fair
1cab78c82a
Document TCPmux internal service, per additional discussion of PR 12325.
...
The text was snatched directly from the comment about it in inetd.c and
modified for better clarity.
2001-03-16 08:19:13 +00:00
fair
232ed76f81
Add text to more clearly document that tcpd is not needed, per PR 10754.
...
Add a FILES section. Add a few more references to SEE ALSO.
Clean up nroff nits (e.g. spaces at end of line).
2001-03-10 11:52:51 +00:00
bjh21
e4fc14ba1d
Mention relevant RFCs in "SEE ALSO".
2001-03-04 14:18:32 +00:00
cgd
25bdbb661e
convert to use getprogname()
2001-02-19 23:22:40 +00:00
jlam
c5d65e2d74
Improve grammar slightly in the description for IPsec policy settings.
2001-01-25 21:49:31 +00:00
lukem
0645f2f67b
use explicit name rather than __progname in openlog
2001-01-11 01:34:28 +00:00
hubertf
1e2914d00b
Document that the path to the configuration file given on the command
...
line must be absolute, unless the -d option is given on the command line.
2000-12-02 02:15:34 +00:00
ad
b8bb84a3b0
Clean one paragraph.
2000-09-19 16:28:52 +00:00
itojun
51156effd6
be more paranoid about UDP-based echo services validation. namely,
...
reject the following sources:
0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
ff00::/8 ::/128
::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
hint from deraadt.
2000-08-01 18:42:08 +00:00
mycroft
70c4e41552
Remove bogus typeof hack, and just use the type directly.
2000-07-23 22:54:51 +00:00
itojun
b44d184dec
permit square-bracket notation (as in RFC2732) for the first element
...
in inetd.conf. otherwise, we'll have (minor) problem putting IPv6 address in.
sync with kame.
[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
2000-07-08 01:55:24 +00:00
itojun
7bf16d3ecc
explicitly check if the address family is supported, by using socket(2).
2000-07-07 14:56:45 +00:00
itojun
358c3cf8dc
more change on getaddrinfo error handling.
...
XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo. it is sometimes mandatory, however. gai_strerror message
can be too generic in some cases. we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)
2000-07-05 12:43:06 +00:00
itojun
798ee6865c
add faithd(8) support. with "faith/tcp6" protocol specification,
...
it will open a socket with setsockopt(IPV6_FAITH).
2000-07-04 13:25:39 +00:00
itojun
9282955dca
emit more friendly message on nonexistent service name.
...
From: enami
2000-07-04 09:33:55 +00:00
itojun
0f20cdad3f
check for mux service by ISMUX(), not by != NORM_TYPE
...
(the assumption can bite us if we extend se_type to have more cases).
2000-07-03 23:40:59 +00:00
itojun
ee1989a0d1
remove duplicated ipsec setup code. we always call setup() on
...
socket reinitialization (like SIGHUP).
sync with kame.
2000-07-03 23:37:17 +00:00
itojun
80a16c051d
typo
2000-06-14 16:06:43 +00:00
itojun
59996dbc2b
clarify tcp4/tcp6 interaction.
2000-06-14 15:57:26 +00:00
fvdl
2db4d2fdfe
Modify to support RPC over IPv6.
2000-06-02 23:17:55 +00:00
itojun
2e33d275dc
use LOG_WARNING for syslog output for address family mismatch.
...
suggested by: thorpej
2000-05-13 06:42:13 +00:00
itojun
31eb929ec0
correct extremely unfriendly error message when the kernel does not
...
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).
was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel
2000-05-13 02:56:47 +00:00
itojun
8fb9de8e46
fix IPsec policy parser. #@ should affect multiple lines as documented.
2000-03-06 19:52:13 +00:00
itojun
4b061adfdb
sync with latest libipsec.
...
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".
2000-01-31 14:28:17 +00:00
itojun
55ffb1ce63
make error check against getnameinfo().
2000-01-27 19:52:43 +00:00
itojun
a31f62a92c
call sigsetmask() on ipsec initialization failure.
2000-01-13 15:53:00 +00:00
itojun
ad663a8d32
refrain using non-standard .Sh. use .Ss.
1999-11-21 17:28:23 +00:00
kristerw
2220c68654
Typos (from OpenBSD)
1999-11-18 19:02:31 +00:00
ad
d3f47cfba9
A colon is the preferred way to split a user and group name pair; make this
...
possible and depreciate the use of dot.
1999-10-06 21:54:10 +00:00
itojun
f7c22e9eaa
fix internal servers (like echo) so that they can accept AF_INET6 connections.
...
add AF_INET6 support for port_good_dg().
1999-09-15 09:59:41 +00:00
simonb
fd8040a031
s/acknowledgment/acknowledgement/
1999-09-10 03:24:14 +00:00
itojun
35a68ecb71
avoid multiple BUGS section.
1999-08-13 13:57:52 +00:00
sommerfeld
fdadab8fc8
Fix PR7739: correct -DRPC rot in inetd.c
1999-08-02 01:12:21 +00:00
itojun
e1b53de44e
query service name properly on libwrap warnings.
...
NetBSD PR: 8101
1999-07-28 10:58:31 +00:00
ghudson
113b4934fe
se_wait stores pids; make it a pid_t.
1999-07-19 15:49:39 +00:00
itojun
93de5675b3
be more friendly with non-IPsec kernel (hide warnings).
1999-07-04 00:31:57 +00:00
itojun
d161ab0018
clearify and woring fix.
1999-07-02 16:55:45 +00:00
itojun
0d5c089973
document tcp4/tcp6 manipulation.
1999-07-02 16:49:34 +00:00
itojun
a77871b871
dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
...
(the style is the rough consensus among v6 implementers so it will be
the standard style)
TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.
1999-07-02 04:48:19 +00:00
thorpej
78688ba793
Use pidfile(3).
1999-06-06 01:50:23 +00:00
hwr
f6aa0f509c
Prevent sending udp data to the obvious bad ports that are used for
...
DoS attacks (e.g. looping packets between two echo ports).
This should "fix" PR bin/2455.
Could please anyone with an appropriate "hacker tools" check this?
1999-04-11 15:40:58 +00:00
garbled
d1407362ba
More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
...
so we shouldn't override it with versions in the manpages. Many more to
come.
1999-03-22 18:43:46 +00:00
tsarna
c51f63ace5
Clarify the syntax a bit
1999-01-29 19:41:47 +00:00
mycroft
e37d13ec69
Revert previous.
1999-01-20 09:24:06 +00:00
mycroft
24285e691d
Make all listening sockets non-blocking.
1999-01-20 04:42:17 +00:00
lukem
786b86d71b
use AF_LOCAL instead of AF_UNIX
1998-07-18 05:04:35 +00:00
tron
ec7c8ec161
From "buqtraq": avoid file descriptor leak if service is looping.
1998-07-16 08:55:43 +00:00
lukem
fc90756956
Implement a new manual page category ``SECURITY CONSIDERATIONS''
...
(suggested by mycroft)
1998-06-08 12:41:41 +00:00
thorpej
723fb3cccc
Add support for specifying the send and receive socket buffer sizes. This
...
is especially useful for TCP servers which must specify the receive
socket buffer size before the connection is made so that the connection's
window scale factor can be properly advertised.
Example /etc/inetd.conf configuration line:
shell stream tcp,rcvbuf=1m nowait root /usr/libexec/rshd rshd
That line will cause the rshd to advertise a 1 megabyte window, which could
improve the performance of an rcp in some situations.
1998-05-01 01:57:26 +00:00
mycroft
b4d89784ef
Reset the SIGPIPE handler to SIG_DFL after forking.
1998-03-21 06:25:37 +00:00
fair
95f309a67f
adjust documentation to reflect reality per PR#4859
1998-03-11 05:40:06 +00:00
christos
9fab7a4ffa
PR/4837: Jeff Thieleke: inetd does not compile without libwrap.
1998-01-20 16:44:22 +00:00
mycroft
a88cef6970
Ignore SIGPIPE, which may be caused by non-forking internal TCP services if
...
the remote side closes the connection before we answer.
1997-12-04 06:39:02 +00:00
mrg
dc05f41d80
add missing .Nm sections
1997-11-11 10:07:34 +00:00
lukem
0a94f4f077
use CPPFLAGS instead of CFLAGS
1997-10-25 06:57:53 +00:00
lukem
f5bf267d90
enable WARNS=1 by default, but disable in unclean 3rd party code
1997-10-18 06:42:25 +00:00
lukem
7866707a39
minor .Nm cleanup
1997-10-18 06:33:48 +00:00
lukem
a352e573d5
fix use of unix domain socketname length, and signal error if this
...
is exceeded. from enami tsugutomo <enami@ba2.so-net.or.jp> [bin/3369]
1997-10-17 13:53:30 +00:00
mycroft
c5aacdd3b3
Don't sleep if we get EINTR from select(2) (e.g. because we got
...
a SIGCHLD when something died). From PR 4056, by David Holland.
1997-10-08 07:15:59 +00:00
mrg
2d06dcebcd
WARNS?=1
1997-10-05 16:40:24 +00:00
mrg
7d7091ccdd
merge lite2 [actually, just update ucb sccs id's]
1997-10-05 16:16:10 +00:00
phil
96af70a1c9
Rewrite of wait/nowait information in light of identd(8) use of wait.
...
Removed some blank linkes that made bad formatting. (PR 3647)
1997-06-30 20:55:06 +00:00
mycroft
52aae8dc8a
Don't do libwrap checking for UDP services; they must do it internally on
...
every packet to be correct.
1997-04-20 22:04:59 +00:00
mycroft
14656f0069
Don't attempt to use libwrap for `stream wait' services, where
...
we only have the listening socket.
1997-03-19 00:05:05 +00:00
mycroft
95c740d58b
Oops; for waiting stream services, we don't do an accept(); we
...
pass down the fd of the listening socket.
1997-03-18 04:47:22 +00:00
mycroft
6ebf01d197
Output a + line for the tcpmux `help' service, and list itself.
1997-03-14 03:18:25 +00:00
mycroft
b860cb428b
Move all of the libwrap checking and subprocess startup into a separate
...
function. Arrange for tcpmux() to be called like other builtins, and have it
call the aforementioned function recursively. This allows tcpmux to be
wrapped, and always runs it after forking, so we don't freeze everything
else.
Also, use FD_CLOEXEC to close file descriptors, rather than iterating through
them ourself.
1997-03-13 20:15:04 +00:00
mycroft
a68a078f3e
Fix typo.
1997-03-13 18:39:50 +00:00
mycroft
51fa5e9be7
Make the previous dependent on LIBWRAP_INTERNAL, which is not defined by
...
default.
1997-03-13 18:36:35 +00:00
mycroft
249eced8da
If we forked for an internal service, make sure we always exit afterward.
1997-03-13 18:19:35 +00:00
mycroft
df6ec691b5
If we're using libwrap. always fork. This only affects the time and daytime
...
services anyway.
1997-03-13 18:08:19 +00:00
mycroft
cf5f8c252d
Slight rearrangement to forking code. Also, always close the new descriptor
...
after a fork failure, even for a waiting service.
1997-03-13 18:06:15 +00:00
mycroft
84626a507f
Another bug fix to tcpmux.
1997-03-13 17:35:39 +00:00
mycroft
cb666b197f
Merge changes from Lite2 (with bug fixes). Adds tcpmux.
1997-03-13 17:22:23 +00:00
mycroft
7c7f4379a0
When rejecting a UDP connection, make sure to flush the right socket.
1997-03-13 14:57:34 +00:00
mycroft
d6dc78d4c1
Oops; subprocess must exit when rejecting connection.
1997-03-13 14:29:15 +00:00
mycroft
9df028750a
Do libwrap access checking *after* forking.
1997-03-13 14:15:40 +00:00
mikel
b5ce435d24
set proper length for sockaddr_un. fixes PR bin/3281 from Enami
...
Tsugutomo, but slightly differently; the code I added is basically
identical to SUN_LEN(), but avoids the unecessary strlen() call.
1997-03-04 06:12:44 +00:00
mikel
91e876159f
fix problem with restarting service after SIGHUP (PR 3093)
...
indicate proper invocation point and RCS ID police (PR 3098)
1997-01-12 06:55:41 +00:00
mouse
ccf88919e4
Per mail from Herb Peyerl, use LOG_AUTH for libwrap logging.
1997-01-02 14:25:18 +00:00
mouse
f02c2e5693
Get the local-address-part code in here (instead of "comsat" you can
...
use "127.0.0.1:comsat"). While I'm here, do trailing whitespace
cleanup, .Nm usage police in the manpage, and a couple of trivial text
typo fixes.
1996-12-30 23:38:18 +00:00
mrg
5b9f69465f
if se_argv[0] is NULL, use se_service.
1996-12-07 00:37:00 +00:00
mrg
3e0b84a6d5
syslog allow/deny at the right severity.
1996-12-06 00:45:48 +00:00
mrg
b95b23e332
allow allow/deny severity to be compile-time configurable, use getservbyport()
...
correctly, and log the proto. from <jbernard@tater.Mines.EDU> in several PR's.
1996-12-04 13:37:18 +00:00
mrg
62f3bbaa0a
xref hosts_access.5 and hosts_options.5
1996-12-04 13:35:05 +00:00
mrg
057e9f509f
inetd.5 -> inetd.conf.5, from <jbernard@tater.Mines.EDU>
1996-12-04 13:32:31 +00:00
mrg
4e76afacc8
use the new libwrap functionality to provide tcpd-like functionality
...
as part of inetd. uses /etc/hosts.{allow,deny} as tcpd does, etc. it
is basically exactly like tcpd except that you don't need to change
the server to /usr/local/sbin/tcpd.
XXX should document better somewhere
1996-11-26 17:23:34 +00:00
mycroft
0ffcbb494d
Always swap most of the fields when updating a config file entry; otherwise
...
we can get weird lossage when deleting a field (e.g. the group).
1996-02-22 11:14:41 +00:00
pk
0dee01cc03
Remove local declarations of ctime().
1995-06-02 15:02:18 +00:00
cgd
f6f602f9a7
includes, for necessary prototypes, and avoid name collisions with the
...
include.
1994-12-23 16:45:11 +00:00
cgd
d8806814a6
specify man pages the new way.
1994-12-22 11:32:57 +00:00
cgd
5893e3811f
kill stupidity
1994-05-25 02:49:38 +00:00
pk
c491c1c95c
Keep up with changed rlimit structure.
1994-05-17 20:47:29 +00:00
cgd
5b823d2a09
don't need -lutil
1994-01-28 00:52:03 +00:00
jtc
2a4121e39d
Fix spelling errors
1994-01-14 16:22:25 +00:00
pk
e0738ce1d3
RLIMIT_OFILE => RLIMIT_NOFILE
...
Do something sensible when current RLIMIT_NOFILE turns out to be infinity.
1993-12-14 21:31:53 +00:00
pk
08ba41f417
Allow for a group name to be specified in the ``user'' field: user[.group]
...
Allow for max # of invocations to be specified; appended to ``wait''
field: wait/nowait[.max]
Allow for RPC specifications in numeric format.
Inetd now stores its pid in `/var/run/inetd.pid'.
Support for AF_UNIX family.
1993-10-13 11:22:48 +00:00
mycroft
0c4b6b5612
Don't core dump on blank lines.
1993-10-11 20:53:48 +00:00
mycroft
e9d867ef50
Add RCS identifiers.
1993-08-01 17:54:45 +00:00
mycroft
c3e42d1c64
Add RCS indentifiers.
1993-08-01 07:22:47 +00:00