{"id":19075369,"url":"https://github.com/gershnik/wsdd-native","last_synced_at":"2026-02-14T01:08:43.782Z","repository":{"id":143477938,"uuid":"513829154","full_name":"gershnik/wsdd-native","owner":"gershnik","description":"Make your macOS/Linux/BSD/illumos/HaikuOS machine visible in Network view of Windows Explorer","archived":false,"fork":false,"pushed_at":"2026-02-09T13:55:32.000Z","size":784,"stargazers_count":71,"open_issues_count":1,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2026-02-09T13:57:53.898Z","etag":null,"topics":["bsd","freebsd","haiku-os","illumos","linux","macos","macosx","netbsd","openbsd","samba","windows-10","windows-11","windows-explorer","ws-discovery","wsd"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gershnik.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-07-14T08:58:58.000Z","updated_at":"2026-01-30T23:05:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"b02ffc49-86a2-4c27-8bc1-b5861dd7f664","html_url":"https://github.com/gershnik/wsdd-native","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/gershnik/wsdd-native","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gershnik%2Fwsdd-native","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gershnik%2Fwsdd-native/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gershnik%2Fwsdd-native/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gershnik%2Fwsdd-native/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gershnik","download_url":"https://codeload.github.com/gershnik/wsdd-native/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gershnik%2Fwsdd-native/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29427885,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T22:20:51.549Z","status":"ssl_error","status_checked_at":"2026-02-13T22:20:49.838Z","response_time":78,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bsd","freebsd","haiku-os","illumos","linux","macos","macosx","netbsd","openbsd","samba","windows-10","windows-11","windows-explorer","ws-discovery","wsd"],"created_at":"2024-11-09T01:54:29.416Z","updated_at":"2026-02-14T01:08:43.766Z","avatar_url":"https://github.com/gershnik.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wsdd-native\n\n[![Version][version_badge]][releases]\n[![License][license_badge]](https://opensource.org/licenses/BSD-3-Clause)\n[![Language][language_badge]](https://isocpp.org/)\n\nA Unix daemon that makes your macOS/Linux/BSD/illumos/HaikuOS machine visible in Network view of Windows Explorer on newer versions of Windows.\n\nIt implements WS-Discovery protocol that Windows now uses to discover machines on local network. It is a native daemon, written in C++. \n\n\u003c!-- TOC depthfrom:2 --\u003e\n\n- [Features](#features)\n- [Binary packages](#binary-packages)\n    - [macOS](#macos)\n        - [Standalone installer](#standalone-installer)\n        - [Homebrew](#homebrew)\n        - [Macports](#macports)\n    - [Ubuntu/Debian/Mint/Raspberry Pi](#ubuntudebianmintraspberry-pi)\n    - [RedHat/CentOS/Fedora](#redhatcentosfedora)\n    - [OpenSUSE](#opensuse)\n    - [Arch Linux](#arch-linux)\n    - [Alpine](#alpine)\n    - [FreeBSD](#freebsd)\n    - [OpenBSD](#openbsd)\n    - [Docker](#docker)\n- [Building from sources](#building-from-sources)\n    - [Prerequisites](#prerequisites)\n    - [Building and installing](#building-and-installing)\n    - [Setting up daemon](#setting-up-daemon)\n- [Usage](#usage)\n    - [Firewall Setup](#firewall-setup)\n    - [Security](#security)\n    - [Custom metadata](#custom-metadata)\n- [Acknowledgements](#acknowledgements)\n- [Reporting Bugs](#reporting-bugs)\n\n\u003c!-- /TOC --\u003e\n\n## Features\n\n* Fully supports macOS, Linux, FreeBSD, OpenBSD, NetBSD and illumos. Partial support for Haiku OS\n* Can be configured via a configuration file, not just command line.\n* Discovers Samba/macOS SMB configuration on its own. (This can be overridden, if desired)\n* Can present the Unix host as something other than \"Computer\" in Windows Explorer.\n* Integrates well with `systemd` and `launchd`. Of course, it can also run as a classical Unix daemon for other init systems.\n* Friendly to various log rotation methods like `newsyslogd` and `logrotate`. Supports standard reload semantics via SIGHUP.\n* Written with security in mind first and foremost. \n* Will never run any network code as root. Designated user account to run under is created automatically, if needed.\n\nThere are a couple of similar projects available: [wsdd][wsdd] written in Python and [wsdd2][wsdd2] written in C. Neither of them, however, fully provides the features above. \n\n## Binary packages\n\n### macOS\n\nOn macOS there are 3 ways to install `wsddn`: via a standalone installer package, [Homebrew][homebrew] or [Macports][macports]. \nUsing a standalone installer is simpler but you will have to manually install any future updates as well.\nHomebrew/Macports are a bit more complicated to set up but it provides updatability similar to Linux/BSD package managers. \n\nFor all 3 methods the supported platforms are:\n- macOS Catalina (10.15) and above\n- Both Intel and Apple Silicon\n\n#### Standalone installer\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo install via standalone `.pkg` installer:\n\n* Download [the installer package](https://github.com/gershnik/wsdd-native/releases/download/v1.22/wsddn-macos-1.22.pkg)\n* Double click it to run and follow the prompts.\n\nIf you prefer command line, you can also install via:\n```bash\nsudo installer -pkg /path/to/wsddn-macos-1.22.pkg -target /\n```\n\nTo fully uninstall `wsddn` run `/usr/local/bin/wsddn-uninstall`\n\nDaemon will start automatically on install. \n\nTo start/stop/reload the daemon use:\n\n```bash\nsudo launchctl kickstart system/io.github.gershnik.wsddn\nsudo launchctl kill TERM system/io.github.gershnik.wsddn\nsudo launchctl kill HUP system/io.github.gershnik.wsddn\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon and related logs can be viewed in system log by searching for subsystem or\nprocess names containing string `wsddn`. For example:\n\n```bash\nlog show --last 15m --debug --info \\\n  --predicate 'subsystem CONTAINS \"wsddn\" OR process CONTAINS \"wsddn\"'\n```\n\n\u003c/details\u003e\n\n#### Homebrew\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nHomebrew package ('cask') can be installed via a custom tap. \n\nTo set it up\n\n```bash\nbrew tap gershnik/repo\n```\n\nThen\n\n```bash\nbrew install wsddn\n```\n\nThis installs exactly the same thing as standalone installer would so all the usage instructions under [Standalone installer](#standalone-installer) apply as well.\n\n\u003c/details\u003e\n\n\n#### Macports\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nMacports package can be installed via a custom repository.\n\nTo set the repo up:\n\n```bash\nsudo bash \u003c\u003c'___'\nset -e\npemurl=https://gershnik.com/macports-repo/macports.pem\nporturl=https://www.gershnik.com/macports-repo/ports.tar.bz2\nprefix=$(dirname $(dirname $(which port)))\npemfile=\"$prefix/share/macports/gershnik.pem\"\npubkeysfile=\"$prefix/etc/macports/pubkeys.conf\"\nsourcesfile=\"$prefix/etc/macports/sources.conf\"\ncurl -s $pemurl \u003e \"$pemfile\"\ngrep -qxF \"$pemfile\" \"$pubkeysfile\" || echo $pemfile \u003e\u003e \"$pubkeysfile\"\ngrep -qxF \"$porturl\" \"$sourcesfile\" || echo $porturl \u003e\u003e \"$sourcesfile\"\nsudo port sync\n___\n```\n\nThen you can install `wsddn` as usual via\n\n```bash\nsudo port install wsddn\n```\n\nDaemon will start automatically on install. \n\nTo start/stop/reload the daemon use:\n\n```bash\nsudo launchctl kickstart system/org.macports.wsddn\nsudo launchctl kill TERM system/org.macports.wsddn\nsudo launchctl kill HUP system/org.macports.wsddn\n```\n\nConfiguration file will be at `/opt/local/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon and related logs can be viewed in system log by searching for subsystem or\nprocess names containing string `wsddn`. For example:\n\n```bash\nlog show --last 15m --debug --info \\\n  --predicate 'subsystem CONTAINS \"wsddn\" OR process CONTAINS \"wsddn\"'\n```\n\n\u003c/details\u003e\n\n\n### Ubuntu/Debian/Mint/Raspberry Pi \n\nPre-built packages are available in a custom apt repository for systems newer than Ubuntu 20.04 (focal) or\nDebian 11 (bullseye). Any Debian system based upon those or newer should work.\n\nArchitectures supported: `amd64` (aka `x86_64`), `arm64` (aka `aarch64`) and `armhf` \n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set up the apt repository:\n\n* Import the repository public key\n  ```bash\n  wget -qO- https://www.gershnik.com/apt-repo/conf/pgp-key.public \\\n    | gpg --dearmor \\\n    | sudo tee /usr/share/keyrings/gershnik.gpg \u003e/dev/null\n  ```\n\n* Add new repo\n  ```bash\n  echo \"deb\" \\\n  \"[arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gershnik.gpg]\" \\\n  \"https://www.gershnik.com/apt-repo/\" \\\n  \"base\" \\\n  \"main\" \\\n    | sudo tee /etc/apt/sources.list.d/wsddn.list \u003e/dev/null\n  ```\n\nOnce the repository is set up you can install `wsddn` as usual via:\n\n```bash\nsudo apt update\nsudo apt install wsddn\n```\n\nIf you have UFW firewall running, do\n\n```bash\nsudo ufw allow wsddn\n```\n\nDaemon will be enabled and started automatically on first install but keep its existing state on updates. \n\nOn `systemd` based distributions to start/stop/reload it use\n\n```bash\nsudo systemctl start wsddn\nsudo systemctl stop wsddn\nsudo systemctl reload wsddn\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon log can be viewed via `journalctl` as usual\n\n```bash\njournalctl -u wsddn\n```\n\nOn non-`systemd` based distributions (and Docker) you can use:\n\n```bash\nsudo /etc/init.d/wsddn start\nsudo /etc/init.d/wsddn stop\nsudo /etc/init.d/wsddn reload\n```\n\nand the log is available at `/var/log/wsddn.log`\n\n\u003c/details\u003e\n\n### RedHat/CentOS/Fedora\n\nPre-built packages are available on [Fedora Copr](https://copr.fedorainfracloud.org/coprs/gershnik/wsddn/) repository.\nVisit that link to see currently supported distributions and architectures. \n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set the repo up you need to install `copr` plugin if you haven't already done so:\n\n```bash\nsudo dnf install dnf-plugins-core\n#or with yum\n#sudo yum install yum-plugin-copr\n```\n\nThen\n\n```bash\nsudo dnf copr enable gershnik/wsddn\n#or with yum\n#sudo yum copr enable gershnik/wsddn\n```\n\nOnce the repository is set up you can install `wsddn` as usual via\n\n```bash\nsudo dnf install wsddn\n#or with yum\n#sudo yum install wsddn\n```\n\nOn first install firewall will be configured to open `wsddn` service. \n\nEnable and start the daemon:\n\n```bash\nsudo systemctl enable wsddn\nsudo systemctl start wsddn\n```\n\nTo start/stop/reload it use\n\n```bash\nsudo systemctl start wsddn\nsudo systemctl stop wsddn\nsudo systemctl reload wsddn\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon log can be viewed via `journalctl` as usual\n\n```bash\njournalctl -u wsddn\n```\n\n\u003c/details\u003e\n\n### OpenSUSE\n\nPre-built OpenSUSE packages for Tumbleweed are available via [Fedora Copr](https://copr.fedorainfracloud.org/coprs/gershnik/wsddn/). \n\nArchitectures supported: `x86_64` and`aarch64`\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set up the repository:\n\n1. Import the repository PGP key\n  ```bash\n  wget -qO wsddn.gpg  https://download.copr.fedorainfracloud.org/results/gershnik/wsddn/pubkey.gpg \\\n    \u0026\u0026 sudo rpm --import wsddn.gpg \\\n    \u0026\u0026 rm wsddn.gpg\n  ```\n2. Add the repository configuration to `zypper`\n  ```bash\n  sudo zypper addrepo -f https://download.copr.fedorainfracloud.org/results/gershnik/wsddn/opensuse-tumbleweed-$(arch) wsddn\n  ```\n3. Refresh `zypper`\n  ```bash\n  sudo zypper refresh\n  ```\n  You will receive a warning saying something like `Warning: File 'repomd.xml' from repository 'wsddn' is unsigned ...`. This is expected as Fedora Copr doesn't sign the repository itself, only actual RPMs.\n  Answer `y` to allow.\n\nOnce the repository is set up you can install `wsddn` as usual via:\n\n```bash\nsudo zypper in wsddn\n```\n\nOn first install firewall ports `5357/tcp` and `3702/udp` will be opened. \n\nEnable and start the daemon:\n\n```bash\nsudo systemctl enable wsddn\nsudo systemctl start wsddn\n```\n\nTo start/stop/reload it use\n\n```bash\nsudo systemctl start wsddn\nsudo systemctl stop wsddn\nsudo systemctl reload wsddn\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon log can be viewed via `journalctl` as usual\n\n```bash\njournalctl -u wsddn\n```\n\n\u003c/details\u003e\n\n### Arch Linux\n\nSource package is available on [AUR][aur] at https://aur.archlinux.org/packages/wsdd-native \n\nPre-built packages are available in a custom `pacman` repository.\n\nArchitectures supported: `x86_64` and`aarch64`\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set up the repository:\n\n1. Import the repository PGP key\n  ```bash\n  sudo pacman-key --recv-keys 'CF567A58C5DB9C6908C6E87E6EBB54370005A361' \\\n    \u0026\u0026 sudo pacman-key --lsign-key 'CF567A58C5DB9C6908C6E87E6EBB54370005A361'\n  ```\n2. Add the repository configuration to `/etc/pacman.conf`\n  ```ini\n  [gershnik]\n  Server = https://www.gershnik.com/arch-repo/$arch\n  ```\n3. Refresh the package databases\n  ```bash\n  sudo pacman -Sy\n  ```\n\nOnce the repository is set up you can install `wsdd-native` as usual via:\n\n```bash\nsudo pacman -S wsdd-native\n```\n\nIf you have UFW firewall running, do\n\n```bash\nsudo ufw allow wsddn\n```\n\nAs per Arch Linux convention the installation does not automatically enable or start services.\n\nEnable and start the daemon:\n\n```bash\nsudo systemctl enable wsddn\nsudo systemctl start wsddn\n```\n\nTo start/stop/reload it use\n\n```bash\nsudo systemctl start wsddn\nsudo systemctl stop wsddn\nsudo systemctl reload wsddn\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nDaemon log can be viewed via `journalctl` as usual\n\n```bash\njournalctl -u wsddn\n```\n\n\u003c/details\u003e\n\n### Alpine\n\nPre-built packages are available in a custom `apk` repository for Alpine 3.18 or above. \n\nArchitectures supported: `x86_64` and`aarch64`\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set up the repository:\n\n1. Import the repository key\n  ```bash\n  wget -qO-  https://www.gershnik.com/alpine-repo/gershnik@hotmail.com-6643812b.rsa.pub \\\n    | sudo tee /etc/apk/keys/gershnik@hotmail.com-6643812b.rsa.pub \u003e/dev/null\n  ```\n\n2. Add new repo\n  ```bash\n  sudo mkdir -p /etc/apk/repositories.d \u0026\u0026 \\\n  echo \"https://www.gershnik.com/alpine-repo/main\" \\\n    | sudo tee /etc/apk/repositories.d/www.gershnik.com.list \u003e/dev/null\n  ```\n\n3. Update `apk`\n  ```bash\n  sudo apk update\n  ```\n\n4. Install the package. \n  ```bash\n  sudo apk add wsdd-native\n  ```\n  \nIf your Alpine system has OpenRC running (e.g. not a Docker container), OpenRC configuration will be automatically installed too.\nOtherwise, if desired, you can manually add it via `sudo apk add wsdd-native-openrc`. Similarly documentation is available via `sudo apk add wsdd-native-doc`.\n\nUnder OpenRC:\n\nEnable and start the service:\n\n```bash\nsudo rc-update add wsddn\nsudo rc-service wsddn start\n```\n\nTo start/stop/reload it use\n\n```bash\nsudo rc-service wsddn start\nsudo rc-service wsddn stop\nsudo rc-service wsddn reload\n```\n\nConfiguration file will be at `/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nIf you installed documentation you can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nLog file is located at `/var/log/wsddn.log`. Log file rotation is configured via `logrotate`. To modify rotation settings edit `/etc/logrotate.d/wsddn`\n\n\u003c/details\u003e\n\n### FreeBSD\n\nPre-built packages are available for FreeBSD 14 and 15 in a custom binary package repository. \nBoth `amd64` (aka `x86_64`) and `arm64` (aka `aarch64`) architectures are supported.\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo set the repo up:\n\n* Create the custom repo config folder if it does not already exist\n  ```bash\n  sudo mkdir -p /usr/local/etc/pkg/repos\n  ```\n* Download the repository public key\n  ```bash\n  wget -qO- https://www.gershnik.com/bsd-repo/rsa-key.pub \\\n   | sudo tee /usr/local/etc/pkg/repos/www_gershnik_com.pub \u003e /dev/null\n  ```\n* Create a file named `/usr/local/etc/pkg/repos/www_gershnik_com.conf`\n* Put the following content in it:\n  ```\n  www_gershnik_com: {\n      url: \"https://www.gershnik.com/bsd-repo/${ABI}\",\n      signature_type: \"pubkey\",\n      pubkey: \"/usr/local/etc/pkg/repos/www_gershnik_com.pub\",\n      enabled: yes\n  }\n  ```\n\nOnce the repository is set up you can install `wsddn` as usual via\n\n```bash\nsudo pkg update\nsudo pkg install wsddn\n```\n\nAs is standard on FreeBSD daemon will not be enabled or started after installation. To enable it, edit `/etc/rc.conf` and add\nthe following line there:\n```\nwsddn_enable=\"YES\"\n```\n\nTo start/stop/reload the daemon use:\n\n```bash\nsudo service wsddn start\nsudo service wsddn stop\nsudo service wsddn reload\n```\n\nConfiguration file will be at `/usr/local/etc/wsddn.conf`. Comments inside indicate available options and their meaning. \nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nLog file is located at `/var/log/wsddn.log`. Log file rotation is configured via `newsylogd`. To modify rotation settings edit `/usr/local/etc/newsyslog.conf.d/wsddn.conf`\n\n\u003c/details\u003e\n\n### OpenBSD\n\nA standalone binary package is available for OpenBSD 7.5 and higher. Only `amd64` (aka `x86_64`) \narchitecture is currently supported. The package is available from [Releases][releases].\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo install:\n\n* Download the [the installer package](https://github.com/gershnik/wsdd-native/releases/download/v1.22/wsddn-1.22-OpenBSD-amd64.tgz)\n* **Important:** Rename it to `wsddn-1.22.tgz`. For example:\n```sh\nmv wsddn-1.22-OpenBSD-amd64.tgz wsddn-1.22.tgz\n```\n* Run\n```console\n# pkg_add -D unsigned wsddn-x.y.tgz\n```\n\nTo uninstall:\n```console\n# pkg_delete [-c] wsddn\n```\n\nUse the `-c` flag to also remove `_wsddn` daemon user and group.\n\nAs is standard on OpenBSD daemon will not be enabled or started after installation. \nTo enable it call\n```console\n# rcctl enable wsddn\n```\n\nTo start/stop/reload the daemon use:\n\n```console\n# rcctl start wsddn\n# rcctl stop wsddn\n# rcctl reload wsddn\n```\n\nConfiguration file will be at `/etc/wsddn/wsddn.conf`. Comments inside indicate available options and their meaning. You can also consult `/etc/wsddn/wsddn.conf.sample` you can consult, that preserves the original configuration.\nYou can also use `man wsddn` to learn about configuration or see online version [here][manpage]\n\nLog file is located at `/var/log/wsddn.log`. Log file rotation is configured via `newsylogd`. To modify rotation settings edit `/etc/newsyslog.conf`.\n\n\u003c/details\u003e\n\n### Docker\n\nOn Linux, if you are loath to install or build anything you also have an option to run\n`wsdd-native` in a Docker container.\n\n\u003e [!WARNING]\n\u003e Docker container will **not** work on macOS.\n\n\u003cdetails\u003e\n\n\u003csummary\u003eSetup and usage (click to expand)\u003c/summary\u003e\n\u003cbr\u003e\n\nTo run the container do\n\n```bash\ndocker run --net=host -e WSDDN_HOSTNAME=$(hostname) gershnik/wsddn\n```\n\n**Note** that `--net=host` is required. Without it `wsdd-native` cannot send and receive \nnecessary WS-Discovery traffic from your host.\n\nYou can also pass `-e WSDDN_WORKGROUP=name` to change workgroup name or \n`-e WSDDN_DOMAIN=name` to indicate domain membership. There are no other\nconfigurable settings.\n\n\u003c/details\u003e\n\n## Building from sources\n\n### Prerequisites\n\n* Git\n* C++20 capable compiler. Minimal compilers known to work are GCC 10.2, Clang 13 and Xcode 13.\n* CMake 3.25 or greater. If your distribution CMake is older than that you can download a newer version from https://cmake.org/download/\n* _Optional_: On Linux if you wish to enable `systemd` integration make sure you have `libsystemd` library and headers installed on your system. On APT systems use:\n  ```bash\n  sudo apt install libsystemd-dev\n  ```\n  On DNF systems use\n  ```bash\n  sudo dnf install systemd-devel\n  ```\n\n### Building and installing\n\n```bash\ngit clone https://github.com/gershnik/wsdd-native.git\ncd wsdd-native\ncmake -S . -B out -DCMAKE_BUILD_TYPE=RelWithDebInfo \ncmake --build out\nsudo cmake --install out --strip\n```\n\nThe `wsddn` executable will be installed into `/usr/local/bin` and manpage added to section 8 of the manual.\n\nThe following flags can be passed to CMake configure step:\n\n- `-DWSDDN_PREFER_SYSTEM_LIBXML2=ON|OFF`\n- `-DWSDDN_PREFER_SYSTEM_FMT=ON|OFF`\n- `-DWSDDN_PREFER_SYSTEM_SPDLOG=ON|OFF`\n- `-DWSDDN_PREFER_SYSTEM_TOMLPLUSPLUS=ON|OFF`\n\nThis controls whether to prefer system package version of 3rd party libraries or fetch and use them from sources.\nBy default all dependencies are fetched and used from sources.\n\nOn Linux:\n\n`-DWSDDN_WITH_SYSTEMD=\"yes\"|\"no\"|\"auto\"`. \n\nThis controls whether to enable `systemd` integration. Auto performs auto-detection (this is the default). \n\n### Setting up daemon\n\nThe [config](config) directory of this repo contains sample configuration files for different init systems (Systemd, Launchd, SysV init, FreeBSD and OpenBSD rc.d and OpenRC). You can adapt those as appropriate to your system. \n\nCommand line flags and configuration file entries are documented in `man wsddn` and online [here][manpage]\n\n\n## Usage\n\n### Firewall Setup\n\n\u003csmall\u003eNote: The following instructions are copied almost verbatim from [wsdd][wsdd] since the requirements are identical\u003c/small\u003e\n\nTraffic for the following ports, directions and addresses must be allowed.\n\n* incoming and outgoing traffic to `udp/3702` with multicast destination:\n  * `239.255.255.250` for IPv4\n  * `ff02::c` for IPv6\n* outgoing unicast traffic from `udp/3702`\n* incoming to `tcp/5357`\n\nYou should further restrict the traffic to the (link-)local subnet, e.g. by using the `fe80::/10` address space for IPv6. Please note that IGMP traffic must be enabled in order to get IPv4 multicast traffic working.\n\nFor UFW and firewalld, application/service profiles can be found under `config/firewalls`. If using binary installation packages these are provided \nas part of the installation. Note that UFW profiles only allow to grant the traffic on specific UDP and TCP ports, but a restriction on the IP range (like link local for IPv6) or the multicast traffic is not possible.\n\n### Security\n\nThere are four main security concerns with a daemon that accepts network requests and delivers data about local machine over the network\n\n1. A bug inside the daemon code may allow a remote attacker to penetrate the machine running it.\n2. The information legitimately provided by the daemon will disclose something to an attacker that would otherwise remain unknown, enabling him to mount further attacks.\n3. A bug or even the _normal functionality_ of the daemon might allow a remote attacker to use it to mount further attacks against other systems. For example it might be possible to \"convince\" the daemon to become a part of a distributed denial of service (DDoS) attack.\n4. A bug or a normal operation of the daemon might allow a remote attacker to make it or even the entire machine hosting it unresponsive resulting in a denial of service.\n\nCurrently the implementation ignores the second concern. The things **wsdd-native** discloses are the existence of the local host, its name, presence of Samba on it and domain/workgroup membership. All of these are generally disclosed by Samba itself via SMB broadcasts so, assuming the firewall is configured as described above, there is no net gain for an attacker. WS-Discovery protocol contains provisions for encrypting its HTTP traffic and potentially authenticating clients accessing your host via their client certificates. This limits exposure somewhat but at a significant configuration and maintenance cost. If there is interest in any of it it is possible to easily add this functionality in a future version. \n\nThe first concern is by far the most significant one. All software contains bugs and despite developer's best efforts there is always a risk that a bad actor can discover some kind of input that allows him to hijack the server process. To address this possibility **wsdd-native** takes the following measures (apart from general secure coding practices):\n* The process performing network communications never runs as root. If launched as root it will create an unprivileged account (`_wsddn:_wsddn` or `wsddn:wsddn` based on platform conventions) and run network process under it.\n* Similarly when started as root the daemon will lock the network process in a [chroot jail][chroot_jail] (usually `/var/empty` or `/var/run/wsddn` or another platform appropriate location). \n\nThese measures are automatic and cannot be bypassed. Taken together they should limit the fallout of any vulnerability though, of course, nothing ever can be claimed to be 100% secure.\n\nNote that when running on `systemd` systems it is recommended to use its `DynamicUser` facility instead of running as root and relying on the measures above. The Debian/Ubuntu/Fedora/Arch binary packages do so.\n\nThe third concern is also a significant one. Even in absence of any bugs a completely correct implementation of WS-Discovery protocol is known to be vulnerable to these kinds of attacks. See for example \n[here](https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-observed-in-the-wild-wsd-attacks-hitting-35gbps.html) and \n[here](https://www.zdnet.com/article/protocol-used-by-630000-devices-can-be-abused-for-devastating-ddos-attacks/). \nBugs (always a possibility) can make things even worse. As far as I know there is no effective mitigation to this threat that **wsdd-native** can implement in code. The only way to prevent these kinds of attacks is to __never__ expose **wsdd-native** ports to open internet via [firewall configuration](#firewall-setup). Given that the whole purpose of this daemon is to enable interoperability with Windows via SMB protocol there is probably never a good\nreason to let it accept and send traffic outside of a local network.\n\nThe fourth concern, while also present, is less severe than the above. **wsdd-native** is single threaded and so, even if overwhelmed by traffic, will not stress more than 1 CPU core. Its memory consumption is bounded so, in absence of bugs, it will not stress system memory either. It can itself be rendered unresponsive, of course, by too much traffic but, considering that it probably isn't a vital service for anyone, this isn't something that would excite any attacker. Possible bugs change this picture, however. If the network process is hijacked, even if mitigations for the 1st concern prevent further system penetration, the attacker can still make the network process consume too much CPU and memory. You can try to mitigate against this possibility by limiting daemon CPU and memory usage via [cgroups](https://www.redhat.com/en/blog/cgroups-part-four) or other mechanisms. However, a much simpler solution to these issues is the same as the above - never expose the daemon to the open internet.\n\n### Custom metadata\n\nBy default **wsdd-native** exposes the host it is running on as a computer in \"Computer\" section of Windows Explorer Network view. Clicking on a computer will attempt to access its shares via SMB protocol.\n\nInstead of this **wsdd-native** allows you to expose the host as a different kind of device among those supported by Windows Explorer, for example a media player, home security, printer etc. To do so you need to author a custom metadata XML and specify it via `--metadata` command line switch or `metadata` field in `wsddn.conf`.\n\nMore details on this can be found [on this page](config/metadata/README.md).\n\n\n## Acknowledgements\n\n**wsdd-native** is directly influenced by [wsdd][wsdd]. While no source code from it was directly re-used in this project, many design and implementation ideas were; as well as command line design and some documentation content.\n\nSee [Acknowledgements.md](Acknowledgements.md) for information about open source libraries used in this project.\n\n## Reporting Bugs\n\nPlease use the GitHub [issue tracker][issues] to report any bugs or suggestions.\nFor vulnerability disclosures or other security concerns see [Security Policy](SECURITY.md)\n\n\u003c!-- Links --\u003e\n\n[manpage]: https://htmlpreview.github.io/?https://github.com/gershnik/wsdd-native/blob/master/doc/wsddn.8.html\n[releases]: https://github.com/gershnik/wsdd-native/releases\n[issues]: https://github.com/gershnik/wsdd-native/issues\n[wsdd]: https://github.com/christgau/wsdd\n[wsdd2]: https://github.com/Netgear/wsdd2\n[chroot_jail]: https://en.wikipedia.org/wiki/Chroot\n[macports]: https://www.macports.org\n[homebrew]: https://brew.sh\n[aur]: https://wiki.archlinux.org/title/Arch_User_Repository\n\n[version_badge]: https://img.shields.io/badge/dynamic/regex?url=https%3A%2F%2Fraw.githubusercontent.com%2Fgershnik%2Fwsdd-native%2Frefs%2Fheads%2Fmaster%2FVERSION\u0026search=(.*)\u0026replace=%241\u0026label=version\n[license_badge]: https://img.shields.io/badge/license-BSD-brightgreen.svg\n[language_badge]: https://img.shields.io/badge/language-C++%2020-blue.svg\n\n\u003c!-- End Links --\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgershnik%2Fwsdd-native","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgershnik%2Fwsdd-native","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgershnik%2Fwsdd-native/lists"}