problem with source addresses for remote browser sync

[Eric V. Smith]

I'm running 3.0.10 on FC2.

I posted this today on samba at lists.samba.org, but it occurs to me that 
this might be a more appropriate place, since it's more programmer-y and 
less end-user-y.  The original message is at the end of this one.  It 
contains some specifics about my problem.

But the root of the problem is that when doing a remote browser sync, 
the announcement is done by browse_sync_remote().  It ends up doing a 
send_mailslot(), which ends up using the source address specified by my 
smb.conf "interfaces=" parameter (by way of a call to 
find_subnet_mailslot_fd_for_address()).  This is actually the behavior I 
want.

But when the actual sync is done (as opposed to the announcement), it 
uses sync_child(), in nmbd_synclists.c.  This in turn calls 
cli_session_setup(), etc., which ultimately calls open_socket_out() with 
the address of the machine identified by "remote browse sync".  My 
problem is that this picks a different source address than the 
send_mailslot() call does.  This is confusing my VPN setup (see below), 
because now I have a mixture of internal and external source addresses 
being used; one set for the initial announcement, and the other for the 
actual syncing.

What I'd really like to do is specify an interface and/or address to be 
used for the source address for both the browse sync announcement and 
the actual syncing.  Short of that, I'd like to at least use the same 
source address for the syncing that was chosen for the announcement.

Both of these look like they'll require some surgery to the cli_xxx() 
functions and to open_socket_out(), if nothing else.  I don't mind doing 
this work, but before I do I'd like to find out if anyone here has any 
preference on the best way to do this.  I suspect the easiest thing to 
do is pass a source address (and port?) in to open_socket_out(), and 
bind to it if it's non-NULL or zero or something (INADDR_ANY, maybe). 
Then somehow I'd have to select the address that was used by the 
announce call, which looks like FIRST_SUBNET->myip.  But specifying a 
source address in smb.conf is more flexible, and I can see situations 
where that might be better.  However, doing that seems more invasive, 
since I'd have to do the work to cli_xxx() and to the send_mailslot() code.

Any suggestions or pointers on how best to proceed?

Thanks for your time.  I hope this wasn't too long.

Eric.




---------------------------

I have a network configuration where I have 2 hosts, A and B.  Each has 
a local LAN on which the run Samba, plus they're connected by a VPN.  So 
has A has addresses lanA and wanA, and host B has addresses lanB and 
wanB.  Because of the way the VPN works, they can talk to each other 
either via their LAN addresses (lanA <-> lanB), or their WAN addresses 
(wanA <-> wanB), but not lanA <-> wanB, or lanB <-> wanA.  Each host has 
only their LAN interface in smb.conf, and has "bind interfaces only = 
yes".  Everything relating to smbd works great.

I'm trying to set up host A as a domain master browser, and host B as a 
local master browser.  This works fine, until they try to sync the 
browse list.  They register with each other correctly because 
nmbd/nmbd_sendannounce.c's browse_sync_remote is binding to the LAN address:

send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
               global_myname(), 0x0, "*", 0x0, addr, FIRST_SUBNET->myip, 
DGRAM_PORT);

So I have "remote browse sync" set to the other hosts's LAN address, 
because the source address must local host's LAN address 
(FIRST_SUBNET->myip).  I've verified that each host sees the other's 
browse sync request.

So that's all well and good, but the actual sync happens in 
nmbd_synclists.c's sync_child().  It isn't doing any bind() or anything 
to set the source address, so it is sending data from wanA to lanB, but 
that doesn't work in my case.

Is there any way to control the source address that sync_child() uses? 
Any other suggestions?