[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.
[sfrench/samba-autobuild/.git] / source3 / nmbd / nmbd_packets.c
1 /* 
2    Unix SMB/CIFS implementation.
3    NBT netbios routines and daemon - version 2
4    Copyright (C) Andrew Tridgell 1994-1998
5    Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6    Copyright (C) Jeremy Allison 1994-2003
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20    
21 */
22
23 #include "includes.h"
24
25 extern int ClientNMB;
26 extern int ClientDGRAM;
27 extern int global_nmb_port;
28
29 extern int num_response_packets;
30
31 extern struct in_addr loopback_ip;
32
33 static void queue_packet(struct packet_struct *packet);
34
35 BOOL rescan_listen_set = False;
36
37
38 /*******************************************************************
39   The global packet linked-list. Incoming entries are 
40   added to the end of this list. It is supposed to remain fairly 
41   short so we won't bother with an end pointer.
42 ******************************************************************/
43
44 static struct packet_struct *packet_queue = NULL;
45
46 /***************************************************************************
47 Utility function to find the specific fd to send a packet out on.
48 **************************************************************************/
49
50 static int find_subnet_fd_for_address( struct in_addr local_ip )
51 {
52         struct subnet_record *subrec;
53
54         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
55                 if(ip_equal(local_ip, subrec->myip))
56                         return subrec->nmb_sock;
57
58         return ClientNMB;
59 }
60
61 /***************************************************************************
62 Utility function to find the specific fd to send a mailslot packet out on.
63 **************************************************************************/
64
65 static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip )
66 {
67         struct subnet_record *subrec;
68
69         for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
70                 if(ip_equal(local_ip, subrec->myip))
71                         return subrec->dgram_sock;
72
73         return ClientDGRAM;
74 }
75
76 /***************************************************************************
77 Get/Set problematic nb_flags as network byte order 16 bit int.
78 **************************************************************************/
79
80 uint16 get_nb_flags(char *buf)
81 {
82         return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK);
83 }
84
85 void set_nb_flags(char *buf, uint16 nb_flags)
86 {
87         *buf++ = ((nb_flags & NB_FLGMSK) & 0xFF);
88         *buf = '\0';
89 }
90
91 /***************************************************************************
92 Dumps out the browse packet data.
93 **************************************************************************/
94
95 static void debug_browse_data(char *outbuf, int len)
96 {
97         int i,j;
98
99         DEBUG( 4, ( "debug_browse_data():\n" ) );
100         for (i = 0; i < len; i+= 16) {
101                 DEBUGADD( 4, ( "%3x char ", i ) );
102
103                 for (j = 0; j < 16; j++) {
104                         unsigned char x;
105                         if (i+j >= len)
106                                 break;
107
108                         x = outbuf[i+j];
109                         if (x < 32 || x > 127) 
110                                 x = '.';
111             
112                         DEBUGADD( 4, ( "%c", x ) );
113                 }
114
115                 DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
116
117                 for (j = 0; j < 16; j++) {
118                         if (i+j >= len) 
119                                 break;
120                         DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
121                 }
122
123                 DEBUGADD( 4, ("\n") );
124         }
125 }
126
127 /***************************************************************************
128   Generates the unique transaction identifier
129 **************************************************************************/
130
131 static uint16 name_trn_id=0;
132
133 static uint16 generate_name_trn_id(void)
134 {
135         if (!name_trn_id) {
136                 name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
137         }
138         name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
139         return name_trn_id;
140 }
141
142 /***************************************************************************
143  Either loops back or sends out a completed NetBIOS packet.
144 **************************************************************************/
145
146 static BOOL send_netbios_packet(struct packet_struct *p)
147 {
148         BOOL loopback_this_packet = False;
149
150         /* Check if we are sending to or from ourselves as a WINS server. */
151         if(ismyip(p->ip) && (p->port == global_nmb_port))
152                 loopback_this_packet = True;
153
154         if(loopback_this_packet) {
155                 struct packet_struct *lo_packet = NULL;
156                 DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n"));
157                 if((lo_packet = copy_packet(p)) == NULL)
158                         return False;
159                 queue_packet(lo_packet);
160         } else if (!send_packet(p)) {
161                 DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n",
162                         inet_ntoa(p->ip),p->port));
163                 return False;
164         }
165   
166         return True;
167
168
169 /***************************************************************************
170  Sets up the common elements of an outgoing NetBIOS packet.
171
172  Note: do not attempt to rationalise whether rec_des should be set or not
173  in a particular situation. Just follow rfc_1002 or look at examples from WinXX.
174  It does NOT follow the rule that requests to the wins server always have
175  rec_des true. See for example name releases and refreshes
176 **************************************************************************/
177
178 static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname,
179                                                             BOOL bcast, BOOL rec_des,
180                                                             struct in_addr to_ip)
181 {
182         struct packet_struct *packet = NULL;
183         struct nmb_packet *nmb = NULL;
184
185         /* Allocate the packet_struct we will return. */
186         if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) {
187                 DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
188                 return NULL;
189         }
190     
191         memset((char *)packet,'\0',sizeof(*packet));
192
193         nmb = &packet->packet.nmb;
194
195         nmb->header.name_trn_id = generate_name_trn_id();
196         nmb->header.response = False;
197         nmb->header.nm_flags.recursion_desired = rec_des;
198         nmb->header.nm_flags.recursion_available = False;
199         nmb->header.nm_flags.trunc = False;
200         nmb->header.nm_flags.authoritative = False;
201         nmb->header.nm_flags.bcast = bcast;
202   
203         nmb->header.rcode = 0;
204         nmb->header.qdcount = 1;
205         nmb->header.ancount = 0;
206         nmb->header.nscount = 0;
207
208         nmb->question.question_name = *nmbname;
209         nmb->question.question_type = QUESTION_TYPE_NB_QUERY;
210         nmb->question.question_class = QUESTION_CLASS_IN;
211
212         packet->ip = to_ip;
213         packet->port = NMB_PORT;
214         packet->fd = ClientNMB;
215         packet->timestamp = time(NULL);
216         packet->packet_type = NMB_PACKET;
217         packet->locked = False;
218   
219         return packet; /* Caller must free. */
220 }
221
222 /***************************************************************************
223  Sets up the common elements of register, refresh or release packet.
224 **************************************************************************/
225
226 static BOOL create_and_init_additional_record(struct packet_struct *packet,
227                                                      uint16 nb_flags,
228                                                      struct in_addr *register_ip)
229 {
230         struct nmb_packet *nmb = &packet->packet.nmb;
231
232         if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
233                 DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
234                 return False;
235         }
236
237         memset((char *)nmb->additional,'\0',sizeof(struct res_rec));
238
239         nmb->additional->rr_name  = nmb->question.question_name;
240         nmb->additional->rr_type  = RR_TYPE_NB;
241         nmb->additional->rr_class = RR_CLASS_IN;
242         
243         /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
244         if (nmb->header.nm_flags.bcast)
245                 nmb->additional->ttl = PERMANENT_TTL;
246         else
247                 nmb->additional->ttl = lp_max_ttl();
248         
249         nmb->additional->rdlength = 6;
250         
251         set_nb_flags(nmb->additional->rdata,nb_flags);
252         
253         /* Set the address for the name we are registering. */
254         putip(&nmb->additional->rdata[2], register_ip);
255         
256         /* 
257            it turns out that Jeremys code was correct, we are supposed
258            to send registrations from the IP we are registering. The
259            trick is what to do on timeouts! When we send on a
260            non-routable IP then the reply will timeout, and we should
261            treat this as success, not failure. That means we go into
262            our standard refresh cycle for that name which copes nicely
263            with disconnected networks.
264         */
265         packet->fd = find_subnet_fd_for_address(*register_ip);
266
267         return True;
268 }
269
270 /***************************************************************************
271  Sends out a name query.
272 **************************************************************************/
273
274 static BOOL initiate_name_query_packet( struct packet_struct *packet)
275 {
276         struct nmb_packet *nmb = NULL;
277
278         nmb = &packet->packet.nmb;
279
280         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
281         nmb->header.arcount = 0;
282
283         nmb->header.nm_flags.recursion_desired = True;
284
285         DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n",
286                 nmb_namestr(&nmb->question.question_name), 
287                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
288
289         return send_netbios_packet( packet );
290 }
291
292 /***************************************************************************
293  Sends out a name query - from a WINS server. 
294 **************************************************************************/
295
296 static BOOL initiate_name_query_packet_from_wins_server( struct packet_struct *packet)
297 {   
298         struct nmb_packet *nmb = NULL;
299   
300         nmb = &packet->packet.nmb;
301
302         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
303         nmb->header.arcount = 0;
304     
305         nmb->header.nm_flags.recursion_desired = False;
306   
307         DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n",
308                 nmb_namestr(&nmb->question.question_name),
309                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
310     
311         return send_netbios_packet( packet );
312
313
314 /***************************************************************************
315  Sends out a name register.
316 **************************************************************************/
317
318 static BOOL initiate_name_register_packet( struct packet_struct *packet,
319                                     uint16 nb_flags, struct in_addr *register_ip)
320 {
321         struct nmb_packet *nmb = &packet->packet.nmb;
322
323         nmb->header.opcode = NMB_NAME_REG_OPCODE;
324         nmb->header.arcount = 1;
325
326         nmb->header.nm_flags.recursion_desired = True;
327
328         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
329                 return False;
330
331         DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n",
332                 nmb_namestr(&nmb->additional->rr_name),
333                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
334
335         return send_netbios_packet( packet );
336 }
337
338 /***************************************************************************
339  Sends out a multihomed name register.
340 **************************************************************************/
341
342 static BOOL initiate_multihomed_name_register_packet(struct packet_struct *packet,
343                                                      uint16 nb_flags, struct in_addr *register_ip)
344 {
345         struct nmb_packet *nmb = &packet->packet.nmb;
346         fstring second_ip_buf;
347
348         fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
349
350         nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
351         nmb->header.arcount = 1;
352
353         nmb->header.nm_flags.recursion_desired = True;
354         
355         if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
356                 return False;
357         
358         DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \
359 for name %s IP %s (bcast=%s) to IP %s\n",
360                  nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip),
361                  BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf ));
362
363         return send_netbios_packet( packet );
364
365
366 /***************************************************************************
367  Sends out a name refresh.
368 **************************************************************************/
369
370 static BOOL initiate_name_refresh_packet( struct packet_struct *packet,
371                                    uint16 nb_flags, struct in_addr *refresh_ip)
372 {
373         struct nmb_packet *nmb = &packet->packet.nmb;
374
375         nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8;
376         nmb->header.arcount = 1;
377
378         nmb->header.nm_flags.recursion_desired = False;
379
380         if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False)
381                 return False;
382
383         DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n",
384                 nmb_namestr(&nmb->additional->rr_name),
385                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
386
387         return send_netbios_packet( packet );
388
389
390 /***************************************************************************
391  Sends out a name release.
392 **************************************************************************/
393
394 static BOOL initiate_name_release_packet( struct packet_struct *packet,
395                                    uint16 nb_flags, struct in_addr *release_ip)
396 {
397         struct nmb_packet *nmb = &packet->packet.nmb;
398
399         nmb->header.opcode = NMB_NAME_RELEASE_OPCODE;
400         nmb->header.arcount = 1;
401
402         nmb->header.nm_flags.recursion_desired = False;
403
404         if(create_and_init_additional_record(packet, nb_flags, release_ip) == False)
405                 return False;
406
407         DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n",
408                 nmb_namestr(&nmb->additional->rr_name),
409                 BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
410
411         return send_netbios_packet( packet );
412
413
414 /***************************************************************************
415  Sends out a node status.
416 **************************************************************************/
417
418 static BOOL initiate_node_status_packet( struct packet_struct *packet )
419 {
420         struct nmb_packet *nmb = &packet->packet.nmb;
421
422         nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
423         nmb->header.arcount = 0;
424
425         nmb->header.nm_flags.recursion_desired = False;
426
427         nmb->question.question_type = QUESTION_TYPE_NB_STATUS;
428
429         DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n",
430                 nmb_namestr(&nmb->question.question_name),
431                 inet_ntoa(packet->ip)));
432
433         return send_netbios_packet( packet );
434 }
435
436 /****************************************************************************
437   Simplification functions for queuing standard packets.
438   These should be the only publicly callable functions for sending
439   out packets.
440 ****************************************************************************/
441
442 /****************************************************************************
443  Assertion - we should never be sending nmbd packets on the remote
444  broadcast subnet.
445 ****************************************************************************/
446
447 static BOOL assert_check_subnet(struct subnet_record *subrec)
448 {
449         if( subrec == remote_broadcast_subnet) {
450                 DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \
451 This is a bug.\n"));
452                 return True;
453         }
454         return False;
455 }
456
457 /****************************************************************************
458  Queue a register name packet to the broadcast address of a subnet.
459 ****************************************************************************/
460
461 struct response_record *queue_register_name( struct subnet_record *subrec,
462                           response_function resp_fn,
463                           timeout_response_function timeout_fn,
464                           register_name_success_function success_fn,
465                           register_name_fail_function fail_fn,
466                           struct userdata_struct *userdata,
467                           struct nmb_name *nmbname,
468                           uint16 nb_flags)
469 {
470         struct packet_struct *p;
471         struct response_record *rrec;
472
473         if(assert_check_subnet(subrec))
474                 return NULL;
475
476         /* note that all name registration requests have RD set (rfc1002 - section 4.2.2 */
477         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True,
478                                 subrec->bcast_ip)) == NULL)
479                 return NULL;
480
481         if(initiate_name_register_packet( p, nb_flags, iface_ip(subrec->bcast_ip)) == False) {
482                 p->locked = False;
483                 free_packet(p);
484                 return NULL;
485         }
486
487         if((rrec = make_response_record(subrec,        /* subnet record. */
488                                 p,                     /* packet we sent. */
489                                 resp_fn,               /* function to call on response. */
490                                 timeout_fn,            /* function to call on timeout. */
491                                 (success_function)success_fn,            /* function to call on operation success. */
492                                 (fail_function)fail_fn,               /* function to call on operation fail. */
493                                 userdata)) == NULL)  {
494                 p->locked = False;
495                 free_packet(p);
496                 return NULL;
497         }
498
499         return rrec;
500 }
501
502 /****************************************************************************
503  Queue a refresh name packet to the broadcast address of a subnet.
504 ****************************************************************************/
505
506 void queue_wins_refresh(struct nmb_name *nmbname,
507                         response_function resp_fn,
508                         timeout_response_function timeout_fn,
509                         uint16 nb_flags,
510                         struct in_addr refresh_ip,
511                         const char *tag)
512 {
513         struct packet_struct *p;
514         struct response_record *rrec;
515         struct in_addr wins_ip;
516         struct userdata_struct *userdata;
517         fstring ip_str;
518
519         wins_ip = wins_srv_ip_tag(tag, refresh_ip);
520
521         if ((p = create_and_init_netbios_packet(nmbname, False, False, wins_ip)) == NULL) {
522                 return;
523         }
524
525         if (!initiate_name_refresh_packet(p, nb_flags, &refresh_ip)) {
526                 p->locked = False;
527                 free_packet(p);
528                 return;
529         }
530
531         fstrcpy(ip_str, inet_ntoa(refresh_ip));
532
533         DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
534                  nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
535
536         userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
537         if (!userdata) {
538                 p->locked = False;
539                 free_packet(p);
540                 DEBUG(0,("Failed to allocate userdata structure!\n"));
541                 return;
542         }
543         ZERO_STRUCTP(userdata);
544         userdata->userdata_len = strlen(tag) + 1;
545         strlcpy(userdata->data, tag, userdata->userdata_len);   
546
547         if ((rrec = make_response_record(unicast_subnet,
548                                          p,
549                                          resp_fn, timeout_fn,
550                                          NULL,
551                                          NULL,
552                                          userdata)) == NULL) {
553                 p->locked = False;
554                 free_packet(p);
555                 return;
556         }
557
558         free(userdata);
559
560         /* we don't want to repeat refresh packets */
561         rrec->repeat_count = 0;
562 }
563
564
565 /****************************************************************************
566  Queue a multihomed register name packet to a given WINS server IP
567 ****************************************************************************/
568
569 struct response_record *queue_register_multihomed_name( struct subnet_record *subrec,
570                                                         response_function resp_fn,
571                                                         timeout_response_function timeout_fn,
572                                                         register_name_success_function success_fn,
573                                                         register_name_fail_function fail_fn,
574                                                         struct userdata_struct *userdata,
575                                                         struct nmb_name *nmbname,
576                                                         uint16 nb_flags,
577                                                         struct in_addr register_ip,
578                                                         struct in_addr wins_ip)
579 {
580         struct packet_struct *p;
581         struct response_record *rrec;
582         BOOL ret;
583         
584         /* Sanity check. */
585         if(subrec != unicast_subnet) {
586                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
587 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
588                 return NULL;
589         }
590
591         if(assert_check_subnet(subrec))
592                 return NULL;
593      
594         if ((p = create_and_init_netbios_packet(nmbname, False, True, wins_ip)) == NULL)
595                 return NULL;
596
597         if (nb_flags & NB_GROUP)
598                 ret = initiate_name_register_packet( p, nb_flags, &register_ip);
599         else
600                 ret = initiate_multihomed_name_register_packet(p, nb_flags, &register_ip);
601
602         if (ret == False) {  
603                 p->locked = False;
604                 free_packet(p);
605                 return NULL;
606         }  
607   
608         if ((rrec = make_response_record(subrec,    /* subnet record. */
609                                          p,                     /* packet we sent. */
610                                          resp_fn,               /* function to call on response. */
611                                          timeout_fn,            /* function to call on timeout. */
612                                          (success_function)success_fn, /* function to call on operation success. */
613                                          (fail_function)fail_fn,       /* function to call on operation fail. */
614                                          userdata)) == NULL) {  
615                 p->locked = False;
616                 free_packet(p);
617                 return NULL;
618         }  
619         
620         return rrec;
621 }
622
623 /****************************************************************************
624  Queue a release name packet to the broadcast address of a subnet.
625 ****************************************************************************/
626
627 struct response_record *queue_release_name( struct subnet_record *subrec,
628                                             response_function resp_fn,
629                                             timeout_response_function timeout_fn,
630                                             release_name_success_function success_fn,
631                                             release_name_fail_function fail_fn,
632                                             struct userdata_struct *userdata,
633                                             struct nmb_name *nmbname,
634                                             uint16 nb_flags,
635                                             struct in_addr release_ip,
636                                             struct in_addr dest_ip)
637 {
638         struct packet_struct *p;
639         struct response_record *rrec;
640
641         if(assert_check_subnet(subrec))
642                 return NULL;
643
644         if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False, dest_ip)) == NULL)
645                 return NULL;
646
647         if(initiate_name_release_packet( p, nb_flags, &release_ip) == False) {
648                 p->locked = False;
649                 free_packet(p);
650                 return NULL;
651         }
652
653         if((rrec = make_response_record(subrec,                /* subnet record. */
654                                         p,                     /* packet we sent. */
655                                         resp_fn,               /* function to call on response. */
656                                         timeout_fn,            /* function to call on timeout. */
657                                         (success_function)success_fn,            /* function to call on operation success. */
658                                         (fail_function)fail_fn,               /* function to call on operation fail. */
659                                         userdata)) == NULL)  {
660                 p->locked = False;
661                 free_packet(p);
662                 return NULL;
663         }
664
665         /*
666          * For a broadcast release packet, only send once.
667          * This will cause us to remove the name asap. JRA.
668          */
669
670         if (subrec != unicast_subnet) {
671                 rrec->repeat_count = 0;
672                 rrec->repeat_time = 0;
673         }
674
675         return rrec;
676 }
677
678 /****************************************************************************
679  Queue a query name packet to the broadcast address of a subnet.
680 ****************************************************************************/
681  
682 struct response_record *queue_query_name( struct subnet_record *subrec,
683                           response_function resp_fn,
684                           timeout_response_function timeout_fn,
685                           query_name_success_function success_fn,
686                           query_name_fail_function fail_fn,
687                           struct userdata_struct *userdata,
688                           struct nmb_name *nmbname)
689 {
690         struct packet_struct *p;
691         struct response_record *rrec;
692         struct in_addr to_ip;
693
694         if(assert_check_subnet(subrec))
695                 return NULL;
696
697         to_ip = subrec->bcast_ip;
698   
699         /* queries to the WINS server turn up here as queries to IP 0.0.0.0 
700                         These need to be handled a bit differently */
701         if (subrec->type == UNICAST_SUBNET && is_zero_ip(to_ip)) {
702                 /* What we really need to do is loop over each of our wins
703                  * servers and wins server tags here, but that just doesn't
704                  * fit our architecture at the moment (userdata may already
705                  * be used when we get here). For now we just query the first
706                  * active wins server on the first tag.
707                  */ 
708                 char **tags = wins_srv_tags();
709                 if (!tags) {
710                         return NULL;
711                 }
712                 to_ip = wins_srv_ip_tag(tags[0], to_ip);
713                 wins_srv_tags_free(tags);
714         }
715
716         if(( p = create_and_init_netbios_packet(nmbname, 
717                                         (subrec != unicast_subnet), 
718                                         (subrec == unicast_subnet), 
719                                         to_ip)) == NULL)
720                 return NULL;
721
722         if(lp_bind_interfaces_only()) {
723                 int i;
724
725                 DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n"));
726                 for(i = 0; i < iface_count(); i++) {
727                         struct in_addr *ifip = iface_n_ip(i);
728
729                         if(ifip == NULL) {
730                                 DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i));
731                                 continue;
732                         }
733
734                         if (ip_equal(*ifip,loopback_ip)) {
735                                 DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i));
736                                 continue;
737                         }
738
739                         DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip)));
740                                 p->fd = find_subnet_fd_for_address( *ifip );
741                                 break;
742                 }
743         }
744
745         if(initiate_name_query_packet( p ) == False) {
746                 p->locked = False;
747                 free_packet(p);
748                 return NULL;
749         }
750
751         if((rrec = make_response_record(subrec,                /* subnet record. */
752                                         p,                     /* packet we sent. */
753                                         resp_fn,               /* function to call on response. */
754                                         timeout_fn,            /* function to call on timeout. */
755                                         (success_function)success_fn,            /* function to call on operation success. */
756                                         (fail_function)fail_fn,               /* function to call on operation fail. */
757                                         userdata)) == NULL) {
758                 p->locked = False;
759                 free_packet(p);
760                 return NULL;
761         }
762
763         return rrec;
764 }
765
766 /****************************************************************************
767  Queue a query name packet to a given address from the WINS subnet.
768 ****************************************************************************/
769
770 struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip,
771                           response_function resp_fn,
772                           timeout_response_function timeout_fn,
773                           query_name_success_function success_fn,
774                           query_name_fail_function fail_fn,
775                           struct userdata_struct *userdata,
776                           struct nmb_name *nmbname)
777 {
778         struct packet_struct *p;
779         struct response_record *rrec;
780
781         if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL)
782                 return NULL;
783
784         if(initiate_name_query_packet_from_wins_server( p ) == False) {
785                 p->locked = False;
786                 free_packet(p);
787                 return NULL;
788         }
789
790         if((rrec = make_response_record(wins_server_subnet,            /* subnet record. */
791                                                 p,                     /* packet we sent. */
792                                                 resp_fn,               /* function to call on response. */
793                                                 timeout_fn,            /* function to call on timeout. */
794                                                 (success_function)success_fn,            /* function to call on operation success. */
795                                                 (fail_function)fail_fn,               /* function to call on operation fail. */
796                                                 userdata)) == NULL) {
797                 p->locked = False;
798                 free_packet(p);
799                 return NULL;
800         }
801
802         return rrec;
803 }
804
805 /****************************************************************************
806  Queue a node status packet to a given name and address.
807 ****************************************************************************/
808
809 struct response_record *queue_node_status( struct subnet_record *subrec,
810                           response_function resp_fn,
811                           timeout_response_function timeout_fn,
812                           node_status_success_function success_fn,
813                           node_status_fail_function fail_fn,
814                           struct userdata_struct *userdata,
815                           struct nmb_name *nmbname,
816                           struct in_addr send_ip)
817 {
818         struct packet_struct *p;
819         struct response_record *rrec;
820
821         /* Sanity check. */
822         if(subrec != unicast_subnet) {
823                 DEBUG(0,("queue_register_multihomed_name: should only be done on \
824 unicast subnet. subnet is %s\n.", subrec->subnet_name ));
825                 return NULL;
826         }
827
828         if(assert_check_subnet(subrec))
829                 return NULL;
830
831         if(( p = create_and_init_netbios_packet(nmbname, False, False, send_ip)) == NULL)
832                 return NULL;
833
834         if(initiate_node_status_packet(p) == False) {
835                 p->locked = False;
836                 free_packet(p);
837                 return NULL;
838         }
839
840         if((rrec = make_response_record(subrec,           /* subnet record. */
841                                         p,                     /* packet we sent. */
842                                         resp_fn,               /* function to call on response. */
843                                         timeout_fn,            /* function to call on timeout. */
844                                         (success_function)success_fn,            /* function to call on operation success. */
845                                         (fail_function)fail_fn,               /* function to call on operation fail. */
846                                         userdata)) == NULL) {
847                 p->locked = False;
848                 free_packet(p);
849                 return NULL;
850         }
851
852         return rrec;
853 }
854
855 /****************************************************************************
856   Reply to a netbios name packet.  see rfc1002.txt
857 ****************************************************************************/
858
859 void reply_netbios_packet(struct packet_struct *orig_packet,
860                           int rcode, enum netbios_reply_type_code rcv_code, int opcode,
861                           int ttl, char *data,int len)
862 {
863         struct packet_struct packet;
864         struct nmb_packet *nmb = NULL;
865         struct res_rec answers;
866         struct nmb_packet *orig_nmb = &orig_packet->packet.nmb;
867         BOOL loopback_this_packet = False;
868         int rr_type = RR_TYPE_NB;
869         const char *packet_type = "unknown";
870
871         /* Check if we are sending to or from ourselves. */
872         if(ismyip(orig_packet->ip) && (orig_packet->port == global_nmb_port))
873                 loopback_this_packet = True;
874
875         nmb = &packet.packet.nmb;
876
877         /* Do a partial copy of the packet. We clear the locked flag and
878                         the resource record pointers. */
879         packet = *orig_packet;   /* Full structure copy. */
880         packet.locked = False;
881         nmb->answers = NULL;
882         nmb->nsrecs = NULL;
883         nmb->additional = NULL;
884
885         switch (rcv_code) {
886                 case NMB_STATUS:
887                         packet_type = "nmb_status";
888                         nmb->header.nm_flags.recursion_desired = False;
889                         nmb->header.nm_flags.recursion_available = False;
890                         rr_type = RR_TYPE_NBSTAT;
891                         break;
892                 case NMB_QUERY:
893                         packet_type = "nmb_query";
894                         nmb->header.nm_flags.recursion_desired = True;
895                         nmb->header.nm_flags.recursion_available = True;
896                         if (rcode) {
897                                 rr_type = RR_TYPE_NULL;
898                         }
899                         break;
900                 case NMB_REG:
901                 case NMB_REG_REFRESH:
902                         packet_type = "nmb_reg";
903                         nmb->header.nm_flags.recursion_desired = True;
904                         nmb->header.nm_flags.recursion_available = True;
905                         break;
906                 case NMB_REL:
907                         packet_type = "nmb_rel";
908                         nmb->header.nm_flags.recursion_desired = False;
909                         nmb->header.nm_flags.recursion_available = False;
910                         break;
911                 case NMB_WAIT_ACK:
912                         packet_type = "nmb_wack";
913                         nmb->header.nm_flags.recursion_desired = False;
914                         nmb->header.nm_flags.recursion_available = False;
915                         rr_type = RR_TYPE_NULL;
916                         break;
917                 case WINS_REG:
918                         packet_type = "wins_reg";
919                         nmb->header.nm_flags.recursion_desired = True;
920                         nmb->header.nm_flags.recursion_available = True;
921                         break;
922                 case WINS_QUERY:
923                         packet_type = "wins_query";
924                         nmb->header.nm_flags.recursion_desired = True;
925                         nmb->header.nm_flags.recursion_available = True;
926                         if (rcode) {
927                                 rr_type = RR_TYPE_NULL;
928                         }
929                         break;
930                 default:
931                         DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n",
932                                 packet_type, nmb_namestr(&orig_nmb->question.question_name),
933                                 inet_ntoa(packet.ip)));
934                         return;
935         }
936
937         DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \
938 for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
939                         inet_ntoa(packet.ip), orig_nmb->header.name_trn_id));
940
941         nmb->header.name_trn_id = orig_nmb->header.name_trn_id;
942         nmb->header.opcode = opcode;
943         nmb->header.response = True;
944         nmb->header.nm_flags.bcast = False;
945         nmb->header.nm_flags.trunc = False;
946         nmb->header.nm_flags.authoritative = True;
947
948         nmb->header.rcode = rcode;
949         nmb->header.qdcount = 0;
950         nmb->header.ancount = 1;
951         nmb->header.nscount = 0;
952         nmb->header.arcount = 0;
953
954         memset((char*)&nmb->question,'\0',sizeof(nmb->question));
955
956         nmb->answers = &answers;
957         memset((char*)nmb->answers,'\0',sizeof(*nmb->answers));
958
959         nmb->answers->rr_name  = orig_nmb->question.question_name;
960         nmb->answers->rr_type  = rr_type;
961         nmb->answers->rr_class = RR_CLASS_IN;
962         nmb->answers->ttl      = ttl;
963
964         if (data && len) {
965                 nmb->answers->rdlength = len;
966                 memcpy(nmb->answers->rdata, data, len);
967         }
968
969         packet.packet_type = NMB_PACKET;
970         /* Ensure we send out on the same fd that the original
971                 packet came in on to give the correct source IP address. */
972         packet.fd = orig_packet->fd;
973         packet.timestamp = time(NULL);
974
975         debug_nmb_packet(&packet);
976
977         if(loopback_this_packet) {
978                 struct packet_struct *lo_packet;
979                 DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n"));
980                 if((lo_packet = copy_packet(&packet)) == NULL)
981                         return;
982                 queue_packet(lo_packet);
983         } else if (!send_packet(&packet)) {
984                 DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n",
985                         inet_ntoa(packet.ip),packet.port));
986         }
987 }
988
989 /*******************************************************************
990   Queue a packet into a packet queue
991 ******************************************************************/
992
993 static void queue_packet(struct packet_struct *packet)
994 {
995         struct packet_struct *p;
996
997         if (!packet_queue) {
998                 packet->prev = NULL;
999                 packet->next = NULL;
1000                 packet_queue = packet;
1001                 return;
1002         }
1003
1004         /* find the bottom */
1005         for (p=packet_queue;p->next;p=p->next)
1006                 ;
1007
1008         p->next = packet;
1009         packet->next = NULL;
1010         packet->prev = p;
1011 }
1012
1013 /****************************************************************************
1014  Try and find a matching subnet record for a datagram port 138 packet.
1015 ****************************************************************************/
1016
1017 static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p)
1018 {
1019         struct subnet_record *subrec;
1020
1021         /* Go through all the broadcast subnets and see if the mask matches. */
1022         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1023                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1024                         return subrec;
1025         }
1026
1027         /* If the subnet record is the remote announce broadcast subnet,
1028                 hack it here to be the first subnet. This is really gross and
1029                 is needed due to people turning on port 137/138 broadcast
1030                 forwarding on their routers. May fire and brimstone rain
1031                 down upon them...
1032         */
1033
1034         return FIRST_SUBNET;
1035 }
1036
1037 /****************************************************************************
1038 Dispatch a browse frame from port 138 to the correct processing function.
1039 ****************************************************************************/
1040
1041 static void process_browse_packet(struct packet_struct *p, char *buf,int len)
1042 {
1043         struct dgram_packet *dgram = &p->packet.dgram;
1044         int command = CVAL(buf,0);
1045         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1046         char scope[64];
1047         unstring src_name;
1048
1049         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1050         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1051         if (!strequal(scope, global_scope())) {
1052                 DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \
1053 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1054                 return;
1055         }
1056
1057         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1058         if (is_myname(src_name)) {
1059                 DEBUG(0,("process_browse_packet: Discarding datagram from IP %s. Source name \
1060 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1061                 return;
1062         }
1063
1064         switch (command) {
1065                 case ANN_HostAnnouncement:
1066                         debug_browse_data(buf, len);
1067                         process_host_announce(subrec, p, buf+1);
1068                         break;
1069                 case ANN_DomainAnnouncement:
1070                         debug_browse_data(buf, len);
1071                         process_workgroup_announce(subrec, p, buf+1);
1072                         break;
1073                 case ANN_LocalMasterAnnouncement:
1074                         debug_browse_data(buf, len);
1075                         process_local_master_announce(subrec, p, buf+1);
1076                         break;
1077                 case ANN_AnnouncementRequest:
1078                         debug_browse_data(buf, len);
1079                         process_announce_request(subrec, p, buf+1);
1080                         break;
1081                 case ANN_Election:
1082                         debug_browse_data(buf, len);
1083                         process_election(subrec, p, buf+1);
1084                         break;
1085                 case ANN_GetBackupListReq:
1086                         debug_browse_data(buf, len);
1087                         process_get_backup_list_request(subrec, p, buf+1);
1088                         break;
1089                 case ANN_GetBackupListResp:
1090                         debug_browse_data(buf, len);
1091                         /* We never send ANN_GetBackupListReq so we should never get these. */
1092                         DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
1093 packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
1094                         break;
1095                 case ANN_ResetBrowserState:
1096                         debug_browse_data(buf, len);
1097                         process_reset_browser(subrec, p, buf+1);
1098                         break;
1099                 case ANN_MasterAnnouncement:
1100                         /* Master browser datagrams must be processed on the unicast subnet. */
1101                         subrec = unicast_subnet;
1102
1103                         debug_browse_data(buf, len);
1104                         process_master_browser_announce(subrec, p, buf+1);
1105                         break;
1106                 case ANN_BecomeBackup:
1107                         /*
1108                          * We don't currently implement this. Log it just in case.
1109                          */
1110                         debug_browse_data(buf, len);
1111                         DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
1112 command ANN_BecomeBackup from %s IP %s to %s\n", subrec->subnet_name, nmb_namestr(&dgram->source_name),
1113                                         inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1114                         break;
1115                 default:
1116                         debug_browse_data(buf, len);
1117                         DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
1118 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1119                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1120                         break;
1121         }
1122 }
1123
1124 /****************************************************************************
1125  Dispatch a LanMan browse frame from port 138 to the correct processing function.
1126 ****************************************************************************/
1127
1128 static void process_lanman_packet(struct packet_struct *p, char *buf,int len)
1129 {
1130         struct dgram_packet *dgram = &p->packet.dgram;
1131         int command = SVAL(buf,0);
1132         struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
1133         char scope[64];
1134         unstring src_name;
1135
1136         /* Drop the packet if it's a different NetBIOS scope, or the source is from one of our names. */
1137
1138         pull_ascii(scope, dgram->dest_name.scope, 64, 64, STR_TERMINATE);
1139         if (!strequal(scope, global_scope())) {
1140                 DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \
1141 mismatch with our scope (%s).\n", inet_ntoa(p->ip), scope, global_scope()));
1142                 return;
1143         }
1144
1145         pull_ascii_nstring(src_name, sizeof(src_name), dgram->source_name.name);
1146         if (is_myname(src_name)) {
1147                 DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \
1148 %s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
1149                 return;
1150         }
1151
1152         switch (command) {
1153                 case ANN_HostAnnouncement:
1154                         debug_browse_data(buf, len);
1155                         process_lm_host_announce(subrec, p, buf+1, len > 1 ? len-1 : 0);
1156                         break;
1157                 case ANN_AnnouncementRequest:
1158                         process_lm_announce_request(subrec, p, buf+1, len > 1 ? len-1 : 0);
1159                         break;
1160                 default:
1161                         DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \
1162 command code %d from %s IP %s to %s\n", subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
1163                                 inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
1164                         break;
1165         }
1166 }
1167
1168 /****************************************************************************
1169   Determine if a packet is for us on port 138. Note that to have any chance of
1170   being efficient we need to drop as many packets as possible at this
1171   stage as subsequent processing is expensive. 
1172 ****************************************************************************/
1173
1174 static BOOL listening(struct packet_struct *p,struct nmb_name *nbname)
1175 {
1176         struct subnet_record *subrec = NULL;
1177
1178         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1179                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1180                         break;
1181         }
1182
1183         if(subrec == NULL)
1184                 subrec = unicast_subnet;
1185
1186         return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL);
1187 }
1188
1189 /****************************************************************************
1190   Process udp 138 datagrams
1191 ****************************************************************************/
1192
1193 static void process_dgram(struct packet_struct *p)
1194 {
1195         char *buf;
1196         char *buf2;
1197         int len;
1198         struct dgram_packet *dgram = &p->packet.dgram;
1199
1200         /* If we aren't listening to the destination name then ignore the packet */
1201         if (!listening(p,&dgram->dest_name)) {
1202                         unexpected_packet(p);
1203                         DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n",
1204                                 nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip)));
1205                         return;
1206         }
1207
1208         if (dgram->header.msg_type != 0x10 && dgram->header.msg_type != 0x11 && dgram->header.msg_type != 0x12) {
1209                 unexpected_packet(p);
1210                 /* Don't process error packets etc yet */
1211                 DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \
1212 an error packet of type %x\n", nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type));
1213                 return;
1214         }
1215
1216         /* Ensure we have a large enough packet before looking inside. */
1217         if (dgram->datasize < (smb_vwv12 - 2)) {
1218                 /* That's the offset minus the 4 byte length + 2 bytes of offset. */
1219                 DEBUG(0,("process_dgram: ignoring too short dgram packet (%u) sent to name %s from IP %s\n",
1220                         (unsigned int)dgram->datasize,
1221                         nmb_namestr(&dgram->dest_name),
1222                         inet_ntoa(p->ip) ));
1223                 return;
1224         }
1225
1226         buf = &dgram->data[0];
1227         buf -= 4; /* XXXX for the pseudo tcp length - someday I need to get rid of this */
1228
1229         if (CVAL(buf,smb_com) != SMBtrans)
1230                 return;
1231
1232         len = SVAL(buf,smb_vwv11);
1233         buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
1234
1235         if (len <= 0 || len > dgram->datasize) {
1236                 DEBUG(0,("process_dgram: ignoring malformed1 (datasize = %d, len = %d) datagram \
1237 packet sent to name %s from IP %s\n",
1238                         dgram->datasize,
1239                         len,
1240                         nmb_namestr(&dgram->dest_name),
1241                         inet_ntoa(p->ip) ));
1242                 return;
1243         }
1244
1245         if (buf2 < dgram->data || (buf2 >= dgram->data + dgram->datasize)) {
1246                 DEBUG(0,("process_dgram: ignoring malformed2 (datasize = %d, len=%d, off=%d) datagram \
1247 packet sent to name %s from IP %s\n",
1248                         dgram->datasize,
1249                         len,
1250                         (int)PTR_DIFF(buf2, dgram->data),
1251                         nmb_namestr(&dgram->dest_name),
1252                         inet_ntoa(p->ip) ));
1253                 return;
1254         }
1255
1256         if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) {
1257                 DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \
1258 packet sent to name %s from IP %s\n",
1259                         dgram->datasize,
1260                         len,
1261                         (int)PTR_DIFF(buf2, dgram->data),
1262                         nmb_namestr(&dgram->dest_name),
1263                         inet_ntoa(p->ip) ));
1264                 return;
1265         }
1266
1267         DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
1268                 nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
1269                 inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
1270
1271         /* Datagram packet received for the browser mailslot */
1272         if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) {
1273                 process_browse_packet(p,buf2,len);
1274                 return;
1275         }
1276
1277         /* Datagram packet received for the LAN Manager mailslot */
1278         if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) {
1279                 process_lanman_packet(p,buf2,len);
1280                 return;
1281         }
1282
1283         /* Datagram packet received for the domain logon mailslot */
1284         if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT)) {
1285                 process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT);
1286                 return;
1287         }
1288
1289         /* Datagram packet received for the NT domain logon mailslot */
1290         if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT)) {
1291                 process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT);
1292                 return;
1293         }
1294
1295         unexpected_packet(p);
1296 }
1297
1298 /****************************************************************************
1299   Validate a response nmb packet.
1300 ****************************************************************************/
1301
1302 static BOOL validate_nmb_response_packet( struct nmb_packet *nmb )
1303 {
1304         BOOL ignore = False;
1305
1306         switch (nmb->header.opcode) {
1307                 case NMB_NAME_REG_OPCODE:
1308                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1309                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1310                         if (nmb->header.ancount == 0) {
1311                                 DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. "));
1312                                 ignore = True;
1313                         }
1314                         break;
1315
1316                 case NMB_NAME_QUERY_OPCODE:
1317                         if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1)) {
1318                                 DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. "));
1319                                 ignore = True;
1320                         }
1321                         break;
1322
1323                 case NMB_NAME_RELEASE_OPCODE:
1324                         if (nmb->header.ancount == 0) {
1325                                 DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. "));
1326                                 ignore = True;
1327                         }
1328                         break;
1329
1330                 case NMB_WACK_OPCODE:
1331                         /* Check WACK response here. */
1332                         if (nmb->header.ancount != 1) {
1333                                 DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. "));
1334                                 ignore = True;
1335                         }
1336                         break;
1337                 default:
1338                         DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n",
1339                                         nmb->header.opcode));
1340                         return True;
1341         }
1342
1343         if(ignore)
1344                 DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode));
1345
1346         return ignore;
1347 }
1348
1349 /****************************************************************************
1350   Validate a request nmb packet.
1351 ****************************************************************************/
1352
1353 static BOOL validate_nmb_packet( struct nmb_packet *nmb )
1354 {
1355         BOOL ignore = False;
1356
1357         switch (nmb->header.opcode) {
1358                 case NMB_NAME_REG_OPCODE:
1359                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1360                 case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
1361                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1362                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1363                                 DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. "));
1364                                 ignore = True;
1365                         }
1366                         break;
1367
1368                 case NMB_NAME_QUERY_OPCODE:
1369                         if ((nmb->header.qdcount == 0) || ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) &&
1370                                         (nmb->question.question_type != QUESTION_TYPE_NB_STATUS))) {
1371                                 DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. "));
1372                                 ignore = True;
1373                         }
1374                         break;
1375
1376                 case NMB_NAME_RELEASE_OPCODE:
1377                         if (nmb->header.qdcount==0 || nmb->header.arcount==0) {
1378                                 DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. "));
1379                                 ignore = True;
1380                         }
1381                         break;
1382                 default:
1383                         DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n",
1384                                 nmb->header.opcode));
1385                         return True;
1386         }
1387
1388         if(ignore)
1389                 DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode));
1390
1391         return ignore;
1392 }
1393
1394 /****************************************************************************
1395   Find a subnet (and potentially a response record) for a packet.
1396 ****************************************************************************/
1397
1398 static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p,
1399                                                          struct response_record **pprrec)
1400 {
1401         struct nmb_packet *nmb = &p->packet.nmb;
1402         struct response_record *rrec = NULL;
1403         struct subnet_record *subrec = NULL;
1404
1405         if(pprrec != NULL)
1406                 *pprrec = NULL;
1407
1408         if(nmb->header.response) {
1409                 /* It's a response packet. Find a record for it or it's an error. */
1410
1411                 rrec = find_response_record( &subrec, nmb->header.name_trn_id);
1412                 if(rrec == NULL) {
1413                         DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n",
1414                                 nmb->header.name_trn_id));
1415                         unexpected_packet(p);
1416                         return NULL;
1417                 }
1418
1419                 if(subrec == NULL) {
1420                         DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n",
1421                                 nmb->header.name_trn_id));
1422                         return NULL;
1423                 }
1424
1425                 if(pprrec != NULL)
1426                         *pprrec = rrec;
1427                 return subrec;
1428         }
1429
1430         /* Try and see what subnet this packet belongs to. */
1431
1432         /* WINS server ? */
1433         if(packet_is_for_wins_server(p))
1434                 return wins_server_subnet;
1435
1436         /* If it wasn't a broadcast packet then send to the UNICAST subnet. */
1437         if(nmb->header.nm_flags.bcast == False)
1438                 return unicast_subnet;
1439
1440         /* Go through all the broadcast subnets and see if the mask matches. */
1441         for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1442                 if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
1443                         return subrec;
1444         }
1445
1446         /* If none match it must have been a directed broadcast - assign the remote_broadcast_subnet. */
1447         return remote_broadcast_subnet;
1448 }
1449
1450 /****************************************************************************
1451   Process a nmb request packet - validate the packet and route it.
1452 ****************************************************************************/
1453
1454 static void process_nmb_request(struct packet_struct *p)
1455 {
1456         struct nmb_packet *nmb = &p->packet.nmb;
1457         struct subnet_record *subrec = NULL;
1458
1459         debug_nmb_packet(p);
1460
1461         /* Ensure we have a good packet. */
1462         if(validate_nmb_packet(nmb))
1463                 return;
1464
1465         /* Allocate a subnet to this packet - if we cannot - fail. */
1466         if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL)
1467                 return;
1468
1469         switch (nmb->header.opcode) {
1470                 case NMB_NAME_REG_OPCODE:
1471                         if(subrec == wins_server_subnet)
1472                                 wins_process_name_registration_request(subrec, p);
1473                         else
1474                                 process_name_registration_request(subrec, p);
1475                         break;
1476
1477                 case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
1478                 case NMB_NAME_REFRESH_OPCODE_9:
1479                         if(subrec == wins_server_subnet)
1480                                 wins_process_name_refresh_request(subrec, p);
1481                         else
1482                                 process_name_refresh_request(subrec, p);
1483                         break;
1484
1485                 case NMB_NAME_MULTIHOMED_REG_OPCODE:
1486                         if(subrec == wins_server_subnet) {
1487                                 wins_process_multihomed_name_registration_request(subrec, p);
1488                         } else {
1489                                 DEBUG(0,("process_nmb_request: Multihomed registration request must be \
1490 directed at a WINS server.\n"));
1491                         }
1492                         break;
1493
1494                 case NMB_NAME_QUERY_OPCODE:
1495                         switch (nmb->question.question_type) {
1496                                 case QUESTION_TYPE_NB_QUERY:
1497                                         if(subrec == wins_server_subnet)
1498                                                 wins_process_name_query_request(subrec, p);
1499                                         else
1500                                                 process_name_query_request(subrec, p);
1501                                         break;
1502                                 case QUESTION_TYPE_NB_STATUS:
1503                                         if(subrec == wins_server_subnet) {
1504                                                 DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \
1505 not allowed.\n"));
1506                                                 break;
1507                                         } else {
1508                                                 process_node_status_request(subrec, p);
1509                                         }
1510                                         break;
1511                         }
1512                         break;
1513
1514                 case NMB_NAME_RELEASE_OPCODE:
1515                         if(subrec == wins_server_subnet)
1516                                 wins_process_name_release_request(subrec, p);
1517                         else
1518                                 process_name_release_request(subrec, p);
1519                         break;
1520         }
1521 }
1522
1523 /****************************************************************************
1524   Process a nmb response packet - validate the packet and route it.
1525   to either the WINS server or a normal response.
1526 ****************************************************************************/
1527
1528 static void process_nmb_response(struct packet_struct *p)
1529 {
1530         struct nmb_packet *nmb = &p->packet.nmb;
1531         struct subnet_record *subrec = NULL;
1532         struct response_record *rrec = NULL;
1533
1534         debug_nmb_packet(p);
1535
1536         if(validate_nmb_response_packet(nmb))
1537                 return;
1538
1539         if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL)
1540                 return;
1541
1542         if(rrec == NULL) {
1543                 DEBUG(0,("process_nmb_response: response packet received but no response record \
1544 found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id));
1545                 return;
1546         }
1547
1548         /* Increment the number of responses received for this record. */
1549         rrec->num_msgs++;
1550         /* Ensure we don't re-send the request. */
1551         rrec->repeat_count = 0;
1552
1553         /* Call the response received function for this packet. */
1554         (*rrec->resp_fn)(subrec, rrec, p);
1555 }
1556
1557 /*******************************************************************
1558   Run elements off the packet queue till its empty
1559 ******************************************************************/
1560
1561 void run_packet_queue(void)
1562 {
1563         struct packet_struct *p;
1564
1565         while ((p = packet_queue)) {
1566                 packet_queue = p->next;
1567                 if (packet_queue)
1568                         packet_queue->prev = NULL;
1569                 p->next = p->prev = NULL;
1570
1571                 switch (p->packet_type) {
1572                         case NMB_PACKET:
1573                                 if(p->packet.nmb.header.response)
1574                                         process_nmb_response(p);
1575                                 else
1576                                         process_nmb_request(p);
1577                                 break;
1578
1579                         case DGRAM_PACKET:
1580                                 process_dgram(p);
1581                                 break;
1582                 }
1583                 free_packet(p);
1584         }
1585 }
1586
1587 /*******************************************************************
1588  Retransmit or timeout elements from all the outgoing subnet response
1589  record queues. NOTE that this code must also check the WINS server
1590  subnet for response records to timeout as the WINS server code
1591  can send requests to check if a client still owns a name.
1592  (Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>).
1593 ******************************************************************/
1594
1595 void retransmit_or_expire_response_records(time_t t)
1596 {
1597         struct subnet_record *subrec;
1598
1599         for (subrec = FIRST_SUBNET; subrec; subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec)) {
1600                 struct response_record *rrec, *nextrrec;
1601
1602                 for (rrec = subrec->responselist; rrec; rrec = nextrrec) {
1603                         nextrrec = rrec->next;
1604
1605                         if (rrec->repeat_time <= t) {
1606                                 if (rrec->repeat_count > 0) {
1607                                         /* Resend while we have a non-zero repeat_count. */
1608                                         if(!send_packet(rrec->packet)) {
1609                                                 DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \
1610 to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1611                                         }
1612                                         rrec->repeat_time = t + rrec->repeat_interval;
1613                                         rrec->repeat_count--;
1614                                 } else {
1615                                         DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \
1616 on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name));
1617
1618                                         /*
1619                                          * Check the flag in this record to prevent recursion if we end
1620                                          * up in this function again via the timeout function call.
1621                                          */
1622
1623                                         if(!rrec->in_expiration_processing) {
1624
1625                                                 /*
1626                                                  * Set the recursion protection flag in this record.
1627                                                  */
1628
1629                                                 rrec->in_expiration_processing = True;
1630
1631                                                 /* Call the timeout function. This will deal with removing the
1632                                                                 timed out packet. */
1633                                                 if(rrec->timeout_fn) {
1634                                                         (*rrec->timeout_fn)(subrec, rrec);
1635                                                 } else {
1636                                                         /* We must remove the record ourself if there is
1637                                                                         no timeout function. */
1638                                                         remove_response_record(subrec, rrec);
1639                                                 }
1640                                         } /* !rrec->in_expitation_processing */
1641                                 } /* rrec->repeat_count > 0 */
1642                         } /* rrec->repeat_time <= t */
1643                 } /* end for rrec */
1644         } /* end for subnet */
1645 }
1646
1647 /****************************************************************************
1648   Create an fd_set containing all the sockets in the subnet structures,
1649   plus the broadcast sockets.
1650 ***************************************************************************/
1651
1652 static BOOL create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number, int *maxfd)
1653 {
1654         int *sock_array = NULL;
1655         struct subnet_record *subrec = NULL;
1656         int count = 0;
1657         int num = 0;
1658         fd_set *pset = SMB_MALLOC_P(fd_set);
1659
1660         if(pset == NULL) {
1661                 DEBUG(0,("create_listen_fdset: malloc fail !\n"));
1662                 return True;
1663         }
1664
1665         /* Check that we can add all the fd's we need. */
1666         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
1667                 count++;
1668
1669         if((count*2) + 2 > FD_SETSIZE) {
1670                 DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
1671 only use %d.\n", (count*2) + 2, FD_SETSIZE));
1672                 SAFE_FREE(pset);
1673                 return True;
1674         }
1675
1676         if((sock_array = SMB_MALLOC_ARRAY(int, (count*2) + 2)) == NULL) {
1677                 DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1678                 SAFE_FREE(pset);
1679                 return True;
1680         }
1681
1682         FD_ZERO(pset);
1683
1684         /* Add in the broadcast socket on 137. */
1685         FD_SET(ClientNMB,pset);
1686         sock_array[num++] = ClientNMB;
1687         *maxfd = MAX( *maxfd, ClientNMB);
1688
1689         /* Add in the 137 sockets on all the interfaces. */
1690         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1691                 FD_SET(subrec->nmb_sock,pset);
1692                 sock_array[num++] = subrec->nmb_sock;
1693                 *maxfd = MAX( *maxfd, subrec->nmb_sock);
1694         }
1695
1696         /* Add in the broadcast socket on 138. */
1697         FD_SET(ClientDGRAM,pset);
1698         sock_array[num++] = ClientDGRAM;
1699         *maxfd = MAX( *maxfd, ClientDGRAM);
1700
1701         /* Add in the 138 sockets on all the interfaces. */
1702         for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
1703                 FD_SET(subrec->dgram_sock,pset);
1704                 sock_array[num++] = subrec->dgram_sock;
1705                 *maxfd = MAX( *maxfd, subrec->dgram_sock);
1706         }
1707
1708         *listen_number = (count*2) + 2;
1709
1710         SAFE_FREE(*ppset);
1711         SAFE_FREE(*psock_array);
1712
1713         *ppset = pset;
1714         *psock_array = sock_array;
1715
1716         return False;
1717 }
1718
1719 /****************************************************************************
1720   Listens for NMB or DGRAM packets, and queues them.
1721   return True if the socket is dead
1722 ***************************************************************************/
1723
1724 BOOL listen_for_packets(BOOL run_election)
1725 {
1726         static fd_set *listen_set = NULL;
1727         static int listen_number = 0;
1728         static int *sock_array = NULL;
1729         int i;
1730         static int maxfd = 0;
1731
1732         fd_set r_fds;
1733         fd_set w_fds;
1734         int selrtn;
1735         struct timeval timeout;
1736 #ifndef SYNC_DNS
1737         int dns_fd;
1738 #endif
1739
1740         if(listen_set == NULL || rescan_listen_set) {
1741                 if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) {
1742                         DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
1743                         return True;
1744                 }
1745                 rescan_listen_set = False;
1746         }
1747
1748         memcpy((char *)&r_fds, (char *)listen_set, sizeof(fd_set));
1749         FD_ZERO(&w_fds);
1750
1751 #ifndef SYNC_DNS
1752         dns_fd = asyncdns_fd();
1753         if (dns_fd != -1) {
1754                 FD_SET(dns_fd, &r_fds);
1755                 maxfd = MAX( maxfd, dns_fd);
1756         }
1757 #endif
1758
1759         /*
1760          * During elections and when expecting a netbios response packet we
1761          * need to send election packets at tighter intervals.
1762          * Ideally it needs to be the interval (in ms) between time now and
1763          * the time we are expecting the next netbios packet.
1764          */
1765
1766         timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP;
1767         timeout.tv_usec = 0;
1768
1769         {
1770                 struct timeval now = timeval_current();
1771                 event_add_to_select_args(nmbd_event_context(), &now,
1772                                          &r_fds, &w_fds, &timeout, &maxfd);
1773         }
1774
1775         if (timeval_is_zero(&timeout)) {
1776                 /* Process a timed event now... */
1777                 if (run_events(nmbd_event_context(), 0, NULL, NULL)) {
1778                         return False;
1779                 }
1780         }
1781
1782         /* Prepare for the select - allow certain signals. */
1783
1784         BlockSignals(False, SIGTERM);
1785
1786         selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&timeout);
1787
1788         /* We can only take signals when we are in the select - block them again here. */
1789
1790         BlockSignals(True, SIGTERM);
1791
1792         if(selrtn == -1) {
1793                 return False;
1794         }
1795
1796         if (run_events(nmbd_event_context(), selrtn, &r_fds, &w_fds)) {
1797                 return False;
1798         }
1799
1800 #ifndef SYNC_DNS
1801         if (dns_fd != -1 && FD_ISSET(dns_fd,&r_fds)) {
1802                 run_dns_queue();
1803         }
1804 #endif
1805
1806         for(i = 0; i < listen_number; i++) {
1807                 if (i < (listen_number/2)) {
1808                         /* Processing a 137 socket. */
1809                         if (FD_ISSET(sock_array[i],&r_fds)) {
1810                                 struct packet_struct *packet = read_packet(sock_array[i], NMB_PACKET);
1811                                 if (packet) {
1812                                         /*
1813                                          * If we got a packet on the broadcast socket and interfaces
1814                                          * only is set then check it came from one of our local nets. 
1815                                          */
1816                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientNMB) && 
1817                                                                 (!is_local_net(packet->ip))) {
1818                                                 DEBUG(7,("discarding nmb packet sent to broadcast socket from %s:%d\n",
1819                                                         inet_ntoa(packet->ip),packet->port));     
1820                                                 free_packet(packet);
1821                                         } else if ((ip_equal(loopback_ip, packet->ip) || 
1822                                                                 ismyip(packet->ip)) && packet->port == global_nmb_port &&
1823                                                                 packet->packet.nmb.header.nm_flags.bcast) {
1824                                                 DEBUG(7,("discarding own bcast packet from %s:%d\n",
1825                                                         inet_ntoa(packet->ip),packet->port));     
1826                                                 free_packet(packet);
1827                                         } else {
1828                                                 /* Save the file descriptor this packet came in on. */
1829                                                 packet->fd = sock_array[i];
1830                                                 queue_packet(packet);
1831                                         }
1832                                 }
1833                         }
1834                 } else {
1835                         /* Processing a 138 socket. */
1836                                 if (FD_ISSET(sock_array[i],&r_fds)) {
1837                                 struct packet_struct *packet = read_packet(sock_array[i], DGRAM_PACKET);
1838                                 if (packet) {
1839                                         /*
1840                                          * If we got a packet on the broadcast socket and interfaces
1841                                          * only is set then check it came from one of our local nets. 
1842                                          */
1843                                         if(lp_bind_interfaces_only() && (sock_array[i] == ClientDGRAM) && 
1844                                                                 (!is_local_net(packet->ip))) {
1845                                                 DEBUG(7,("discarding dgram packet sent to broadcast socket from %s:%d\n",
1846                                                 inet_ntoa(packet->ip),packet->port));     
1847                                                 free_packet(packet);
1848                                         } else if ((ip_equal(loopback_ip, packet->ip) || 
1849                                                         ismyip(packet->ip)) && packet->port == DGRAM_PORT) {
1850                                                 DEBUG(7,("discarding own dgram packet from %s:%d\n",
1851                                                         inet_ntoa(packet->ip),packet->port));     
1852                                                 free_packet(packet);
1853                                         } else {
1854                                                 /* Save the file descriptor this packet came in on. */
1855                                                 packet->fd = sock_array[i];
1856                                                 queue_packet(packet);
1857                                         }
1858                                 }
1859                         }
1860                 } /* end processing 138 socket. */
1861         } /* end for */
1862         return False;
1863 }
1864
1865 /****************************************************************************
1866   Construct and send a netbios DGRAM.
1867 **************************************************************************/
1868
1869 BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len,
1870                    const char *srcname, int src_type,
1871                    const char *dstname, int dest_type,
1872                    struct in_addr dest_ip,struct in_addr src_ip,
1873                    int dest_port)
1874 {
1875         BOOL loopback_this_packet = False;
1876         struct packet_struct p;
1877         struct dgram_packet *dgram = &p.packet.dgram;
1878         char *ptr,*p2;
1879         char tmp[4];
1880
1881         memset((char *)&p,'\0',sizeof(p));
1882
1883         if(ismyip(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */
1884                 loopback_this_packet = True;
1885
1886         /* generate_name_trn_id(); */ /* Not used, so gone, RJS */
1887
1888         /* DIRECT GROUP or UNIQUE datagram. */
1889         dgram->header.msg_type = unique ? 0x10 : 0x11;
1890         dgram->header.flags.node_type = M_NODE;
1891         dgram->header.flags.first = True;
1892         dgram->header.flags.more = False;
1893         dgram->header.dgm_id = generate_name_trn_id();
1894         dgram->header.source_ip = src_ip;
1895         dgram->header.source_port = DGRAM_PORT;
1896         dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
1897         dgram->header.packet_offset = 0;
1898
1899         make_nmb_name(&dgram->source_name,srcname,src_type);
1900         make_nmb_name(&dgram->dest_name,dstname,dest_type);
1901
1902         ptr = &dgram->data[0];
1903
1904         /* Setup the smb part. */
1905         ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
1906         memcpy(tmp,ptr,4);
1907         set_message(ptr,17,strlen(mailslot) + 1 + len,True);
1908         memcpy(ptr,tmp,4);
1909
1910         SCVAL(ptr,smb_com,SMBtrans);
1911         SSVAL(ptr,smb_vwv1,len);
1912         SSVAL(ptr,smb_vwv11,len);
1913         SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
1914         SSVAL(ptr,smb_vwv13,3);
1915         SSVAL(ptr,smb_vwv14,1);
1916         SSVAL(ptr,smb_vwv15,1);
1917         SSVAL(ptr,smb_vwv16,2);
1918         p2 = smb_buf(ptr);
1919         safe_strcpy_base(p2, mailslot, dgram->data, sizeof(dgram->data));
1920         p2 = skip_string(ptr,MAX_DGRAM_SIZE,p2);
1921
1922         if (((p2+len) > dgram->data+sizeof(dgram->data)) || ((p2+len) < p2)) {
1923                 DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
1924                 return False;
1925         } else {
1926                 memcpy(p2,buf,len);
1927                 p2 += len;
1928         }
1929
1930         dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
1931
1932         p.ip = dest_ip;
1933         p.port = dest_port;
1934         p.fd = find_subnet_mailslot_fd_for_address( src_ip );
1935         p.timestamp = time(NULL);
1936         p.packet_type = DGRAM_PACKET;
1937
1938         DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
1939                         nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
1940         DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
1941
1942         debug_browse_data(buf, len);
1943
1944         if(loopback_this_packet) {
1945                 struct packet_struct *lo_packet = NULL;
1946                 DEBUG(5,("send_mailslot: sending packet to ourselves.\n"));
1947                 if((lo_packet = copy_packet(&p)) == NULL)
1948                         return False;
1949                 queue_packet(lo_packet);
1950                 return True;
1951         } else {
1952                 return(send_packet(&p));
1953         }
1954 }