4b061adfdb
since outgoing and incoming policy is separated, inetd can take multiple policy specification, separated by ";".
549 lines
16 KiB
Groff
549 lines
16 KiB
Groff
.\" $NetBSD: inetd.8,v 1.27 2000/01/31 14:28:17 itojun Exp $
|
|
.\"
|
|
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
.\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
|
|
.\" NASA Ames Research Center.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the NetBSD
|
|
.\" Foundation, Inc. and its contributors.
|
|
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
.\" contributors may be used to endorse or promote products derived
|
|
.\" from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" Copyright (c) 1985, 1991 The Regents of the University of California.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" from: @(#)inetd.8 8.4 (Berkeley) 6/1/94
|
|
.\"
|
|
.Dd March 16, 1991
|
|
.Dt INETD 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm inetd ,
|
|
.Nm inetd.conf
|
|
.Nd internet
|
|
.Dq super-server
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl d
|
|
.Op Fl l
|
|
.Op Ar configuration file
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
should be run at boot time by
|
|
.Pa /etc/rc
|
|
(see
|
|
.Xr rc 8 ) .
|
|
It then listens for connections on certain
|
|
internet sockets. When a connection is found on one
|
|
of its sockets, it decides what service the socket
|
|
corresponds to, and invokes a program to service the request.
|
|
After the program is
|
|
finished, it continues to listen on the socket (except in some cases which
|
|
will be described below). Essentially,
|
|
.Nm
|
|
allows running one daemon to invoke several others,
|
|
reducing load on the system.
|
|
.Pp
|
|
The options available for
|
|
.\" Why doesn't just `.Nm :' work?
|
|
.Nm "" :
|
|
.Bl -tag -width Ds
|
|
.It Fl d
|
|
Turns on debugging.
|
|
.El
|
|
.Pp
|
|
.Bl -tag -width Ds
|
|
.It Fl l
|
|
Turns on libwrap connection logging.
|
|
.El
|
|
.Pp
|
|
Upon execution,
|
|
.Nm
|
|
reads its configuration information from a configuration
|
|
file which, by default, is
|
|
.Pa /etc/inetd.conf .
|
|
There must be an entry for each field of the configuration
|
|
file, with entries for each field separated by a tab or
|
|
a space. Comments are denoted by a ``#'' at the beginning
|
|
of a line. There must be an entry for each field (except for one
|
|
special case, described below). The
|
|
fields of the configuration file are as follows:
|
|
.Pp
|
|
.Bd -unfilled -offset indent -compact
|
|
[addr:]service-name
|
|
socket-type
|
|
protocol[,sndbuf=size][,rcvbuf=size]
|
|
wait/nowait[:max]
|
|
user[:group]
|
|
server-program
|
|
server program arguments
|
|
.Ed
|
|
.Pp
|
|
To specify an
|
|
.Em Sun-RPC
|
|
based service, the entry would contain these fields.
|
|
.Pp
|
|
.Bd -unfilled -offset indent -compact
|
|
service-name/version
|
|
socket-type
|
|
rpc/protocol[,sndbuf=size][,rcvbuf=size]
|
|
wait/nowait[:max]
|
|
user[:group]
|
|
server-program
|
|
server program arguments
|
|
.Ed
|
|
.Pp
|
|
For Internet services, the first field of the line may also have a host
|
|
address specifier prefixed to it, separated from the service name by a
|
|
colon. If this is done, the string before the colon in the first field
|
|
indicates what local address
|
|
.Nm
|
|
should use when listening for that service, or the single character
|
|
.Dq \&*
|
|
to indicate
|
|
.Dv INADDR_ANY ,
|
|
meaning
|
|
.Sq all local addresses .
|
|
To avoid repeating an address that occurs frequently, a line with a
|
|
host address specifier and colon, but no further fields, causes the
|
|
host address specifier to be remembered and used for all further lines
|
|
with no explicit host specifier (until another such line or the end of
|
|
the file). A line
|
|
.Dl *:
|
|
is implicitly provided at the top of the file; thus, traditional
|
|
configuration files (which have no host address specifiers) will be
|
|
interpreted in the traditional manner, with all services listened for
|
|
on all local addresses.
|
|
.Pp
|
|
The
|
|
.Em service-name
|
|
entry is the name of a valid service in
|
|
the file
|
|
.Pa /etc/services .
|
|
For
|
|
.Dq internal
|
|
services (discussed below), the service
|
|
name
|
|
.Em must
|
|
be the official name of the service (that is, the first entry in
|
|
.Pa /etc/services ) .
|
|
When used to specify a
|
|
.Em Sun-RPC
|
|
based service, this field is a valid RPC service name in
|
|
the file
|
|
.Pa /etc/rpc .
|
|
The part on the right of the
|
|
.Dq /
|
|
is the RPC version number. This
|
|
can simply be a single numeric argument or a range of versions.
|
|
A range is bounded by the low version to the high version \-
|
|
.Dq rusers/1-3 .
|
|
.Pp
|
|
The
|
|
.Em socket-type
|
|
should be one of
|
|
.Dq stream ,
|
|
.Dq dgram ,
|
|
.Dq raw ,
|
|
.Dq rdm ,
|
|
or
|
|
.Dq seqpacket ,
|
|
depending on whether the socket is a stream, datagram, raw,
|
|
reliably delivered message, or sequenced packet socket.
|
|
.Pp
|
|
The
|
|
.Em protocol
|
|
must be a valid protocol as given in
|
|
.Pa /etc/protocols .
|
|
Examples might be
|
|
.Dq tcp
|
|
and
|
|
.Dq udp .
|
|
Rpc based services are specified with the
|
|
.Dq rpc/tcp
|
|
or
|
|
.Dq rpc/udp
|
|
service type.
|
|
.Dq tcp
|
|
and
|
|
.Dq udp
|
|
will be recognized as
|
|
.Dq TCP or UDP over default IP version .
|
|
It is currently IPv4, but in the future it will be IPv6.
|
|
If you need to specify IPv4 or IPv6 explicitly, use something like
|
|
.Dq tcp4
|
|
or
|
|
.Dq udp6 .
|
|
.Pp
|
|
In addition to the protocol, the configuration file may specify the
|
|
send and receive socket buffer sizes for the listening socket. This
|
|
is especially useful for TCP as the window scale factor, which is based on
|
|
the receive socket buffer size, is advertised when the connection handshake
|
|
occurs, thus the socket buffer size for the server must be set on the listen
|
|
socket. By increasing the socket buffer sizes, better TCP performance may
|
|
be realized in some situations. The socket buffer sizes are specified by
|
|
appending their values to the protocol specification
|
|
as follows:
|
|
.Bd -literal -offset indent
|
|
tcp,rcvbuf=16384
|
|
tcp,sndbuf=64k
|
|
tcp,rcvbuf=64k,sndbuf=1m
|
|
.Ed
|
|
.Pp
|
|
A literal value may be specified, or modified using
|
|
.Sq k
|
|
to indicate kilobytes or
|
|
.Sq m
|
|
to indicate megabytes. Socket buffer sizes may be specified for all
|
|
services and protocols except for tcpmux services.
|
|
.Pp
|
|
The
|
|
.Em wait/nowait
|
|
entry is used to tell
|
|
.Nm
|
|
if it should wait for the server program to return,
|
|
or continue processing connections on the socket.
|
|
If a datagram server connects
|
|
to its peer, freeing the socket so
|
|
.Nm
|
|
can receive further messages on the socket, it is said to be
|
|
a
|
|
.Dq multi-threaded
|
|
server, and should use the
|
|
.Dq nowait
|
|
entry. For datagram servers which process all incoming datagrams
|
|
on a socket and eventually time out, the server is said to be
|
|
.Dq single-threaded
|
|
and should use a
|
|
.Dq wait
|
|
entry.
|
|
.Xr comsat 8
|
|
.Pq Xr biff 1
|
|
and
|
|
.Xr talkd 8
|
|
are both examples of the latter type of
|
|
datagram server.
|
|
.Xr tftpd 8
|
|
is an exception; it is a datagram server that establishes pseudo-connections.
|
|
It must be listed as
|
|
.Dq wait
|
|
in order to avoid a race;
|
|
the server reads the first packet, creates a new socket,
|
|
and then forks and exits to allow
|
|
.Nm
|
|
to check for new service requests to spawn new servers.
|
|
The optional
|
|
.Dq max
|
|
suffix (separated from
|
|
.Dq wait
|
|
or
|
|
.Dq nowait
|
|
by a dot or a colon) specifies the maximum number of server instances that may
|
|
be spawned from
|
|
.Nm
|
|
within an interval of 60 seconds. When omitted,
|
|
.Dq max
|
|
defaults to 40.
|
|
.Pp
|
|
Stream servers are usually marked as
|
|
.Dq nowait
|
|
but if a single server process is to handle multiple connections, it may be
|
|
marked as
|
|
.Dq wait .
|
|
The master socket will then be passed as fd 0 to the server, which will then
|
|
need to accept the incoming connection. The server should eventually time
|
|
out and exit when no more connections are active.
|
|
.Nm
|
|
will continue to
|
|
listen on the master socket for connections, so the server should not close
|
|
it when it exits.
|
|
.Xr identd 8
|
|
is usually the only stream server marked as wait.
|
|
.Pp
|
|
The
|
|
.Em user
|
|
entry should contain the user name of the user as whom the server should
|
|
run. This allows for servers to be given less permission than root. An
|
|
optional group name can be specified by appending a colon to the user name
|
|
followed by the group name (it is possible to use a dot in lieu of a colon,
|
|
however this feature is provided only for backward compatibility). This allows
|
|
for servers to run with a different (primary) group id than specified in the
|
|
password file. If a group is specified and user is not root, the
|
|
supplementary groups associated with that user will still be set.
|
|
.Pp
|
|
The
|
|
.Em server-program
|
|
entry should contain the pathname of the program which is to be
|
|
executed by
|
|
.Nm
|
|
when a request is found on its socket. If
|
|
.Nm
|
|
provides this service internally, this entry should
|
|
be
|
|
.Dq internal .
|
|
.Pp
|
|
The
|
|
.Em server program arguments
|
|
should be just as arguments
|
|
normally are, starting with argv[0], which is the name of
|
|
the program. If the service is provided internally, the
|
|
word
|
|
.Dq internal
|
|
should take the place of this entry.
|
|
.Pp
|
|
.Nm
|
|
provides several
|
|
.Dq trivial
|
|
services internally by use of
|
|
routines within itself. These services are
|
|
.Dq echo ,
|
|
.Dq discard ,
|
|
.Dq chargen
|
|
(character generator),
|
|
.Dq daytime
|
|
(human readable time), and
|
|
.Dq time
|
|
(machine readable time,
|
|
in the form of the number of seconds since midnight, January
|
|
1, 1900). For details of these services, consult the appropriate
|
|
.Tn RFC
|
|
from the Network Information Center.
|
|
.Pp
|
|
.Nm
|
|
rereads its configuration file when it receives a hangup signal,
|
|
.Dv SIGHUP .
|
|
Services may be added, deleted or modified when the configuration file
|
|
is reread.
|
|
.Nm
|
|
creates a file
|
|
.Em /var/run/inetd.pid
|
|
that contains its process identifier.
|
|
.Ss IPsec
|
|
The implementation includes tiny hack to support IPsec policy setting for
|
|
each of the socket.
|
|
A special form of comment line, starting with
|
|
.Dq Li "#@" ,
|
|
will work as policy specifier.
|
|
The content of the above comment line will be treated as IPsec policy string,
|
|
as described in
|
|
.Xr ipsec_set_policy 3 .
|
|
You can specify multiple IPsec policy string by using semicolon
|
|
as separator.
|
|
If conflicting strings are found in a single line,
|
|
the last string will take effect.
|
|
A
|
|
.Li "#@"
|
|
line will affect all the following lines in
|
|
.Pa inetd.conf ,
|
|
so you may want to reset IPsec policy by using a comment line with
|
|
.Li "#@"
|
|
only
|
|
.Pq with no policy string .
|
|
.Pp
|
|
If invalid IPsec policy string appears on
|
|
.Pa inetd.conf ,
|
|
.Nm
|
|
will leave error message using
|
|
.Xr syslog 3 ,
|
|
and terminates itself.
|
|
.Ss IPv6 TCP/UDP behavior
|
|
If you run servers for IPv4 and IPv6 traffic, you'll need to specify
|
|
.Dq tcp4
|
|
and
|
|
.Dq tcp6
|
|
properly on the
|
|
.Pa inetd.conf
|
|
lines.
|
|
For safety reasons the author recommends you to run
|
|
two separate process for the same server program,
|
|
specified as two separate lines on
|
|
.Pa inetd.conf ,
|
|
for
|
|
.Dq tcp6
|
|
and
|
|
.Dq tcp4 .
|
|
For detailed description please read on.
|
|
.Pp
|
|
The behavior of
|
|
.Dv AF_INET6
|
|
socket is documented in RFC2553.
|
|
Basically, it says as follows:
|
|
.Bl -bullet -compact
|
|
.It
|
|
Specific bind on
|
|
.Dv AF_INET6
|
|
socket
|
|
.Po
|
|
.Xr bind 2
|
|
with address specified
|
|
.Pc
|
|
should accept IPv6 traffic to that address only.
|
|
.It
|
|
If you perform wildcard bind
|
|
on
|
|
.Dv AF_INET6
|
|
socket
|
|
.Po
|
|
.Xr bind 2
|
|
to IPv6 address
|
|
.Li ::
|
|
.Pc ,
|
|
and there is no wildcard bind
|
|
.Dv AF_INET
|
|
socket on that TCP/UDP port, IPv6 traffic as well as IPv4 traffic
|
|
should be routed to that
|
|
.Dv AF_INET6
|
|
socket.
|
|
IPv4 traffic should be seen as if it came from IPv6 address like
|
|
.Li ::ffff:10.1.1.1 .
|
|
This is called IPv4 mapped address.
|
|
.It
|
|
If there are both wildcard bind
|
|
.Dv AF_INET
|
|
socket and wildcard bind
|
|
.Dv AF_INET6
|
|
socket on one TCP/UDP port, they should behave separately.
|
|
IPv4 traffic should be routed to
|
|
.Dv AF_INET
|
|
socket and IPv6 should be routed to
|
|
.Dv AF_INET6
|
|
socket.
|
|
.El
|
|
.Pp
|
|
Because of this,
|
|
.Nm
|
|
will behave as follows.
|
|
.Bl -bullet -compact
|
|
.It
|
|
If you have only one server on
|
|
.Dq tcp4 ,
|
|
IPv4 traffic will be routed to the server.
|
|
IPv6 traffic will not be accepted.
|
|
.It
|
|
If you have two servers on
|
|
.Dq tcp4
|
|
and
|
|
.Dq tcp6 ,
|
|
IPv4 traffic will be routed to the server on
|
|
.Dq tcp4,
|
|
and IPv6 traffic will go to server on
|
|
.Dq tcp6 .
|
|
.It
|
|
If you have only one server on
|
|
.Dq tcp6 ,
|
|
Both IPv4 and IPv6 traffic will be routed to the server.
|
|
.El
|
|
.Pp
|
|
The author do not recommend the third option on the above bullets.
|
|
RFC2553 does not define the constraint between the order of
|
|
.Xr bind 2 ,
|
|
nor how IPv4 TCP/UDP port number and IPv6 TCP/UDP port number
|
|
relate each other
|
|
.Po
|
|
should they be integrated or separated
|
|
.Pc .
|
|
Implemented behavior is very different across kernel to kernel.
|
|
Many of the servers do not properly handle IPv4 mapped address.
|
|
Therefore, it is unwise to rely too much upon the behavior of
|
|
.Dv AF_INET6
|
|
wildcard bind socket.
|
|
.Sh BUGS
|
|
Host address specifiers, while they make conceptual sense for RPC
|
|
services, do not work entirely correctly. This is largely because the
|
|
portmapper interface does not provide a way to register different ports
|
|
for the same service on different local addresses. Provided you never
|
|
have more than one entry for a given RPC service, everything should
|
|
work correctly. (Note that default host address specifiers do apply to
|
|
RPC lines with no explicit specifier.)
|
|
.Pp
|
|
.Dq rpc
|
|
or
|
|
.Dq tcpmux
|
|
on IPv6 is not tested enough.
|
|
.Sh SEE ALSO
|
|
.Xr comsat 8 ,
|
|
.Xr fingerd 8 ,
|
|
.Xr ftpd 8 ,
|
|
.Xr rexecd 8 ,
|
|
.Xr rlogind 8 ,
|
|
.Xr rshd 8 ,
|
|
.Xr telnetd 8 ,
|
|
.Xr tftpd 8 ,
|
|
.Xr hosts_access 5 ,
|
|
.Xr hosts_options 5
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.3 .
|
|
Support for
|
|
.Em Sun-RPC
|
|
based services is modeled after that
|
|
provided by SunOS 4.1.
|
|
Support for specifying the socket buffer sizes was added in
|
|
.Nx 1.4 .
|
|
IPv6 support and IPsec hack was made by KAME project, in 1999.
|
|
.Sh SECURITY CONSIDERATIONS
|
|
Enabling the
|
|
.Dq echo ,
|
|
.Dq discard ,
|
|
and
|
|
.Dq chargen
|
|
built-in trivial services is not recommended because remote
|
|
users may abuse these to cause a denial of network service to
|
|
or from the local host.
|