Note:The CUPS Browse Protocol was deprecated in CUPS 1.4 and is no longer supported.
This specification describes the CUPS browsing protocol which was used for printer sharing. The protocol was a UDP/IP-based broadcast service that operated on IP service port 631 by default. Each broadcast packet described a single printer or class being shared.
For simple networks with a single subnet, a CUPS system sharing a printer (the server) would periodically broadcast that printer's availability and status information to the subnet. Every other CUPS system on the subnet (the clients) would receive the broadcast and make that printer available to local users. If a client stopped receiving broadcasts from the server, or if the server sent a special "deleted" broadcast message, the client would remove its copy of the printer.
For larger networks with multiple subnets, a relay configuration could be used where one or more client systems polled the server and then broadcast the availability and status information for the server's shared printers to the clients' local subnets.
A key feature of CUPS printer sharing was support for implicit classes, which are automatically-created classes for printers that are shared by multiple servers. These implicit classes provided automatic load balancing and fail-safe printing functionality transparently to the user.
Like most discovery protocols, CUPS browse packets were not encrypted or signed, so it was possible for malicious systems on a network to advertise or remove printers on that network to cause denial of service or information disclosure. In order to combat this, CUPS logged incoming browse packets and provided access controls to limit browse packet reception to known hosts.
Each broadcast packet is an ASCII text string of up to 1450 bytes ending with a line feed (0x0a). The general format is:
printer-type printer-state printer-uri "printer-location" "printer-info" "printer-make-and-model" name=value name2=value2 ...
Each of the fields contains the value of the corresponding IPP attribute. The trailing "name=value" information is used to convey default job template attribute values (job-sheets-default, media-default, etc.), authentication requirements (auth-info-required), and additional IPP URI options that are requested by the server (ipp-options).
The following ABNF definition [RFC4234, RFC3986] defines the format of each browse packet:
PACKET = TYPE WSP STATE WSP URI WSP LOCATION WSP INFO WSP
MAKE-AND-MODEL WSP *[ WSP ATTR-NAME "=" ATTR-VALUE ] LF
TYPE = 1*HEXDIG
STATE = "3" / "4" / "5"
URI = "ipp://" ( 1*NAMECHAR / IP-literal / IPv4address )
[ ":" 1*DIGIT ] ( "/printers/" / "/classes/" ) 1*NAMECHAR
NAMECHAR = %x21.22.24.26-2E.30-7E / %x25 HEXDIG HEXDIG
IP-literal = See RFC 3986
IPv4address = See RFC 3986
LOCATION = QUOTED-STRING
INFO = QUOTED-STRING
MAKE-AND-MODEL = QUOTED-STRING
ATTR-NAME = 1*( ALPHA / DIGIT / "-" / "." )
ATTR-VALUE = QUOTED-STRING / 1*UNQUOTE-CHAR
QUOTED-STRING = DQUOTE *QUOTED-CHAR DQUOTE
QUOTED-CHAR = %x20.21.23-5B.5D-7E / UTF8-CHAR / %x5C %x5C / %x5C %x22
UNQUOTE-CHAR = %x21.23-26.28-5B.5D-7E / UTF8-CHAR
UTF8-CHAR = %xC0.DF %x80.BF / %xE0.EF %x80.BF %x80.BF /
%xF0.F7 %x80.BF %x80.BF %x80.BF