[jcifs] Group name queries.

Christopher R. Hertel crh at ubiqx.mn.org
Wed Jan 21 18:58:57 GMT 2004

On Wed, Jan 21, 2004 at 03:55:04AM -0500, Michael B Allen wrote:
> Christopher R. Hertel said:
> >> > I want to know
> >> > the IPs of all of the nodes that have registered a given name.
> >>
> >> Can't do it.
> >
> > Curious to know at what level the "can't" drops into the works.  I can do
> > what I want in C, so I'm assuming that this is a design conflict.
> It's not really a design conflict, it just was never done.JCIFS never
> needed such a thing.

It would be nice to be able to write something like nbtstat, nmblookup, or 
nbtquery.  That's where I'd like to go with it.

> Also it's a little unorthadox to broadcast a groupname lookup like that. I
> don't think NetBIOS was meant to be used in that way. Is there a procedure
> for it in RFC 1002?

It's not unorthodox at all, I'm 'fraid.  It's done all the time.
Here's a quick look at my home network:

$ nmblookup ubiqx
querying ubiqx on ubiqx<00> ubiqx<00> ubiqx<00> ubiqx<00>

...so nmblookup for my workgroup name returns four IPs.  I don't have an 
NBNS, so this was a broadcast query (as can be seen in the second line).

So, here's the long-winded bit...

When you send a name query (broadcast or unicast to the NBNS) you don't
specify unique or group.  You just ask for the name, and its status as
unique or group is returned in the reply (or replies).

In B mode, if you send a query you expect to get zero, one, or many 
replies.  If you get zero (after three tries) then the assumption is that 
the name is not registered within the B scope.  If you get one reply than 
it may be a unique or group name.  The response will include an indicator 
bit.  Multiple replies *should* represent a group name, but the RFCs have 
a mechanism for resolving conflicts if they crop up (not all systems 
respect this mechanism...which may be a good thing).

In P mode, you always expect one reply to a name query.  The reply may say 
that the name's not registered, or it may return:
1) A unique name with a single IP address
   - Normal stuff
2) A group name with the IP address
   - Microsoft's short-cut.  Sending the limited broadcast address is a
     kludge that basically tells the client to "go fish".  The underlying 
     problem is that Microsoft did a very incomplete job of implementing 
     the Datagram Service.
3) A group name with one or more unicast IP addresses listed
   - As the RFCs intended, but Microsoft's WINS makes it a special case.
     "Internet Group" names are group names with a <1C> suffix (there were
     a few other suffix bytes added to this category with W2K).  For these
     names, WINS will return a list of group name registrants (a list of
4) A unique name with multiple IP addresses
   - A special case for IP multi-homed hosts.  Yes, I've seen it on the 
     wire.  :)

So the upshot is that there are two cases in which you would expect
multiple IPs associated with a single NetBIOS name: group names and
multi-homed hosts.  In B mode you collect the multiple IPs by listening
(within the timeout period) for multiple replies to the query.  In P mode 
you only get multiple IPs if the reply contains multiple IPs.

How you use those IPs is another thing entirely.

Chris -)-----
...who is often surprised by his own verbosity.

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jcifs mailing list