NetBSD/usr.sbin/inetd/inetd.8
itojun 4b061adfdb sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".
2000-01-31 14:28:17 +00:00

549 lines
16 KiB
Groff

.\" $NetBSD: inetd.8,v 1.27 2000/01/31 14:28:17 itojun Exp $
.\"
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
.\" NASA Ames Research Center.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the NetBSD
.\" Foundation, Inc. and its contributors.
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
.\" contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" Copyright (c) 1985, 1991 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" from: @(#)inetd.8 8.4 (Berkeley) 6/1/94
.\"
.Dd March 16, 1991
.Dt INETD 8
.Os
.Sh NAME
.Nm inetd ,
.Nm inetd.conf
.Nd internet
.Dq super-server
.Sh SYNOPSIS
.Nm
.Op Fl d
.Op Fl l
.Op Ar configuration file
.Sh DESCRIPTION
.Nm
should be run at boot time by
.Pa /etc/rc
(see
.Xr rc 8 ) .
It then listens for connections on certain
internet sockets. When a connection is found on one
of its sockets, it decides what service the socket
corresponds to, and invokes a program to service the request.
After the program is
finished, it continues to listen on the socket (except in some cases which
will be described below). Essentially,
.Nm
allows running one daemon to invoke several others,
reducing load on the system.
.Pp
The options available for
.\" Why doesn't just `.Nm :' work?
.Nm "" :
.Bl -tag -width Ds
.It Fl d
Turns on debugging.
.El
.Pp
.Bl -tag -width Ds
.It Fl l
Turns on libwrap connection logging.
.El
.Pp
Upon execution,
.Nm
reads its configuration information from a configuration
file which, by default, is
.Pa /etc/inetd.conf .
There must be an entry for each field of the configuration
file, with entries for each field separated by a tab or
a space. Comments are denoted by a ``#'' at the beginning
of a line. There must be an entry for each field (except for one
special case, described below). The
fields of the configuration file are as follows:
.Pp
.Bd -unfilled -offset indent -compact
[addr:]service-name
socket-type
protocol[,sndbuf=size][,rcvbuf=size]
wait/nowait[:max]
user[:group]
server-program
server program arguments
.Ed
.Pp
To specify an
.Em Sun-RPC
based service, the entry would contain these fields.
.Pp
.Bd -unfilled -offset indent -compact
service-name/version
socket-type
rpc/protocol[,sndbuf=size][,rcvbuf=size]
wait/nowait[:max]
user[:group]
server-program
server program arguments
.Ed
.Pp
For Internet services, the first field of the line may also have a host
address specifier prefixed to it, separated from the service name by a
colon. If this is done, the string before the colon in the first field
indicates what local address
.Nm
should use when listening for that service, or the single character
.Dq \&*
to indicate
.Dv INADDR_ANY ,
meaning
.Sq all local addresses .
To avoid repeating an address that occurs frequently, a line with a
host address specifier and colon, but no further fields, causes the
host address specifier to be remembered and used for all further lines
with no explicit host specifier (until another such line or the end of
the file). A line
.Dl *:
is implicitly provided at the top of the file; thus, traditional
configuration files (which have no host address specifiers) will be
interpreted in the traditional manner, with all services listened for
on all local addresses.
.Pp
The
.Em service-name
entry is the name of a valid service in
the file
.Pa /etc/services .
For
.Dq internal
services (discussed below), the service
name
.Em must
be the official name of the service (that is, the first entry in
.Pa /etc/services ) .
When used to specify a
.Em Sun-RPC
based service, this field is a valid RPC service name in
the file
.Pa /etc/rpc .
The part on the right of the
.Dq /
is the RPC version number. This
can simply be a single numeric argument or a range of versions.
A range is bounded by the low version to the high version \-
.Dq rusers/1-3 .
.Pp
The
.Em socket-type
should be one of
.Dq stream ,
.Dq dgram ,
.Dq raw ,
.Dq rdm ,
or
.Dq seqpacket ,
depending on whether the socket is a stream, datagram, raw,
reliably delivered message, or sequenced packet socket.
.Pp
The
.Em protocol
must be a valid protocol as given in
.Pa /etc/protocols .
Examples might be
.Dq tcp
and
.Dq udp .
Rpc based services are specified with the
.Dq rpc/tcp
or
.Dq rpc/udp
service type.
.Dq tcp
and
.Dq udp
will be recognized as
.Dq TCP or UDP over default IP version .
It is currently IPv4, but in the future it will be IPv6.
If you need to specify IPv4 or IPv6 explicitly, use something like
.Dq tcp4
or
.Dq udp6 .
.Pp
In addition to the protocol, the configuration file may specify the
send and receive socket buffer sizes for the listening socket. This
is especially useful for TCP as the window scale factor, which is based on
the receive socket buffer size, is advertised when the connection handshake
occurs, thus the socket buffer size for the server must be set on the listen
socket. By increasing the socket buffer sizes, better TCP performance may
be realized in some situations. The socket buffer sizes are specified by
appending their values to the protocol specification
as follows:
.Bd -literal -offset indent
tcp,rcvbuf=16384
tcp,sndbuf=64k
tcp,rcvbuf=64k,sndbuf=1m
.Ed
.Pp
A literal value may be specified, or modified using
.Sq k
to indicate kilobytes or
.Sq m
to indicate megabytes. Socket buffer sizes may be specified for all
services and protocols except for tcpmux services.
.Pp
The
.Em wait/nowait
entry is used to tell
.Nm
if it should wait for the server program to return,
or continue processing connections on the socket.
If a datagram server connects
to its peer, freeing the socket so
.Nm
can receive further messages on the socket, it is said to be
a
.Dq multi-threaded
server, and should use the
.Dq nowait
entry. For datagram servers which process all incoming datagrams
on a socket and eventually time out, the server is said to be
.Dq single-threaded
and should use a
.Dq wait
entry.
.Xr comsat 8
.Pq Xr biff 1
and
.Xr talkd 8
are both examples of the latter type of
datagram server.
.Xr tftpd 8
is an exception; it is a datagram server that establishes pseudo-connections.
It must be listed as
.Dq wait
in order to avoid a race;
the server reads the first packet, creates a new socket,
and then forks and exits to allow
.Nm
to check for new service requests to spawn new servers.
The optional
.Dq max
suffix (separated from
.Dq wait
or
.Dq nowait
by a dot or a colon) specifies the maximum number of server instances that may
be spawned from
.Nm
within an interval of 60 seconds. When omitted,
.Dq max
defaults to 40.
.Pp
Stream servers are usually marked as
.Dq nowait
but if a single server process is to handle multiple connections, it may be
marked as
.Dq wait .
The master socket will then be passed as fd 0 to the server, which will then
need to accept the incoming connection. The server should eventually time
out and exit when no more connections are active.
.Nm
will continue to
listen on the master socket for connections, so the server should not close
it when it exits.
.Xr identd 8
is usually the only stream server marked as wait.
.Pp
The
.Em user
entry should contain the user name of the user as whom the server should
run. This allows for servers to be given less permission than root. An
optional group name can be specified by appending a colon to the user name
followed by the group name (it is possible to use a dot in lieu of a colon,
however this feature is provided only for backward compatibility). This allows
for servers to run with a different (primary) group id than specified in the
password file. If a group is specified and user is not root, the
supplementary groups associated with that user will still be set.
.Pp
The
.Em server-program
entry should contain the pathname of the program which is to be
executed by
.Nm
when a request is found on its socket. If
.Nm
provides this service internally, this entry should
be
.Dq internal .
.Pp
The
.Em server program arguments
should be just as arguments
normally are, starting with argv[0], which is the name of
the program. If the service is provided internally, the
word
.Dq internal
should take the place of this entry.
.Pp
.Nm
provides several
.Dq trivial
services internally by use of
routines within itself. These services are
.Dq echo ,
.Dq discard ,
.Dq chargen
(character generator),
.Dq daytime
(human readable time), and
.Dq time
(machine readable time,
in the form of the number of seconds since midnight, January
1, 1900). For details of these services, consult the appropriate
.Tn RFC
from the Network Information Center.
.Pp
.Nm
rereads its configuration file when it receives a hangup signal,
.Dv SIGHUP .
Services may be added, deleted or modified when the configuration file
is reread.
.Nm
creates a file
.Em /var/run/inetd.pid
that contains its process identifier.
.Ss IPsec
The implementation includes tiny hack to support IPsec policy setting for
each of the socket.
A special form of comment line, starting with
.Dq Li "#@" ,
will work as policy specifier.
The content of the above comment line will be treated as IPsec policy string,
as described in
.Xr ipsec_set_policy 3 .
You can specify multiple IPsec policy string by using semicolon
as separator.
If conflicting strings are found in a single line,
the last string will take effect.
A
.Li "#@"
line will affect all the following lines in
.Pa inetd.conf ,
so you may want to reset IPsec policy by using a comment line with
.Li "#@"
only
.Pq with no policy string .
.Pp
If invalid IPsec policy string appears on
.Pa inetd.conf ,
.Nm
will leave error message using
.Xr syslog 3 ,
and terminates itself.
.Ss IPv6 TCP/UDP behavior
If you run servers for IPv4 and IPv6 traffic, you'll need to specify
.Dq tcp4
and
.Dq tcp6
properly on the
.Pa inetd.conf
lines.
For safety reasons the author recommends you to run
two separate process for the same server program,
specified as two separate lines on
.Pa inetd.conf ,
for
.Dq tcp6
and
.Dq tcp4 .
For detailed description please read on.
.Pp
The behavior of
.Dv AF_INET6
socket is documented in RFC2553.
Basically, it says as follows:
.Bl -bullet -compact
.It
Specific bind on
.Dv AF_INET6
socket
.Po
.Xr bind 2
with address specified
.Pc
should accept IPv6 traffic to that address only.
.It
If you perform wildcard bind
on
.Dv AF_INET6
socket
.Po
.Xr bind 2
to IPv6 address
.Li ::
.Pc ,
and there is no wildcard bind
.Dv AF_INET
socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic
should be routed to that
.Dv AF_INET6
socket.
IPv4 traffic should be seen as if it came from IPv6 address like
.Li ::ffff:10.1.1.1 .
This is called IPv4 mapped address.
.It
If there are both wildcard bind
.Dv AF_INET
socket and wildcard bind
.Dv AF_INET6
socket on one TCP/UDP port, they should behave separately.
IPv4 traffic should be routed to
.Dv AF_INET
socket and IPv6 should be routed to
.Dv AF_INET6
socket.
.El
.Pp
Because of this,
.Nm
will behave as follows.
.Bl -bullet -compact
.It
If you have only one server on
.Dq tcp4 ,
IPv4 traffic will be routed to the server.
IPv6 traffic will not be accepted.
.It
If you have two servers on
.Dq tcp4
and
.Dq tcp6 ,
IPv4 traffic will be routed to the server on
.Dq tcp4,
and IPv6 traffic will go to server on
.Dq tcp6 .
.It
If you have only one server on
.Dq tcp6 ,
Both IPv4 and IPv6 traffic will be routed to the server.
.El
.Pp
The author do not recommend the third option on the above bullets.
RFC2553 does not define the constraint between the order of
.Xr bind 2 ,
nor how IPv4 TCP/UDP port number and IPv6 TCP/UDP port number
relate each other
.Po
should they be integrated or separated
.Pc .
Implemented behavior is very different across kernel to kernel.
Many of the servers do not properly handle IPv4 mapped address.
Therefore, it is unwise to rely too much upon the behavior of
.Dv AF_INET6
wildcard bind socket.
.Sh BUGS
Host address specifiers, while they make conceptual sense for RPC
services, do not work entirely correctly. This is largely because the
portmapper interface does not provide a way to register different ports
for the same service on different local addresses. Provided you never
have more than one entry for a given RPC service, everything should
work correctly. (Note that default host address specifiers do apply to
RPC lines with no explicit specifier.)
.Pp
.Dq rpc
or
.Dq tcpmux
on IPv6 is not tested enough.
.Sh SEE ALSO
.Xr comsat 8 ,
.Xr fingerd 8 ,
.Xr ftpd 8 ,
.Xr rexecd 8 ,
.Xr rlogind 8 ,
.Xr rshd 8 ,
.Xr telnetd 8 ,
.Xr tftpd 8 ,
.Xr hosts_access 5 ,
.Xr hosts_options 5
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.3 .
Support for
.Em Sun-RPC
based services is modeled after that
provided by SunOS 4.1.
Support for specifying the socket buffer sizes was added in
.Nx 1.4 .
IPv6 support and IPsec hack was made by KAME project, in 1999.
.Sh SECURITY CONSIDERATIONS
Enabling the
.Dq echo ,
.Dq discard ,
and
.Dq chargen
built-in trivial services is not recommended because remote
users may abuse these to cause a denial of network service to
or from the local host.