usr.sbin/inetd/inetd.8

*c3b6f8f2SDavid van Moolenbroek.\"	$NetBSD: inetd.8,v 1.57 2011/04/25 22:12:05 wiz Exp $
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
*c3b6f8f2SDavid van Moolenbroek.\" All rights reserved.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" This code is derived from software contributed to The NetBSD Foundation
*c3b6f8f2SDavid van Moolenbroek.\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
*c3b6f8f2SDavid van Moolenbroek.\" NASA Ames Research Center.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" Redistribution and use in source and binary forms, with or without
*c3b6f8f2SDavid van Moolenbroek.\" modification, are permitted provided that the following conditions
*c3b6f8f2SDavid van Moolenbroek.\" are met:
*c3b6f8f2SDavid van Moolenbroek.\" 1. Redistributions of source code must retain the above copyright
*c3b6f8f2SDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer.
*c3b6f8f2SDavid van Moolenbroek.\" 2. Redistributions in binary form must reproduce the above copyright
*c3b6f8f2SDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer in the
*c3b6f8f2SDavid van Moolenbroek.\"    documentation and/or other materials provided with the distribution.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
*c3b6f8f2SDavid van Moolenbroek.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
*c3b6f8f2SDavid van Moolenbroek.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
*c3b6f8f2SDavid van Moolenbroek.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
*c3b6f8f2SDavid van Moolenbroek.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
*c3b6f8f2SDavid van Moolenbroek.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
*c3b6f8f2SDavid van Moolenbroek.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
*c3b6f8f2SDavid van Moolenbroek.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
*c3b6f8f2SDavid van Moolenbroek.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
*c3b6f8f2SDavid van Moolenbroek.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
*c3b6f8f2SDavid van Moolenbroek.\" POSSIBILITY OF SUCH DAMAGE.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" Copyright (c) 1985, 1991 The Regents of the University of California.
*c3b6f8f2SDavid van Moolenbroek.\" All rights reserved.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" Redistribution and use in source and binary forms, with or without
*c3b6f8f2SDavid van Moolenbroek.\" modification, are permitted provided that the following conditions
*c3b6f8f2SDavid van Moolenbroek.\" are met:
*c3b6f8f2SDavid van Moolenbroek.\" 1. Redistributions of source code must retain the above copyright
*c3b6f8f2SDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer.
*c3b6f8f2SDavid van Moolenbroek.\" 2. Redistributions in binary form must reproduce the above copyright
*c3b6f8f2SDavid van Moolenbroek.\"    notice, this list of conditions and the following disclaimer in the
*c3b6f8f2SDavid van Moolenbroek.\"    documentation and/or other materials provided with the distribution.
*c3b6f8f2SDavid van Moolenbroek.\" 3. Neither the name of the University nor the names of its contributors
*c3b6f8f2SDavid van Moolenbroek.\"    may be used to endorse or promote products derived from this software
*c3b6f8f2SDavid van Moolenbroek.\"    without specific prior written permission.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
*c3b6f8f2SDavid van Moolenbroek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*c3b6f8f2SDavid van Moolenbroek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
*c3b6f8f2SDavid van Moolenbroek.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
*c3b6f8f2SDavid van Moolenbroek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
*c3b6f8f2SDavid van Moolenbroek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
*c3b6f8f2SDavid van Moolenbroek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*c3b6f8f2SDavid van Moolenbroek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*c3b6f8f2SDavid van Moolenbroek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
*c3b6f8f2SDavid van Moolenbroek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*c3b6f8f2SDavid van Moolenbroek.\" SUCH DAMAGE.
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.\"     from: @(#)inetd.8       8.4 (Berkeley) 6/1/94
*c3b6f8f2SDavid van Moolenbroek.\"
*c3b6f8f2SDavid van Moolenbroek.Dd August 27, 2008
*c3b6f8f2SDavid van Moolenbroek.Dt INETD 8
*c3b6f8f2SDavid van Moolenbroek.Os
*c3b6f8f2SDavid van Moolenbroek.Sh NAME
*c3b6f8f2SDavid van Moolenbroek.Nm inetd ,
*c3b6f8f2SDavid van Moolenbroek.Nm inetd.conf
*c3b6f8f2SDavid van Moolenbroek.Nd internet
*c3b6f8f2SDavid van Moolenbroek.Dq super-server
*c3b6f8f2SDavid van Moolenbroek.Sh SYNOPSIS
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroek.Op Fl d
*c3b6f8f2SDavid van Moolenbroek.Op Fl l
*c3b6f8f2SDavid van Moolenbroek.Op Ar configuration file
*c3b6f8f2SDavid van Moolenbroek.Sh DESCRIPTION
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekshould be run at boot time by
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/rc
*c3b6f8f2SDavid van Moolenbroek(see
*c3b6f8f2SDavid van Moolenbroek.Xr rc 8 ) .
*c3b6f8f2SDavid van MoolenbroekIt then opens sockets according to its configuration and listens
*c3b6f8f2SDavid van Moolenbroekfor connections.
*c3b6f8f2SDavid van MoolenbroekWhen a connection is found on one of its sockets, it decides what
*c3b6f8f2SDavid van Moolenbroekservice the socket corresponds to, and invokes a program to service
*c3b6f8f2SDavid van Moolenbroekthe request.
*c3b6f8f2SDavid van MoolenbroekAfter the program is finished, it continues to listen on the socket
*c3b6f8f2SDavid van Moolenbroek(except in some cases which will be described below).
*c3b6f8f2SDavid van MoolenbroekEssentially,
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekallows running one daemon to invoke several others,
*c3b6f8f2SDavid van Moolenbroekreducing load on the system.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe options available for
*c3b6f8f2SDavid van Moolenbroek.Nm :
*c3b6f8f2SDavid van Moolenbroek.Bl -tag -width Ds
*c3b6f8f2SDavid van Moolenbroek.It Fl d
*c3b6f8f2SDavid van MoolenbroekTurns on debugging.
*c3b6f8f2SDavid van Moolenbroek.It Fl l
*c3b6f8f2SDavid van MoolenbroekTurns on libwrap connection logging.
*c3b6f8f2SDavid van Moolenbroek.El
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekUpon execution,
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekreads its configuration information from a configuration
*c3b6f8f2SDavid van Moolenbroekfile which, by default, is
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf .
*c3b6f8f2SDavid van MoolenbroekThe path given for this configuration file must be absolute, unless
*c3b6f8f2SDavid van Moolenbroekthe
*c3b6f8f2SDavid van Moolenbroek.Fl d
*c3b6f8f2SDavid van Moolenbroekoption is also given on the command line.
*c3b6f8f2SDavid van MoolenbroekThere must be an entry for each field of the configuration
*c3b6f8f2SDavid van Moolenbroekfile, with entries for each field separated by a tab or
*c3b6f8f2SDavid van Moolenbroeka space.
*c3b6f8f2SDavid van MoolenbroekComments are denoted by a ``#'' at the beginning of a line.
*c3b6f8f2SDavid van MoolenbroekThere must be an entry for each field (except for one
*c3b6f8f2SDavid van Moolenbroekspecial case, described below).
*c3b6f8f2SDavid van MoolenbroekThe fields of the configuration file are as follows:
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Bd -unfilled -offset indent -compact
*c3b6f8f2SDavid van Moolenbroek[addr:]service-name
*c3b6f8f2SDavid van Moolenbroeksocket-type[:accept_filter]
*c3b6f8f2SDavid van Moolenbroekprotocol[,sndbuf=size][,rcvbuf=size]
*c3b6f8f2SDavid van Moolenbroekwait/nowait[:max]
*c3b6f8f2SDavid van Moolenbroekuser[:group]
*c3b6f8f2SDavid van Moolenbroekserver-program
*c3b6f8f2SDavid van Moolenbroekserver program arguments
*c3b6f8f2SDavid van Moolenbroek.Ed
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekTo specify an
*c3b6f8f2SDavid van Moolenbroek.Em Sun-RPC
*c3b6f8f2SDavid van Moolenbroekbased service, the entry would contain these fields:
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Bd -unfilled -offset indent -compact
*c3b6f8f2SDavid van Moolenbroekservice-name/version
*c3b6f8f2SDavid van Moolenbroeksocket-type
*c3b6f8f2SDavid van Moolenbroekrpc/protocol[,sndbuf=size][,rcvbuf=size]
*c3b6f8f2SDavid van Moolenbroekwait/nowait[:max]
*c3b6f8f2SDavid van Moolenbroekuser[:group]
*c3b6f8f2SDavid van Moolenbroekserver-program
*c3b6f8f2SDavid van Moolenbroekserver program arguments
*c3b6f8f2SDavid van Moolenbroek.Ed
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekTo specify a UNIX-domain (local) socket, the entry would contain
*c3b6f8f2SDavid van Moolenbroekthese fields:
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Bd -unfilled -offset indent -compact
*c3b6f8f2SDavid van Moolenbroekpath
*c3b6f8f2SDavid van Moolenbroeksocket-type
*c3b6f8f2SDavid van Moolenbroekunix[,sndbuf=size][,rcvbuf=size]
*c3b6f8f2SDavid van Moolenbroekwait/nowait[:max]
*c3b6f8f2SDavid van Moolenbroekuser[:group]
*c3b6f8f2SDavid van Moolenbroekserver-program
*c3b6f8f2SDavid van Moolenbroekserver program arguments
*c3b6f8f2SDavid van Moolenbroek.Ed
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekFor Internet services, the first field of the line may also have a host
*c3b6f8f2SDavid van Moolenbroekaddress specifier prefixed to it, separated from the service name by a colon.
*c3b6f8f2SDavid van MoolenbroekIf this is done, the string before the colon in the first field
*c3b6f8f2SDavid van Moolenbroekindicates what local address
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekshould use when listening for that service, or the single character
*c3b6f8f2SDavid van Moolenbroek.Dq \&*
*c3b6f8f2SDavid van Moolenbroekto indicate
*c3b6f8f2SDavid van Moolenbroek.Dv INADDR_ANY ,
*c3b6f8f2SDavid van Moolenbroekmeaning
*c3b6f8f2SDavid van Moolenbroek.Sq all local addresses .
*c3b6f8f2SDavid van MoolenbroekTo avoid repeating an address that occurs frequently, a line with a
*c3b6f8f2SDavid van Moolenbroekhost address specifier and colon, but no further fields, causes the
*c3b6f8f2SDavid van Moolenbroekhost address specifier to be remembered and used for all further lines
*c3b6f8f2SDavid van Moolenbroekwith no explicit host specifier (until another such line or the end of
*c3b6f8f2SDavid van Moolenbroekthe file).
*c3b6f8f2SDavid van MoolenbroekA line
*c3b6f8f2SDavid van Moolenbroek.Dl *:
*c3b6f8f2SDavid van Moolenbroekis implicitly provided at the top of the file; thus, traditional
*c3b6f8f2SDavid van Moolenbroekconfiguration files (which have no host address specifiers) will be
*c3b6f8f2SDavid van Moolenbroekinterpreted in the traditional manner, with all services listened for
*c3b6f8f2SDavid van Moolenbroekon all local addresses.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em service-name
*c3b6f8f2SDavid van Moolenbroekentry is the name of a valid service in
*c3b6f8f2SDavid van Moolenbroekthe file
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/services .
*c3b6f8f2SDavid van MoolenbroekFor
*c3b6f8f2SDavid van Moolenbroek.Dq internal
*c3b6f8f2SDavid van Moolenbroekservices (discussed below), the service
*c3b6f8f2SDavid van Moolenbroekname
*c3b6f8f2SDavid van Moolenbroek.Em must
*c3b6f8f2SDavid van Moolenbroekbe the official name of the service (that is, the first entry in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/services ) .
*c3b6f8f2SDavid van MoolenbroekWhen used to specify a
*c3b6f8f2SDavid van Moolenbroek.Em Sun-RPC
*c3b6f8f2SDavid van Moolenbroekbased service, this field is a valid RPC service name in
*c3b6f8f2SDavid van Moolenbroekthe file
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/rpc .
*c3b6f8f2SDavid van MoolenbroekThe part on the right of the
*c3b6f8f2SDavid van Moolenbroek.Dq /
*c3b6f8f2SDavid van Moolenbroekis the RPC version number.
*c3b6f8f2SDavid van MoolenbroekThis can simply be a single numeric argument or a range of versions.
*c3b6f8f2SDavid van MoolenbroekA range is bounded by the low version to the high version \-
*c3b6f8f2SDavid van Moolenbroek.Dq rusers/1-3 .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em socket-type
*c3b6f8f2SDavid van Moolenbroekshould be one of
*c3b6f8f2SDavid van Moolenbroek.Dq stream ,
*c3b6f8f2SDavid van Moolenbroek.Dq dgram ,
*c3b6f8f2SDavid van Moolenbroek.Dq raw ,
*c3b6f8f2SDavid van Moolenbroek.Dq rdm ,
*c3b6f8f2SDavid van Moolenbroekor
*c3b6f8f2SDavid van Moolenbroek.Dq seqpacket ,
*c3b6f8f2SDavid van Moolenbroekdepending on whether the socket is a stream, datagram, raw,
*c3b6f8f2SDavid van Moolenbroekreliably delivered message, or sequenced packet socket.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekOptionally, an
*c3b6f8f2SDavid van Moolenbroek.Xr accept_filter 9
*c3b6f8f2SDavid van Moolenbroekcan be specified by appending a colon to the socket-type, followed by
*c3b6f8f2SDavid van Moolenbroekthe name of the desired accept filter.
*c3b6f8f2SDavid van MoolenbroekIn this case
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwill not see new connections for the specified service until the accept
*c3b6f8f2SDavid van Moolenbroekfilter decides they are ready to be handled.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em protocol
*c3b6f8f2SDavid van Moolenbroekmust be a valid protocol as given in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/protocols
*c3b6f8f2SDavid van Moolenbroekor the string
*c3b6f8f2SDavid van Moolenbroek.Dq unix .
*c3b6f8f2SDavid van MoolenbroekExamples might be
*c3b6f8f2SDavid van Moolenbroek.Dq tcp
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Dq udp .
*c3b6f8f2SDavid van MoolenbroekRpc based services are specified with the
*c3b6f8f2SDavid van Moolenbroek.Dq rpc/tcp
*c3b6f8f2SDavid van Moolenbroekor
*c3b6f8f2SDavid van Moolenbroek.Dq rpc/udp
*c3b6f8f2SDavid van Moolenbroekservice type.
*c3b6f8f2SDavid van Moolenbroek.Dq tcp
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Dq udp
*c3b6f8f2SDavid van Moolenbroekwill be recognized as
*c3b6f8f2SDavid van Moolenbroek.Dq TCP or UDP over default IP version .
*c3b6f8f2SDavid van MoolenbroekIt is currently IPv4, but in the future it will be IPv6.
*c3b6f8f2SDavid van MoolenbroekIf you need to specify IPv4 or IPv6 explicitly, use something like
*c3b6f8f2SDavid van Moolenbroek.Dq tcp4
*c3b6f8f2SDavid van Moolenbroekor
*c3b6f8f2SDavid van Moolenbroek.Dq udp6 .
*c3b6f8f2SDavid van MoolenbroekIf you would like to enable special support for
*c3b6f8f2SDavid van Moolenbroek.Xr faithd 8 ,
*c3b6f8f2SDavid van Moolenbroekprepend a keyword
*c3b6f8f2SDavid van Moolenbroek.Dq faith
*c3b6f8f2SDavid van Moolenbroekinto
*c3b6f8f2SDavid van Moolenbroek.Em protocol ,
*c3b6f8f2SDavid van Moolenbroeklike
*c3b6f8f2SDavid van Moolenbroek.Dq faith/tcp6 .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekIn addition to the protocol, the configuration file may specify the
*c3b6f8f2SDavid van Moolenbroeksend and receive socket buffer sizes for the listening socket.
*c3b6f8f2SDavid van MoolenbroekThis is especially useful for
*c3b6f8f2SDavid van Moolenbroek.Tn TCP
*c3b6f8f2SDavid van Moolenbroekas the window scale factor, which is based on the receive socket
*c3b6f8f2SDavid van Moolenbroekbuffer size, is advertised when the connection handshake occurs,
*c3b6f8f2SDavid van Moolenbroekthus the socket buffer size for the server must be set on the listen socket.
*c3b6f8f2SDavid van MoolenbroekBy increasing the socket buffer sizes, better
*c3b6f8f2SDavid van Moolenbroek.Tn TCP
*c3b6f8f2SDavid van Moolenbroekperformance may be realized in some situations.
*c3b6f8f2SDavid van MoolenbroekThe socket buffer sizes are specified by appending their values to
*c3b6f8f2SDavid van Moolenbroekthe protocol specification as follows:
*c3b6f8f2SDavid van Moolenbroek.Bd -literal -offset indent
*c3b6f8f2SDavid van Moolenbroektcp,rcvbuf=16384
*c3b6f8f2SDavid van Moolenbroektcp,sndbuf=64k
*c3b6f8f2SDavid van Moolenbroektcp,rcvbuf=64k,sndbuf=1m
*c3b6f8f2SDavid van Moolenbroek.Ed
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekA literal value may be specified, or modified using
*c3b6f8f2SDavid van Moolenbroek.Sq k
*c3b6f8f2SDavid van Moolenbroekto indicate kilobytes or
*c3b6f8f2SDavid van Moolenbroek.Sq m
*c3b6f8f2SDavid van Moolenbroekto indicate megabytes.
*c3b6f8f2SDavid van MoolenbroekSocket buffer sizes may be specified for all
*c3b6f8f2SDavid van Moolenbroekservices and protocols except for tcpmux services.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em wait/nowait
*c3b6f8f2SDavid van Moolenbroekentry is used to tell
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekif it should wait for the server program to return,
*c3b6f8f2SDavid van Moolenbroekor continue processing connections on the socket.
*c3b6f8f2SDavid van MoolenbroekIf a datagram server connects
*c3b6f8f2SDavid van Moolenbroekto its peer, freeing the socket so
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekcan receive further messages on the socket, it is said to be
*c3b6f8f2SDavid van Moolenbroeka
*c3b6f8f2SDavid van Moolenbroek.Dq multi-threaded
*c3b6f8f2SDavid van Moolenbroekserver, and should use the
*c3b6f8f2SDavid van Moolenbroek.Dq nowait
*c3b6f8f2SDavid van Moolenbroekentry.
*c3b6f8f2SDavid van MoolenbroekFor datagram servers which process all incoming datagrams
*c3b6f8f2SDavid van Moolenbroekon a socket and eventually time out, the server is said to be
*c3b6f8f2SDavid van Moolenbroek.Dq single-threaded
*c3b6f8f2SDavid van Moolenbroekand should use a
*c3b6f8f2SDavid van Moolenbroek.Dq wait
*c3b6f8f2SDavid van Moolenbroekentry.
*c3b6f8f2SDavid van Moolenbroek.Xr comsat 8
*c3b6f8f2SDavid van Moolenbroek.Pq Xr biff 1
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Xr ntalkd 8
*c3b6f8f2SDavid van Moolenbroekare both examples of the latter type of
*c3b6f8f2SDavid van Moolenbroekdatagram server.
*c3b6f8f2SDavid van Moolenbroek.Xr tftpd 8
*c3b6f8f2SDavid van Moolenbroekis an exception; it is a datagram server that establishes pseudo-connections.
*c3b6f8f2SDavid van MoolenbroekIt must be listed as
*c3b6f8f2SDavid van Moolenbroek.Dq wait
*c3b6f8f2SDavid van Moolenbroekin order to avoid a race;
*c3b6f8f2SDavid van Moolenbroekthe server reads the first packet, creates a new socket,
*c3b6f8f2SDavid van Moolenbroekand then forks and exits to allow
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekto check for new service requests to spawn new servers.
*c3b6f8f2SDavid van MoolenbroekThe optional
*c3b6f8f2SDavid van Moolenbroek.Dq max
*c3b6f8f2SDavid van Moolenbroeksuffix (separated from
*c3b6f8f2SDavid van Moolenbroek.Dq wait
*c3b6f8f2SDavid van Moolenbroekor
*c3b6f8f2SDavid van Moolenbroek.Dq nowait
*c3b6f8f2SDavid van Moolenbroekby a dot or a colon) specifies the maximum number of server instances that may
*c3b6f8f2SDavid van Moolenbroekbe spawned from
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwithin an interval of 60 seconds.
*c3b6f8f2SDavid van MoolenbroekWhen omitted,
*c3b6f8f2SDavid van Moolenbroek.Dq max
*c3b6f8f2SDavid van Moolenbroekdefaults to 40.
*c3b6f8f2SDavid van MoolenbroekIf it reaches this maximum spawn rate,
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwill log the problem (via the syslogger using the
*c3b6f8f2SDavid van Moolenbroek.Dv LOG_DAEMON
*c3b6f8f2SDavid van Moolenbroekfacility and
*c3b6f8f2SDavid van Moolenbroek.Dv LOG_ERR
*c3b6f8f2SDavid van Moolenbroeklevel)
*c3b6f8f2SDavid van Moolenbroekand stop handling the specific service for ten minutes.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekStream servers are usually marked as
*c3b6f8f2SDavid van Moolenbroek.Dq nowait
*c3b6f8f2SDavid van Moolenbroekbut if a single server process is to handle multiple connections, it may be
*c3b6f8f2SDavid van Moolenbroekmarked as
*c3b6f8f2SDavid van Moolenbroek.Dq wait .
*c3b6f8f2SDavid van MoolenbroekThe master socket will then be passed as fd 0 to the server, which will then
*c3b6f8f2SDavid van Moolenbroekneed to accept the incoming connection.
*c3b6f8f2SDavid van MoolenbroekThe server should eventually time
*c3b6f8f2SDavid van Moolenbroekout and exit when no more connections are active.
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwill continue to
*c3b6f8f2SDavid van Moolenbroeklisten on the master socket for connections, so the server should not close
*c3b6f8f2SDavid van Moolenbroekit when it exits.
*c3b6f8f2SDavid van Moolenbroek.Xr identd 8
*c3b6f8f2SDavid van Moolenbroekis usually the only stream server marked as wait.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em user
*c3b6f8f2SDavid van Moolenbroekentry should contain the user name of the user as whom the server should run.
*c3b6f8f2SDavid van MoolenbroekThis allows for servers to be given less permission than root.
*c3b6f8f2SDavid van MoolenbroekOptionally, a group can be specified by appending a colon to the user name,
*c3b6f8f2SDavid van Moolenbroekfollowed by the group name (it is possible to use a dot (``.'') in lieu of a
*c3b6f8f2SDavid van Moolenbroekcolon, however this feature is provided only for backward compatibility).
*c3b6f8f2SDavid van MoolenbroekThis allows for servers to run with a different (primary) group id than
*c3b6f8f2SDavid van Moolenbroekspecified in the password file.
*c3b6f8f2SDavid van MoolenbroekIf a group is specified and
*c3b6f8f2SDavid van Moolenbroek.Em user
*c3b6f8f2SDavid van Moolenbroekis not root, the supplementary groups associated with that user will still be
*c3b6f8f2SDavid van Moolenbroekset.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em server-program
*c3b6f8f2SDavid van Moolenbroekentry should contain the pathname of the program which is to be
*c3b6f8f2SDavid van Moolenbroekexecuted by
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwhen a request is found on its socket.
*c3b6f8f2SDavid van MoolenbroekIf
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekprovides this service internally, this entry should
*c3b6f8f2SDavid van Moolenbroekbe
*c3b6f8f2SDavid van Moolenbroek.Dq internal .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Em server program arguments
*c3b6f8f2SDavid van Moolenbroekshould be just as arguments
*c3b6f8f2SDavid van Moolenbroeknormally are, starting with argv[0], which is the name of
*c3b6f8f2SDavid van Moolenbroekthe program.
*c3b6f8f2SDavid van MoolenbroekIf the service is provided internally, the
*c3b6f8f2SDavid van Moolenbroekword
*c3b6f8f2SDavid van Moolenbroek.Dq internal
*c3b6f8f2SDavid van Moolenbroekshould take the place of this entry.
*c3b6f8f2SDavid van MoolenbroekIt is possible to quote an argument using either single or double quotes.
*c3b6f8f2SDavid van MoolenbroekThis allows you to have, e.g., spaces in paths and parameters.
*c3b6f8f2SDavid van Moolenbroek.Ss Internal Services
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekprovides several
*c3b6f8f2SDavid van Moolenbroek.Qq trivial
*c3b6f8f2SDavid van Moolenbroekservices internally by use of routines within itself.
*c3b6f8f2SDavid van MoolenbroekThese services are
*c3b6f8f2SDavid van Moolenbroek.Qq echo ,
*c3b6f8f2SDavid van Moolenbroek.Qq discard ,
*c3b6f8f2SDavid van Moolenbroek.Qq chargen
*c3b6f8f2SDavid van Moolenbroek(character generator),
*c3b6f8f2SDavid van Moolenbroek.Qq daytime
*c3b6f8f2SDavid van Moolenbroek(human readable time), and
*c3b6f8f2SDavid van Moolenbroek.Qq time
*c3b6f8f2SDavid van Moolenbroek(machine readable time,
*c3b6f8f2SDavid van Moolenbroekin the form of the number of seconds since midnight, January 1, 1900 GMT).
*c3b6f8f2SDavid van MoolenbroekFor details of these services, consult the appropriate
*c3b6f8f2SDavid van Moolenbroek.Tn RFC .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekTCP services without official port numbers can be handled with the
*c3b6f8f2SDavid van MoolenbroekRFC1078-based tcpmux internal service.
*c3b6f8f2SDavid van MoolenbroekTCPmux listens on port 1 for requests.
*c3b6f8f2SDavid van MoolenbroekWhen a connection is made from a foreign host, the service name
*c3b6f8f2SDavid van Moolenbroekrequested is passed to TCPmux, which performs a lookup in the
*c3b6f8f2SDavid van Moolenbroekservice name table provided by
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf
*c3b6f8f2SDavid van Moolenbroekand returns the proper entry for the service.
*c3b6f8f2SDavid van MoolenbroekTCPmux returns a negative reply if the service doesn't exist,
*c3b6f8f2SDavid van Moolenbroekotherwise the invoked server is expected to return the positive
*c3b6f8f2SDavid van Moolenbroekreply if the service type in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf
*c3b6f8f2SDavid van Moolenbroekfile has the prefix
*c3b6f8f2SDavid van Moolenbroek.Qq tcpmux/ .
*c3b6f8f2SDavid van MoolenbroekIf the service type has the
*c3b6f8f2SDavid van Moolenbroekprefix
*c3b6f8f2SDavid van Moolenbroek.Qq tcpmux/+ ,
*c3b6f8f2SDavid van MoolenbroekTCPmux will return the positive reply for the
*c3b6f8f2SDavid van Moolenbroekprocess; this is for compatibility with older server code, and also
*c3b6f8f2SDavid van Moolenbroekallows you to invoke programs that use stdin/stdout without putting any
*c3b6f8f2SDavid van Moolenbroekspecial server code in them.
*c3b6f8f2SDavid van MoolenbroekServices that use TCPmux are
*c3b6f8f2SDavid van Moolenbroek.Qq nowait
*c3b6f8f2SDavid van Moolenbroekbecause they do not have a well-known port number and hence cannot listen
*c3b6f8f2SDavid van Moolenbroekfor new requests.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekrereads its configuration file when it receives a hangup signal,
*c3b6f8f2SDavid van Moolenbroek.Dv SIGHUP .
*c3b6f8f2SDavid van MoolenbroekServices may be added, deleted or modified when the configuration file
*c3b6f8f2SDavid van Moolenbroekis reread.
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekcreates a file
*c3b6f8f2SDavid van Moolenbroek.Em /var/run/inetd.pid
*c3b6f8f2SDavid van Moolenbroekthat contains its process identifier.
*c3b6f8f2SDavid van Moolenbroek.Ss libwrap
*c3b6f8f2SDavid van MoolenbroekSupport for
*c3b6f8f2SDavid van Moolenbroek.Tn TCP
*c3b6f8f2SDavid van Moolenbroekwrappers is included with
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekto provide internal tcpd-like access control functionality.
*c3b6f8f2SDavid van MoolenbroekAn external tcpd program is not needed.
*c3b6f8f2SDavid van MoolenbroekYou do not need to change the
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf
*c3b6f8f2SDavid van Moolenbroekserver-program entry to enable this capability.
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekuses
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/hosts.allow
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/hosts.deny
*c3b6f8f2SDavid van Moolenbroekfor access control facility configurations, as described in
*c3b6f8f2SDavid van Moolenbroek.Xr hosts_access 5 .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Em Nota Bene :
*c3b6f8f2SDavid van Moolenbroek.Tn TCP
*c3b6f8f2SDavid van Moolenbroekwrappers do not affect/restrict
*c3b6f8f2SDavid van Moolenbroek.Tn UDP
*c3b6f8f2SDavid van Moolenbroekor internal services.
*c3b6f8f2SDavid van Moolenbroek.Ss IPsec
*c3b6f8f2SDavid van MoolenbroekThe implementation includes a tiny hack to support IPsec policy settings for
*c3b6f8f2SDavid van Moolenbroekeach socket.
*c3b6f8f2SDavid van MoolenbroekA special form of the comment line, starting with
*c3b6f8f2SDavid van Moolenbroek.Dq Li "#@" ,
*c3b6f8f2SDavid van Moolenbroekis used as a policy specifier.
*c3b6f8f2SDavid van MoolenbroekThe content of the above comment line will be treated as a IPsec policy string,
*c3b6f8f2SDavid van Moolenbroekas described in
*c3b6f8f2SDavid van Moolenbroek.Xr ipsec_set_policy 3 .
*c3b6f8f2SDavid van MoolenbroekMultiple IPsec policy strings may be specified by using a semicolon
*c3b6f8f2SDavid van Moolenbroekas a separator.
*c3b6f8f2SDavid van MoolenbroekIf conflicting policy strings are found in a single line,
*c3b6f8f2SDavid van Moolenbroekthe last string will take effect.
*c3b6f8f2SDavid van MoolenbroekA
*c3b6f8f2SDavid van Moolenbroek.Li "#@"
*c3b6f8f2SDavid van Moolenbroekline affects all of the following lines in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf ,
*c3b6f8f2SDavid van Moolenbroekso you may want to reset the IPsec policy by using a comment line containing
*c3b6f8f2SDavid van Moolenbroekonly
*c3b6f8f2SDavid van Moolenbroek.Li "#@"
*c3b6f8f2SDavid van Moolenbroek.Pq with no policy string .
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekIf an invalid IPsec policy string appears in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf ,
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroeklogs an error message using
*c3b6f8f2SDavid van Moolenbroek.Xr syslog 3
*c3b6f8f2SDavid van Moolenbroekand terminates itself.
*c3b6f8f2SDavid van Moolenbroek.Ss IPv6 TCP/UDP behavior
*c3b6f8f2SDavid van MoolenbroekIf you wish to run a server for both IPv4 and IPv6 traffic,
*c3b6f8f2SDavid van Moolenbroekyou will need to run two separate processes for the same server program,
*c3b6f8f2SDavid van Moolenbroekspecified as two separate lines in
*c3b6f8f2SDavid van Moolenbroek.Pa /etc/inetd.conf
*c3b6f8f2SDavid van Moolenbroekusing
*c3b6f8f2SDavid van Moolenbroek.Dq tcp4
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Dq tcp6
*c3b6f8f2SDavid van Moolenbroekrespectively.
*c3b6f8f2SDavid van MoolenbroekPlain
*c3b6f8f2SDavid van Moolenbroek.Dq tcp
*c3b6f8f2SDavid van Moolenbroekmeans TCP on top of the current default IP version,
*c3b6f8f2SDavid van Moolenbroekwhich is, at this moment, IPv4.
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van MoolenbroekUnder various combination of IPv4/v6 daemon settings,
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekwill behave as follows:
*c3b6f8f2SDavid van Moolenbroek.Bl -bullet -compact
*c3b6f8f2SDavid van Moolenbroek.It
*c3b6f8f2SDavid van MoolenbroekIf you have only one server on
*c3b6f8f2SDavid van Moolenbroek.Dq tcp4 ,
*c3b6f8f2SDavid van MoolenbroekIPv4 traffic will be routed to the server.
*c3b6f8f2SDavid van MoolenbroekIPv6 traffic will not be accepted.
*c3b6f8f2SDavid van Moolenbroek.It
*c3b6f8f2SDavid van MoolenbroekIf you have two servers on
*c3b6f8f2SDavid van Moolenbroek.Dq tcp4
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Dq tcp6 ,
*c3b6f8f2SDavid van MoolenbroekIPv4 traffic will be routed to the server on
*c3b6f8f2SDavid van Moolenbroek.Dq tcp4 ,
*c3b6f8f2SDavid van Moolenbroekand IPv6 traffic will go to server on
*c3b6f8f2SDavid van Moolenbroek.Dq tcp6 .
*c3b6f8f2SDavid van Moolenbroek.It
*c3b6f8f2SDavid van MoolenbroekIf you have only one server on
*c3b6f8f2SDavid van Moolenbroek.Dq tcp6 ,
*c3b6f8f2SDavid van Moolenbroekonly IPv6 traffic will be routed to the server.
*c3b6f8f2SDavid van MoolenbroekThe kernel may route to the server IPv4 traffic as well,
*c3b6f8f2SDavid van Moolenbroekunder certain configuration.
*c3b6f8f2SDavid van MoolenbroekSee
*c3b6f8f2SDavid van Moolenbroek.Xr ip6 4
*c3b6f8f2SDavid van Moolenbroekfor details.
*c3b6f8f2SDavid van Moolenbroek.El
*c3b6f8f2SDavid van Moolenbroek.Sh FILES
*c3b6f8f2SDavid van Moolenbroek.Bl -tag -width /etc/hosts.allow -compact
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/inetd.conf
*c3b6f8f2SDavid van Moolenbroekconfiguration file for all
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekprovided services
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/services
*c3b6f8f2SDavid van Moolenbroekservice name to protocol and port number mappings.
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/protocols
*c3b6f8f2SDavid van Moolenbroekprotocol name to protocol number mappings
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/rpc
*c3b6f8f2SDavid van Moolenbroek.Tn Sun-RPC
*c3b6f8f2SDavid van Moolenbroekservice name to service number mappings.
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/hosts.allow
*c3b6f8f2SDavid van Moolenbroekexplicit remote host access list.
*c3b6f8f2SDavid van Moolenbroek.It Pa /etc/hosts.deny
*c3b6f8f2SDavid van Moolenbroekexplicit remote host denial of service list.
*c3b6f8f2SDavid van Moolenbroek.El
*c3b6f8f2SDavid van Moolenbroek.Sh SEE ALSO
*c3b6f8f2SDavid van Moolenbroek.Xr hosts_access 5 ,
*c3b6f8f2SDavid van Moolenbroek.Xr hosts_options 5 ,
*c3b6f8f2SDavid van Moolenbroek.Xr protocols 5 ,
*c3b6f8f2SDavid van Moolenbroek.Xr rpc 5 ,
*c3b6f8f2SDavid van Moolenbroek.Xr services 5 ,
*c3b6f8f2SDavid van Moolenbroek.Xr comsat 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr fingerd 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr ftpd 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr rexecd 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr rlogind 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr rshd 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr telnetd 8 ,
*c3b6f8f2SDavid van Moolenbroek.Xr tftpd 8
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A J. Postel
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 862
*c3b6f8f2SDavid van Moolenbroek.%D May 1983
*c3b6f8f2SDavid van Moolenbroek.%T "Echo Protocol"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A J. Postel
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 863
*c3b6f8f2SDavid van Moolenbroek.%D May 1983
*c3b6f8f2SDavid van Moolenbroek.%T "Discard Protocol"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A J. Postel
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 864
*c3b6f8f2SDavid van Moolenbroek.%D May 1983
*c3b6f8f2SDavid van Moolenbroek.%T "Character Generator Protocol"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A J. Postel
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 867
*c3b6f8f2SDavid van Moolenbroek.%D May 1983
*c3b6f8f2SDavid van Moolenbroek.%T "Daytime Protocol"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A J. Postel
*c3b6f8f2SDavid van Moolenbroek.%A K. Harrenstien
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 868
*c3b6f8f2SDavid van Moolenbroek.%D May 1983
*c3b6f8f2SDavid van Moolenbroek.%T "Time Protocol"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Rs
*c3b6f8f2SDavid van Moolenbroek.%A M. Lottor
*c3b6f8f2SDavid van Moolenbroek.%R RFC
*c3b6f8f2SDavid van Moolenbroek.%N 1078
*c3b6f8f2SDavid van Moolenbroek.%D November 1988
*c3b6f8f2SDavid van Moolenbroek.%T "TCP port service Multiplexer (TCPMUX)"
*c3b6f8f2SDavid van Moolenbroek.Re
*c3b6f8f2SDavid van Moolenbroek.Sh HISTORY
*c3b6f8f2SDavid van MoolenbroekThe
*c3b6f8f2SDavid van Moolenbroek.Nm
*c3b6f8f2SDavid van Moolenbroekcommand appeared in
*c3b6f8f2SDavid van Moolenbroek.Bx 4.3 .
*c3b6f8f2SDavid van MoolenbroekSupport for
*c3b6f8f2SDavid van Moolenbroek.Em Sun-RPC
*c3b6f8f2SDavid van Moolenbroekbased services is modeled after that
*c3b6f8f2SDavid van Moolenbroekprovided by SunOS 4.1.
*c3b6f8f2SDavid van MoolenbroekSupport for specifying the socket buffer sizes was added in
*c3b6f8f2SDavid van Moolenbroek.Nx 1.4 .
*c3b6f8f2SDavid van MoolenbroekIn November 1996, libwrap support was added to provide
*c3b6f8f2SDavid van Moolenbroekinternal tcpd-like access control functionality;
*c3b6f8f2SDavid van Moolenbroeklibwrap is based on Wietse Venema's tcp_wrappers.
*c3b6f8f2SDavid van MoolenbroekIPv6 support and IPsec hack was made by KAME project, in 1999.
*c3b6f8f2SDavid van Moolenbroek.Sh BUGS
*c3b6f8f2SDavid van MoolenbroekHost address specifiers, while they make conceptual sense for RPC
*c3b6f8f2SDavid van Moolenbroekservices, do not work entirely correctly.
*c3b6f8f2SDavid van MoolenbroekThis is largely because the portmapper interface does not provide
*c3b6f8f2SDavid van Moolenbroeka way to register different ports for the same service on different
*c3b6f8f2SDavid van Moolenbroeklocal addresses.
*c3b6f8f2SDavid van MoolenbroekProvided you never have more than one entry for a given RPC service,
*c3b6f8f2SDavid van Moolenbroekeverything should work correctly (Note that default host address
*c3b6f8f2SDavid van Moolenbroekspecifiers do apply to RPC lines with no explicit specifier.)
*c3b6f8f2SDavid van Moolenbroek.Pp
*c3b6f8f2SDavid van Moolenbroek.Dq tcpmux
*c3b6f8f2SDavid van Moolenbroekon IPv6 is not tested enough.
*c3b6f8f2SDavid van Moolenbroek.Sh SECURITY CONSIDERATIONS
*c3b6f8f2SDavid van MoolenbroekEnabling the
*c3b6f8f2SDavid van Moolenbroek.Dq echo ,
*c3b6f8f2SDavid van Moolenbroek.Dq discard ,
*c3b6f8f2SDavid van Moolenbroekand
*c3b6f8f2SDavid van Moolenbroek.Dq chargen
*c3b6f8f2SDavid van Moolenbroekbuilt-in trivial services is not recommended because remote
*c3b6f8f2SDavid van Moolenbroekusers may abuse these to cause a denial of network service to
*c3b6f8f2SDavid van Moolenbroekor from the local host.