returned) data which is "B16" for
  level detail 0 or "B16BBDz" for level detail 1.
. The actual parameters as described by the parameter descriptor
  string.

The parameters are:
. A 16 bit integer with a value of 0 or 1 (corresponding to the "W" in
  the parameter descriptor string. This represents the level of detail
  the server is expected to return
. A 16 bit integer that contains the size of the receive buffer.
. A 32 bit integer that represents the type of servers the function
  should enumerate. The possible values may be any of the following or
  a combination of the following:

SV_TYPE_WORKSTATION        0x00000001 All workstations
SV_TYPE_SERVER             0x00000002 All servers
SV_TYPE_SQLSERVER          0x00000004 Any server running with SQL
                                      server
SV_TYPE_DOMAIN_CTRL        0x00000008 Primary domain controller
SV_TYPE_DOMAIN_BAKCTRL     0x00000010 Backup domain controller
SV_TYPE_TIME_SOURCE        0x00000020 Server running the timesource
                                      service
SV_TYPE_AFP                0x00000040 Apple File Protocol servers
SV_TYPE_NOVELL             0x00000080 Novell servers
SV_TYPE_DOMAIN_MEMBER      0x00000100 Domain Member
SV_TYPE_PRINTQ_SERVER      0x00000200 Server sharing print queue
SV_TYPE_DIALIN_SERVER      0x00000400 Server running dialin service.
SV_TYPE_XENIX_SERVER       0x00000800 Xenix server
SV_TYPE_NT                 0x00001000 NT server


Leach, Naik                                             [Page 15]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


SV_TYPE_WFW                0x00002000 Server running Windows for
                                      Workgroups
SV_TYPE_SERVER_NT          0x00008000 Windows NT non DC server
SV_TYPE_POTENTIAL_BROWSER  0x00010000 Server that can run the browser
                                      service
SV_TYPE_BACKUP_BROWSER     0x00020000 Backup browser server
SV_TYPE_MASTER_BROWSER     0x00040000 Master browser server
SV_TYPE_DOMAIN_MASTER      0x00080000 Domain Master Browser server
SV_TYPE_LOCAL_LIST_ONLY    0x40000000 Enumerate only entries marked
                                      "local"
SV_TYPE_DOMAIN_ENUM        0x80000000 Enumerate Domains. The pszDomain
                                      parameter must be NULL.

. A null terminated ASCII string representing the pszDomain parameter
  described above

6.4.2 Transaction Request Data section

There is no data or auxiliary data to send as part of the request.

6.4.3 Transaction Response Parameters section

The transaction response parameters section consists of:
. A 16 bit word indicating the return status. The possible values are:

Code                   Value  Description
NERR_Success           0      No errors encountered
ERROR_MORE_DATA        234    Additional data is available
NERR_ServerNotStarted  2114   The RAP service on the remote computer
                              is not running
NERR_BadTransactConfig 2141   The server is not configured for
                              transactions, IPC$ is not shared

. A 16 bit "converter" word.
. A 16 bit number representing the number of entries returned.
. A 16 bit number representing the total number of available entries.
  If the supplied buffer is large enough, this will equal the number of
  entries returned.

6.4.4 Transaction Response Data section

The return data section consists of a number of SHARE_INFO_1 structures.
The number of such structures present is determined by the third entry
(described above) in the return parameters section.

At level detail 0, the Transaction response data section contains a
number of SERVER_INFO_0 data structure. The number of such structures is
equal to the 16 bit number returned by the server in the third parameter
in the Transaction response parameter section. The SERVER_INFO_0 data
structure is defined as:






Leach, Naik                                             [Page 16]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


    struct SERVER_INFO_0 {
        char        sv0_name[16];
    };

 where:

   sv0_name is a null-terminated string that specifies the name of a
   computer or domain .

At level detail 1, the Transaction response data section contains a
number of SERVER_INFO_1 data structure. The number of such structures is
equal to the 16 bit number returned by the server in the third parameter
in the Transaction response parameter section. The SERVER_INFO_1 data
structure is defined as:

    struct SERVER_INFO_1 {
        char            sv1_name[16];
        char            sv1_version_major;
        char            sv1_version_minor;
        unsigned long   sv1_type;
        char        *sv1_comment_or_master_browser;
    };

   sv1_name contains a null-terminated string that specifies the name
   of a computer, or a domain name if SV_TYPE_DOMAIN_ENUM is set in
   sv1_type.

   sv1_version_major whatever was specified in the HostAnnouncement
   or DomainAnnouncement frame with which the entry was registered.

   sv1_version_minor whatever was specified in the HostAnnouncement
   or DomainAnnouncement frame with which the entry was registered.

   sv1_type specifies the type of software the computer is running.
   The member can be one or a combination of the values defined above
   in the Transaction request parameters section for fServerType.


   sv1_comment_or_master_browser points to a null-terminated string. If
   the sv1_type indicates that the entry is for a domain, this
   specifies the name of server running the domain master browser;
   otherwise, it specifies a comment describing the server. The comment
   can be a null string or the pointer may be a null pointer.

   In case there are multiple SERVER_INFO_1 data structures to
   return, the server may put all these fixed length structures in
   the return buffer, leave some space and then put all the variable
   length data (the actual value of the sv1_comment strings) at the
   end of the buffer.

There is no auxiliary data to receive.





Leach, Naik                                             [Page 17]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


6.5 HostAnnouncement Browser Frame

To advertise its presence, i.e. to publish itself as being available, a
non-browser server sends a HostAnnouncement browser frame. If the server
is a member of domain "D", this frame is sent to the NETBIOS unique name
D(1d) and mailslot "\MAILSLOT\MSBROWSE". The definition of  the
HostAnnouncement frame is:

    struct {
        unsigned short  Opcode;
        unsigned char   UpdateCount;
        unsigned long   Periodicity;
        unsigned char   ServerName[];
        unsigned char   VersionMajor;
        unsigned char   VersionMinor;
        unsigned long   Type;
        unsigned long   Signature;
        unsigned char   Comment[];
    }

where:
     Opcode - Identifies this structure as a browser server
         announcement and is defined as HostAnnouncement with a
         value of decimal 1.

     UpdateCount - must be sent as zero and ignored on receipt.

     Periodicity - The announcement frequency of the server (in
         seconds). The server will be removed from the browse list
         if it has not been heard from in 3X its announcement
         frequency. In no case will the server be removed from the
         browse list before the period 3X has elapsed. Actual
         implementations may take more than 3X to actually remove
         the server from the browse list.

     ServerName - Null terminated ASCII server name (up to 16 bytes
         in length).

     VersionMajor - The major version number of the OS the server
         is running. it will be returned by NetServerEnum2.

     VersionMinor - The minor version number of the OS the server
         is running. This is entirely informational and does not
         have any significance for the browsing protocol.

     Type - Specifies the type of the server. The server type bits
         are specified in the NetServerEnum2 section.

     Signature - The browser protocol minor version number in the
         low 8 bits, the browser protocol major version number in
         the next higher 8 bits and the signature 0xaa55 in the
         high 16 bits of this field. Thus, for this version of the
         browser protocol (1.15) this field has the value
         0xaa55010f. This may used to isolate browser servers that


Leach, Naik                                             [Page 18]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


         are running out of revision browser software; otherwise,
         it is ignored.

     Comment - Null terminated ASCII comment for the server.
         Limited to 43 bytes.

When a non-browser server starts up, it announces itself in the manner
described once every minute. The frequency of these statements is
gradually stretched to once every 12 minutes.

Note: older non-browser servers in a domain "D" sent HostAnnouncement
frames to the NETBIOS group name D(00). Non-Browser servers supporting
version 1.15 of the browsing protocol SHOULD NOT use this NETBIOS name,
but for backwards compatibility Master Browsers MAY receive and process
HostAnnouncement frames on this name as described above for D(1d).

6.6 AnnouncementRequest Browser Frame

When a Master Browser starts up and its browse list is empty, it may
force all servers to announce themselves by broadcasting an
AnnouncementRequest frame. If the Master Browser serves domain "D", the
AnnouncementRequest frame is broadcast using the NETBIOS group name
D(00) and mailslot "\MAILSLOT\LANMAN". The definition of the
AnnouncementRequest frame is:

    struct {
        unsigned short Opcode;
        unsigned char  ResponseComputerName[];
    };

     Opcode - Identifies this structure as an announcement request
         and is defined as AnnounceMent Request with a value of
         decimal 2.

     ResponseComputerName - Specifies the name of the computer to
         send the server announcement to and is up to 16 bytes in
         length. This is ignored . The response to this browser
         frame is a HostAnnouncement browser frame as described
         immediately above. That browser frame does not use this
         parameter at all.

Recipients of this packet should reply by sending an HostAnnouncement
frame as described above. The reply should be sent within a randomly
determined time period that may have a duration of up to 30 seconds. The
random delay ensures that the Master Browser who sent out the packet
does not get flooded with replies, all at the same time.

6.7 RequestElection Browser Frame

To force the election of a new Master Browser for a domain, any browser
client or server can broadcast a RequestElection frame. If the election
is for domain "D", the frame is broadcast using the NETBIOS group name
D(1e) and mailslot "\MAILSLOT\MSBROWSE". The definition of the
RequestElection frame is:


Leach, Naik                                             [Page 19]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



     struct {
        unsigned short Opcode;
        unsigned char Version;
        unsigned long Criteria;
        unsigned long TimeUp;
        unsigned long MustBeZero;
        unsigned char ServerName[];
     }

    Opcode - Identifies this structure as an election request, and is
        defined as RequestElection, with a value of decimal 8.

    Version - Specifies the version of this election packet. This is a
        constant and always has the value 0x00010f00

    Criteria - Specifies the election criteria of the sender. Produced
        by OR'ing together the Version and the following:

    OS info:
        Windows for Workgroups & Windows 95:    0x00000000
        Windows NT:                     0x01000000
        Windows NT Server:                  0x02000000
    Role:
        PDC:                                0x00000080
        Preferred Master:                   0x00000008
        Running Master:                 0x00000004
        Backup Browser which was
        recently a Master Browser:          0x00000002
        Running Backup Browser:             0x00000001
        Using NBNS for NETBIOS:             0x00000020

    The following masks can be used to isolate parts of the Criteria:

    Operating System Type Mask              0xFF000000
    Election Protocol Version Mask:         0x00FFFF00
    Per version criteria mask:              0x000000FF


    TimeUp - The number of seconds that the server has been up.

    MustBeZero- Must be zero.

    ServerName - Null terminated ASCII server name (up to 16 bytes in
        length).


6.8 Browser Elections

All browsers for a domain "D" MUST listen for RequestElection frames on
the group name D(1e) and mailslot "\MAILSLOT\MSBROWSE".





Leach, Naik                                             [Page 20]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


Elections proceed in rounds. A round is initiated when a RequestElection
frame is sent. When a Browser receives a RequestElection frame, it
determines if it has won the round using the following rules:

        If it has lost an election in the last several seconds, it loses
        If its election Version is greater than the senders election
        Version, it wins
        Else if its election Criteria (including the election version)
        is greater than the senders Criteria, it wins
        Else if it has been up longer than the sender, it wins
        Else if its name is lexically lower than the sender's name, it
        wins
                (I.e., at this point, a sever named A will become Master
                Browser over a server named X)

(Note that many browsers which receive a RequestElection frame may win a
round.)

Each time it wins a round,  a browser sends out a RequestElection frame,
after a delay based on the browser's current role in the domain:
. Master Browsers and Domain Master Browsers delay for 100 ms.
. Backup Browsers delay for an amount randomly chosen from the interval
  200-600 ms.
. All other browsers delay for an amount randomly chosen from the
  interval 800-3000 ms.

If a browser loses a round it drops out of the election by ignoring
RequestElection frames until it receives a LocalMasterAnnouncement frame
that tells which system is the new Master Browser.

If a browser wins 4 rounds in a row, it becomes the Master Browser.

6.9 BecomeBackup Browser Frame

If a Local Master Browser for a domain "D" wants to promote a Potential
Browser to Backup Browser, it broadcasts a  BecomeBackup frame using the
NETBIOS group name D(1e) and the "\MAILSLOT\MSBROWSE" mailslot. The
definition of the BecomeBackup frame is:

    struct {
        unsigned short Opcode;
        unsigned char BrowserToPromote[];
    }

     Opcode - Identifies this structure as a browser server
         announcement, is defined as BecomeBackup, with a value of
         decimal 11

     BrowserToPromote - Specifies the name of the browser server to
         be promoted to backup. Maximum of 16 bytes in length.






Leach, Naik                                             [Page 21]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


6.10 LocalMasterAnnouncement Browser Frame

A Local Master Browser for a domain announces itself to all the other
browsers in its domain that are on its subnet using the
LocalMasterAnnouncement frame. If the Local Master Browser serves domain
"D", the LocalMasterAnnouncement frame is broadcast using the NETBIOS
group name D(1e) and the mailslot "\MAILSLOT\MSBROWSE". The definition
of the LocalMasterAnnouncement frame is:

    struct {
        unsigned short Opcode;
        unsigned char UpdateCount;
        unsigned long Periodicity;
        unsigned char ServerName[];
        unsigned char VersionMajor;
        unsigned char VersionMinor;
        unsigned long Type;
        unsigned long Signature;
        unsigned char Comment[];
    }

where:
     Opcode - Identifies this structure as a browser server
         announcement and is defined as LocalMasterAnnouncement
         with a value of decimal 15.

     UpdateCount - must be sent as zero and ignored on receipt.

     Periodicity - The announcement frequency of the browser (in
         seconds). The browser will be removed from the browse list
         if it has not been heard from in 3X its announcement
         frequency. In no case will the server be removed from the
         browse list before the period 3X has elapsed. Actual
         implementations may take more than 3X to remove the server
         from the browse list.

     ServerName - Null terminated ASCII server name (up to 16 bytes
         in length).

     VersionMajor - The major version of the OS the server is
         running. This value is informational and irrelevant to the
         browsing protocol.

     VersionMinor - The minor version of the OS the server is
         running. This value is informational and irrelevant to the
         browsing protocol.

     Type - Specifies the type of the browser. The type bits are
         specified in the description of NetServerEnum2.

     Signature - The browser protocol minor version number in the
         low 8 bits, the browser protocol major version number in
         the next higher 8 bits and the signature 0xaa55 in the
         high 16 bits of this field. This may used to isolate


Leach, Naik                                             [Page 22]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


         browser servers that are running out of revision browser
         software; otherwise, it is ignored. Thus, for this version
         of the browser protocol (1.15) this field has the value
         0xaa55010f.

     Comment - Null terminated ASCII comment for the browser.
         Limited to 43 bytes.

Local Master Browsers do not need to send HostAnnouncement frames; the
LocalMasterAnnouncement accomplishes that function.

6.11 MasterAnnouncement browser Frame

The MasterAnnouncement frame is sent by a Local Master Browser to the
Domain Master Browser, which runs on the PDC. If the name of the PDC is
"PDCName", then the MasterAnnouncement frame is sent to the NETBIOS
unique name PDCName(00) and mailslot "\MAILSLOT\MSBROWSE". Appendix B
describes how to determine the name of the Primary Domain Controller.
The definition of the MasterAnnouncement frame is::

    struct {
        unsigned short Opcode;
        unsigned char  MasterBrowserServerName[];
    };

    Opcode - Identifies this structure as a master browser server
        announcement and is defined as MasterAnnouncement with a value
        of decimal 13.

    MasterBrowserServerName - Specifies the name of the master browser
        server (up to 16 bytes in length).


6.12 DomainAnnouncement Browser Frame

Master Browsers (including Local Master Browsers and Domain Master
Browsers) announce the domain they serve to any other Master Browsers on
their subnet by broadcasting a DomainAnnouncement frame using the
NETBIOS group name _(01)(02)_MSBROWSE_(02)(01)_ and mailslot
"\MAILSLOT\MSBROWSE". The definition of the DomainAnnouncement frame is:
















Leach, Naik                                             [Page 23]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


    struct {
        unsigned short Opcode;
        unsigned char UpdateCount;
        unsigned long Periodicity;
        unsigned char DomainName[];
        unsigned char VersionMajor;
        unsigned char VersionMinor;
        unsigned long Type;
        unsigned long Signature;
        unsigned char MasterBrowserName[];
    }

where:
     Opcode - Identifies this structure as a browser server
         announcement and is defined as DomainAnnouncement with a
         value of decimal 12.

     UpdateCount - must be sent as zero and ignored on receipt.

     Periodicity - The announcement frequency of the domain (in
         seconds). The domain will be removed from the browse list
         if it has not been heard from in 3X its announcement
         frequency. In no case will the domain be removed from the
         browse list before the period 3X has elapsed. Actual
         implementations may take more than 3X to actually remove
         the domain from the browse list.

     DomainName - Null terminated ASCII server name (up to 16 bytes
         in length).

     VersionMajor - The major version of the OS the server is
         running. This value is informational and irrelevant to the
         browsing protocol.

     VersionMinor - The minor version of the OS the server is
         running. This value is informational and irrelevant to the
         browsing protocol.

     Type - Specifies the type of the server. The server type bits
         are specified in the previous section.

     Signature - The browser protocol minor version number in the
         low 8 bits, the browser protocol major version number in
         the next higher 8 bits and the signature 0xaa55 in the
         high 16 bits of this field. This may used to isolate
         browser servers that are running out of revision browser
         software; otherwise, it is ignored. Thus, for this version
         of the browser protocol (1.15) this field has the value
         0xaa55010f.

     MasterBrowserName - Null terminated ASCII string containing
         the name of the master browser server for this domain.




Leach, Naik                                             [Page 24]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


7. References
[CIFS 96}       I. Heizer, P. Leach, D. Perry, "Common Internet Files
        System Protocol (CIFS/1.0)", Internet-Draft, <draft-heizer-cifs-
        v1-spec-00.txt>,June 30, 1996 . (Work in Progress)
[RFC 1001]      K. Auerbach, A. Aggarwal, "Protocol Standard for a
        NETBIOS Service on a TCP/UDP Transport: Concepts and Methods",
        RFC 1001, Epilogue Technology, March 1987.
[Bradner 96]    S. Bradner, ""Key words for use in RFCs to Indicate
        Requirement Levels", Internet-Draft, <draft-bradner-key-words-
        02.txt>, August 1996 (Work in Progress)

8. Author's Addresses
Paul Leach
Dilip Naik
Microsoft
1 Microsoft Way
Redmond, WA 98052
 paulle@xxxxxxxxxxxxx
v-dilipn@xxxxxxxxxxxxx

9. Appendix A - Multi-net considerations

To begin with, let's clearly define what is meant by multiple networks
here. A computer can be running one or more network protocols on a
single network adapter card such as IP and IPX. Each of these is
considered to be a "network" for the purposes of this paragraph. A
computer could also have multiple network adapter cards, and there could
be different protocols running on the different adapter cards, or even
the same protocol(s) on all of the adapter cards. So, more precisely, a
network here means a transport protocol per adapter card. A computer
with 2 physical network cards, running 2 different transport protocols
on each network card, would have 4 logical networks.

Browsers need to remember which logical network a server is located on.
When a client queries a browser for a list of servers, the browser
server needs to return a list of servers that are on the same logical
network on which the client query arrived at the browser server. So a
client that sends a browser frame using say IP will only be returned
information about servers that sent announcements using IP.
To summarize, browser servers need to understand the concept of logical
networks and track server announcements as well as client queries on a
per logical network basis.

10. Appendix B - Primary Domain Controller Location Protocol

This appendix details how a client goes about locating a Primary Domain
Controller (PDC). The process is rather involved, because different
versions of the PDC have used different versions of the protocol, and
hence a client that does not know what protocol is supported by its PDC
has to try them all.

A Primary Domain Controller (PDC) for a domain "D" is located by sending
a mailslot message containing a NETLOGON_QUERY frame to a NETBIOS name
and mailslot "\NET\NETLOGON" and then waiting for a reply mailslot


Leach, Naik                                             [Page 25]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


message, which will be sent to the mailslot name specified by the client
in the NETLOGON_QUERY structure., and which will contain a
NETLOGON_RESPONSE structure. If there is no response after a delay, the
message may be retransmitted. The delay MUST be at least twice the
expected service time, and the delay should be doubled after each time-
out.

If a reply is received, the name of the PDC SHOULD be cached for future
use, so as time minimize network traffic. If no reply is received after
several retransmissions, the PDC may be declared to be unreachable, and
no further attempt to locate it should be made for a while (exactly how
long depends on the expected recovery time for a PDC and/or for the
network; typically a minute or so, but should be increased after each
failure).

The only difference between versions of the protocol is the NETBIOS name
to which the message is sent, as follows:

NETBIOS     name      PDC's OS version
name        type      =============
=========== ========
D(1b)       unique    Windows NT 3.51 or later or compatible
D(1c)       group     Windows NT 3.1 or later or compatible
D(00)       group     all

Clients which are configured to know or are willing to assume what
version of the protocol their PDC is running may directly use the
appropriate NETBIOS name for that version. Otherwise, they SHOULD first
attempt D(1b), since it is unicast and creates the least network
traffic; if there is no response, then they SHOULD try the others. They
MAY try them in parallel.

The NETLOGON_QUERY structure is defined as :

    struct NETLOGON_QUERY{
        unsigned short  Opcode;
        char            ComputerName[];
        char            MailslotName[];
        unsigned short  Lm20Token;
    } ;

    Opcode - Identifies this structure as a NETLOGON_QUERY and has a
        value of 0x07.

    ComputerName - Specifies the ASCII name of the computer sending the
        query, and is up to 16 bytes in length. The response is sent to
        NETBIOS unique name <ComputerName>(00).

    MailslotName - Specifies the ASCII name of the mailslot to which the
        response is to be sent, and is up to 256 bytes in length; cannot
        be "\MAILSLOT\LANMAN" or "\MAILSLOT\MSBROWSE" or
        "\NET\NETLOGON".

    Lm20Token - has a value of 0xFFFF.


Leach, Naik                                             [Page 26]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997



The response mailslot message contains a NETLOGON_RESPONSE data
structure that is defined as the following for non Windows NT clients:

    struct NETLOGON_RESPONSE
    {
        unsigned short  Opcode;
        char            PrimaryDCName[16];
        unsigned short  Lm20Token;
    };

where
    Opcode - Identifies this structure as a NETLOGON_RESPONSE and has a
        value of 0x12.

    PrimaryDCName - Specifies the ASCII name of the Primary Domain
        Controller and is up to 16 bytes in length.

    Lm20Token - has a value of 0xFFFF

Note that this procedure to locate a Primary Domain Controller is
expensive in terms of network traffic. The Microsoft implementations
attempt to alleviate this by caching the PDC Name. Before using the
cached PDC Name, a NetServerEnum2 API is remoted to the PDC and a sanity
check is performed to ensure that the server type returned indicates a
Primary Domain Controller


11. Appendix C - Summary of Special NETBIOS Names

This section details the various NETBIOS names that are involved in
sending and receiving browser frames. The different mailslots involved
in browsing (there are only 3) are described later on when the browser
frames are detailed.


11.1 Registered unique names

<COMPUTER>(00)
     This name is used by all servers and clients to receive second
     class mailslot requests. A system must add this name in order to
     receive mailslots. The only browser requests that should appear on
     this name are BecomeBackup, GetBackupListResp, MasterAnnouncement,
     and LocalMasterAnnouncement frames. All other datagrams (other than
     the expected non-browser datagrams) may be ignored and an error
     logged.

<DOMAIN>(1d)
     This name is used to identify a master browser server for domain
     "DOMAIN" on a subnet.  A master browser server adds this name as a
     unique NETBIOS name when it comes up. If the attempt to add the
     name fails, the master browser server assumes that there is another
     master in the domain and will fail to come up. It may log an error
     if the failure occurs more than 3 times in a row (this either


Leach, Naik                                             [Page 27]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


     indicates some form of network misconfiguration or a software
     error). The only requests that should appear on this name are
     GetBackupListRequest and HostAnnouncement requests. All other
     datagrams on this name may be ignored (and an error logged). If
     running a NETBIOS name service (NBNS, such as WINS), this name
     should not be registered with the NBNS.

<DOMAIN>(1b)
     This name is used to identify the Domain Master Browser for domain
     "DOMAIN" (which is also the primary domain controller). It is a
     unique name added only by the primary domain controller. The
     primary domain controller will respond to GetBackupListRequest on
     this name just as it responds to these requests on the <DOMAIN>(1d)
     name.


11.2 Registered group names

(01)(02)__MSBROWSE__(02)(01)
     This name is used by Master Browsers to announce themselves to the
     other Master Browsers on a subnet. It is added as a group name by
     all masters browser servers. The only broadcasts that should appear
     on this name is DomainAnnouncement requests. All other datagrams
     can be ignored.

<DOMAIN>(00)
     This name is used by clients and servers in domain "DOMAIN" to
     process server announcements. The only requests that should appear
     on this name that the browser is interested in are
     AnnouncementRequest and NETLOGON_QUERY (to locate the PDC) packets.
     All other unidentifiable requests may be ignored (and an error
     logged).

<DOMAIN>(1e)
     This name is used for announcements to browsers for domain "DOMAIN"
     on a subnet. This name is registered by all the browser servers in
     the domain. The only requests that should appear on this name are
     RequestElection and AnnouncementRequest packets. All other
     datagrams may be ignored (and an error logged).

<DOMAIN>(1c)
     This name is registered by Primary Domain Controllers.


12. Appendix D - Browsing Protocol Evolution

This Appendix details how the Microsoft Browser specification evolved
and correlates the evolution to specific Microsoft products.

The first browser implementation was with Lan Manager 1.0. Here, there
were no browser servers as such. Each client acted as its own browser
server. All servers announced themselves by means of datagrams and every
client and server listened for those datagrams. Obviously, the amount of



Leach, Naik                                             [Page 28]


INTERNET-DRAFT    CIFS/E Browser Protocol        January 10, 1997


browser datagram traffic is fairly high and scales extremely poorly with
an increase in the number of servers.

The next major revision in the browser specification was with Windows
For Workgroups. This is where the concept of a browser server was really
introduced.

Windows NT 3.51 expanded upon what Windows For Workgroups built. Windows
NT 3.51 introduced the special NETBIOS name <Domain>(1b) that is
registered with WINS. Windows NT 3.51 also shipped a new redirector for
Windows For Workgroups that could take advantage of this new
<Domain>(1b) name.

In a domain which spans multiple broadcast areas, it may be necessary to
have a configuration file available that can resolve the address of a
browser server. This is because browsers rely on broadcasts for name
resolution, for historical reasons. But these name resolution broadcast
packets are not forwarded by routers that span the multiple broadcast
areas of a domain. One example of such a configuration file is the
LMHOSTS file on Windows NT machines.




































Leach, Naik                                             [Page 29]