wsdd

wsdd implements a Web Service Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows.

It also implements the client side of the discovery protocol which allows to search for Windows machines and other devices implementing WSD. This mode of operation is called discovery mode.

Purpose

Since NetBIOS discovery is not supported by Windows anymore, wsdd makes hosts to appear in Windows again using the Web Service Discovery method. This is beneficial for devices running Samba, like NAS or file sharing servers on your local network. The discovery mode searches for other WSD servers in the local subnet.

Background

With Windows 10 version 1511, support for SMBv1 and thus NetBIOS device discovery was disabled by default. Depending on the actual edition, later versions of Windows starting from version 1709 ("Fall Creators Update") do not allow the installation of the SMBv1 client anymore. This causes hosts running Samba not to be listed in the Explorer's "Network (Neighborhood)" views. While there is no connectivity problem and Samba will still run fine, users might want to have their Samba hosts to be listed by Windows automatically.

You may ask: What about Samba itself, shouldn't this functionality be included in Samba!? Yes, maybe. However, using Samba as file sharing service is still possible even if the host running Samba is not listed in the Network Neighborhood. You can still connect using the host name (given that name resolution works) or IP address. So you can have network drives and use shared folders as well. In addition, there is a patch lurking around in the Samba bug tracker since 2015. So it may happen that this feature gets integrated into Samba at some time in the future.

Requirements

wsdd requires Python 3.7 and later only. It runs on Linux, FreeBSD, OpenBSD, MacOS and SunOS/Illumos. Other Unixes, such as NetBSD, might work as well but were not tested.

Although Samba is not strictly required by wsdd itself, it makes sense to run wsdd only on hosts with a running Samba daemon. Note that the OpenRC/Gentoo init script depends on the Samba service.

Installation

Operating System and Distribution-Depending Instructions

This section provides instructions how to install wsdd on different OS distributions. Sufficient privileges are assumed to be in effect, e.g. by being root or using sudo.

Arch Linux

Install wsdd from the Extra repository.

CentOS, Fedora, RHEL

wsdd is included in RedHat/CentOS' EPEL repository. After setting that up, you can install wsdd like on Fedora where it is sufficient to issue

dnf install wsdd

Debian-based Distributions (Debian, Ubuntu, Mint, ...)

Wsdd is included in the official package repositories of Debian and Ubuntu (universe) since versions 12 (Bookworm) and 22.04 LTS (Jammy Jellyfish), respectively. This also applies to Linux Mint, starting from version 21 (Vanessa). Thus, it is sufficient to install it via

apt install wsdd

FreeBSD

The wsdd port can be installed via

pkg install py39-wsdd

Gentoo

You can choose between two overlays: the GURU project and an author-maintained dedicated overlay which can be selected as follows

emerge eselect-repository
eselect repository enable guru
emerge --sync

After setting up one of them you can install wsdd with

emerge wsdd

Generic Installation Instructions

No installation steps are required. Just place the wsdd.py file anywhere you want to, rename it to wsdd, and run it from there. The init scripts/unit files assume that wsdd is installed under /usr/bin/wsdd or /usr/local/bin/wsdd in case of FreeBSD. There are no configuration files. No special privileges are required to run wsdd, so it is advisable to run the service as an unprivileged, possibly dedicated, user for the service.

The etc directory of the repo contains sample configuration files for different init(1) systems, e.g. FreeBSD's rc.d, Gentoo's openrc, and systemd which is used in most contemporary Linux distros. Those files may be used as templates. They are likely to require adjustments to the actual distribution/installation where they are to be used.

Usage

Firewall Setup

Traffic for the following ports, directions and addresses must be allowed.

• incoming and outgoing traffic to udp/3702 with multicast destination:
  • 239.255.255.250 for IPv4
  • ff02::c for IPv6
• outgoing unicast traffic from udp/3702
• incoming to tcp/5357

You should further restrict the traffic to the (link-)local subnet, e.g. by using the fe80::/10 address space for IPv6. Please note that IGMP traffic must be enabled in order to get IPv4 multicast traffic working.

For UFW and firewalld, application/service profiles can be found in the respective directories. Note that UFW profiles only allow to grant the traffic on specific UDP and TCP ports, but a restriction on the IP range (like link local for IPv6) or the multicast traffic is not possible.

Options

By default wsdd runs in host mode and binds to all interfaces with only warnings and error messages enabled. In this configuration the host running wsdd is discovered with its configured hostname and belong to a default workgroup. The discovery mode, which allows to search for other WSD-compatible devices must be enabled explicitly. Both modes can be used simultaneously. See below for details.

General options

• -4, --ipv4only (see below)

• -6, --ipv6only

  Restrict to the given address family. If both options are specified no addreses will be available and wsdd will exit.

• -A, --no-autostart Do not start networking activities automatically when the program is started. The API interface (see man page) can be used to start and stop the networking activities while the application is running.

• -c DIRECTORY, --chroot DIRECTORY

  Chroot into a separate directory to prevent access to other directories of the system. This increases security in case of a vulnerability in wsdd. Consider setting the user and group under which wssd is running by using the -u option.

• -H HOPLIMIT, --hoplimit HOPLIMIT

  Set the hop limit for multicast packets. The default is 1 which should prevent packets from leaving the local network segment.

• -i INTERFACE/ADDRESS, --interface INTERFACE/ADDRESS

  Specify on which interfaces wsdd will be listening on. If no interfaces are specified, all interfaces are used. The loop-back interface is never used, even when it was explicitly specified. For interfaces with IPv6 addresses, only link-local addresses will be used for announcing the host on the network. This option can be provided multiple times in order to use more than one interface.

  This option also accepts IP addresses that the service should bind to. For IPv6, only link local addresses are actually considered as noted above.

• -l PATH/PORT, --listen PATH/PORT Enable the API server on the with a Unix domain socket on the given PATH or a local TCP socket bound to the given PORT. Refer to the man page for details on the API.

• --metadata-timeout TIMEOUT Set the timeout for HTTP-based metadata exchange. Default is 2.0 seconds.

• --source-port PORT Set the source port for outgoing multicast messages, so that replies will use this as the destination port. This is useful for firewalls that do not detect incoming unicast replies to a multicast as part of the flow, so the port needs to be fixed in order to be allowed manually.

• -s, --shortlog

  Use a shorter logging format that only includes the level and message. This is useful in cases where the logging mechanism, like systemd on Linux, automatically prepend a date and process name plus ID to the log message.

• -u USER[:GROUP], --user USER[:GROUP]

  Change user (and group) when running before handling network packets. Together with -c this option can be used to increase security if the execution environment, like the init system, cannot ensure this in another way.

• -U UUID, --uuid UUID

  The WSD specification requires a device to have a unique address that is stable across reboots or changes in networks. In the context of the standard, it is assumed that this is something like a serial number. Wsdd attempts to read the machine ID from /etc/machine-id and /etc/hostid (in that order) before potentially chrooting in another environment. If reading the machine ID fails, wsdd falls back to a version 5 UUID with the DNS namespace and the host name of the local machine as inputs. Thus, the host name should be stable and not be modified, e.g. by DHCP. However, if you want wsdd to use a specific UUID you can use this option.

• -v, --verbose

  Additively increase verbosity of the log output. A single occurrence of -v/--verbose sets the log level to INFO. More -v options set the log level to DEBUG.

• -V, --version

  Show the version number and exit.

Host Operation Mode

In host mode, the device running wsdd can be discovered by Windows.

• -d DOMAIN, --domain DOMAIN

  Assume that the host running wsdd joined an ADS domain. This will make wsdd report the host being a domain member. It disables workgroup membership reporting. The (provided) hostname is automatically converted to lower case. Use the -p option to change this behavior.

• -n HOSTNAME, --hostname HOSTNAME

  Override the host name wsdd uses during discovery. By default the machine's host name is used (look at hostname(1)). Only the host name part of a possible FQDN will be