xref: /freebsd/usr.sbin/inetd/inetd.8 (revision 1c4ee7dfb8affed302171232b0f612e6bcba3c10)
1.\" Copyright (c) 1985, 1991, 1993, 1994
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd September 29, 2022
29.Dt INETD 8
30.Os
31.Sh NAME
32.Nm inetd
33.Nd internet
34.Dq super-server
35.Sh SYNOPSIS
36.Nm
37.Op Fl dlWw
38.Op Fl a Ar address
39.Op Fl C Ar rate
40.Op Fl c Ar maximum
41.Op Fl p Ar filename
42.Op Fl R Ar rate
43.Op Fl s Ar maximum
44.Op Ar configuration_file
45.Sh DESCRIPTION
46The
47.Nm
48utility should be run at boot time by
49.Pa /etc/rc
50(see
51.Xr rc 8 ) .
52It then listens for connections on certain
53internet sockets.
54When a connection is found on one
55of its sockets, it decides what service the socket
56corresponds to, and invokes a program to service the request.
57The server program is invoked with the service socket
58as its standard input, output and error descriptors.
59After the program is
60finished,
61.Nm
62continues to listen on the socket (except in some cases which
63will be described below).
64Essentially,
65.Nm
66allows running one daemon to invoke several others,
67reducing load on the system.
68.Pp
69The following options are available:
70.Bl -tag -width indent
71.It Fl a Ar address
72Specify one specific IP address to bind to.
73Alternatively, a hostname can be specified,
74in which case the IPv4 or IPv6 address
75which corresponds to that hostname is used.
76Usually a hostname is specified when
77.Nm
78is run inside a
79.Xr jail 8 ,
80in which case the hostname corresponds to that of the
81.Xr jail 8
82environment.
83.Pp
84When the hostname specification is used
85and both IPv4 and IPv6 bindings are desired,
86one entry with the appropriate
87.Em protocol
88type for each binding
89is required for each service in
90.Pa /etc/inetd.conf .
91For example,
92a TCP-based service would need two entries,
93one using
94.Dq tcp4
95for the
96.Em protocol
97and the other using
98.Dq tcp6 .
99See the explanation of the
100.Pa /etc/inetd.conf
101.Em protocol
102field below.
103.It Fl C Ar rate
104Specify the default maximum number of times a service can be invoked
105from a single IP address in one minute; the default is unlimited.
106May be overridden on a per-service basis with the
107"max-connections-per-ip-per-minute" parameter.
108.It Fl c Ar maximum
109Specify the default maximum number of
110simultaneous invocations of each service;
111the default is unlimited.
112May be overridden on a per-service basis with the "max-child"
113parameter.
114.It Fl d
115Turn on debugging.
116.It Fl l
117Turn on logging of successful connections.
118.It Fl p
119Specify an alternate file in which to store the process ID.
120.It Fl R Ar rate
121Specify the maximum number of times a service can be invoked
122in one minute; the default is 256.
123A rate of 0 allows an unlimited number of invocations.
124.It Fl s Ar maximum
125Specify the default maximum number of
126simultaneous invocations of each service from a single IP address;
127the default is unlimited.
128May be overridden on a per-service basis with the "max-child-per-ip"
129parameter.
130.It Fl W
131Turn on TCP Wrapping for internal services which are built in to
132.Nm .
133.It Fl w
134Turn on TCP Wrapping for external services.
135See the
136.Sx "IMPLEMENTATION NOTES"
137section for more information on TCP Wrappers support.
138.El
139.Pp
140Upon execution,
141.Nm
142reads its configuration information from a configuration
143file which, by default, is
144.Pa /etc/inetd.conf .
145There must be an entry for each field of the configuration
146file, with entries for each field separated by a tab or
147a space.
148Comments are denoted by a
149.Dq #
150at the beginning
151of a line.
152There must be an entry for each field.
153The
154fields of the configuration file are as follows:
155.Pp
156.Bd -unfilled -offset indent -compact
157service-name
158socket-type
159protocol
160{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
161user[:group][/login-class]
162server-program
163server-program-arguments
164.Ed
165.Pp
166To specify an
167ONC RPC-based
168service, the entry would contain these fields:
169.Pp
170.Bd -unfilled -offset indent -compact
171service-name/version
172socket-type
173rpc/protocol
174{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
175user[:group][/login-class]
176server-program
177server-program-arguments
178.Ed
179.Pp
180There are two types of services that
181.Nm
182can start: standard and TCPMUX.
183A standard service has a well-known port assigned to it;
184it may be a service that implements an official Internet standard or is a
185.Bx Ns -specific
186service.
187As described in
188RFC 1078,
189TCPMUX services are nonstandard services that do not have a
190well-known port assigned to them.
191They are invoked from
192.Nm
193when a program connects to the
194.Dq tcpmux
195well-known port and specifies
196the service name.
197This feature is useful for adding locally-developed servers.
198TCPMUX requests are only accepted when the multiplexor service itself
199is enabled, above and beyond and specific TCPMUX-based servers; see the
200discussion of internal services below.
201.Pp
202The
203.Em service-name
204entry is the name of a valid service in
205the file
206.Pa /etc/services ,
207or the specification of a
208.Ux
209domain socket (see below).
210For
211.Dq internal
212services (discussed below), the service
213name
214should
215be the official name of the service (that is, the first entry in
216.Pa /etc/services ) .
217When used to specify an
218ONC RPC-based
219service, this field is a valid RPC service name listed in
220the file
221.Pa /etc/rpc .
222The part on the right of the
223.Dq /
224is the RPC version number.
225This
226can simply be a single numeric argument or a range of versions.
227A range is bounded by the low version to the high version -
228.Dq rusers/1-3 .
229For TCPMUX services, the value of the
230.Em service-name
231field consists of the string
232.Dq tcpmux
233followed by a slash and the
234locally-chosen service name.
235The service names listed in
236.Pa /etc/services
237and the name
238.Dq help
239are reserved.
240Try to choose unique names for your TCPMUX services by prefixing them with
241your organization's name and suffixing them with a version number.
242.Pp
243The
244.Em socket-type
245should be one of
246.Dq stream ,
247.Dq dgram ,
248.Dq raw ,
249.Dq rdm ,
250or
251.Dq seqpacket ,
252depending on whether the socket is a stream, datagram, raw,
253reliably delivered message, or sequenced packet socket.
254TCPMUX services must use
255.Dq stream .
256.Pp
257The
258.Em protocol
259must be a valid protocol or
260.Dq unix .
261Examples are
262.Dq tcp
263or
264.Dq udp ,
265both of which imply IPv4 for backward compatibility.
266The names
267.Dq tcp4
268and
269.Dq udp4
270specify IPv4 only.
271The names
272.Dq tcp6
273and
274.Dq udp6
275specify IPv6 only.
276The names
277.Dq tcp46
278and
279.Dq udp46
280specify that the entry accepts both IPv4 and IPv6 connections
281via a wildcard
282.Dv AF_INET6
283socket.
284Rpc based services
285are specified with the
286.Dq rpc/tcp
287or
288.Dq rpc/udp
289service type.
290One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example
291.Dq rpc/tcp6
292or
293.Dq rpc/udp46 .
294TCPMUX services must use
295.Dq tcp ,
296.Dq tcp4 ,
297.Dq tcp6
298or
299.Dq tcp46 .
300.Pp
301The
302.Em wait/nowait
303entry specifies whether the server that is invoked by
304.Nm
305will take over
306the socket associated with the service access point, and thus whether
307.Nm
308should wait for the server to exit before listening for new service
309requests.
310Datagram servers must use
311.Dq wait ,
312as they are always invoked with the original datagram socket bound
313to the specified service address.
314These servers must read at least one datagram from the socket
315before exiting.
316If a datagram server connects
317to its peer, freeing the socket so
318.Nm
319can receive further messages on the socket, it is said to be
320a
321.Dq multi-threaded
322server;
323it should read one datagram from the socket and create a new socket
324connected to the peer.
325It should fork, and the parent should then exit
326to allow
327.Nm
328to check for new service requests to spawn new servers.
329Datagram servers which process all incoming datagrams
330on a socket and eventually time out are said to be
331.Dq single-threaded .
332The
333.Xr comsat 8
334and
335.Xr talkd 8
336utilities are examples of the latter type of
337datagram server.
338The
339.Xr tftpd 8
340utility is an example of a multi-threaded datagram server.
341.Pp
342Servers using stream sockets generally are multi-threaded and
343use the
344.Dq nowait
345entry.
346Connection requests for these services are accepted by
347.Nm ,
348and the server is given only the newly-accepted socket connected
349to a client of the service.
350Most stream-based services operate in this manner.
351Stream-based servers that use
352.Dq wait
353are started with the listening service socket, and must accept
354at least one connection request before exiting.
355Such a server would normally accept and process incoming connection
356requests until a timeout.
357TCPMUX services must use
358.Dq nowait .
359.Pp
360The maximum number of outstanding child processes (or
361.Dq threads )
362for a
363.Dq nowait
364service may be explicitly specified by appending a
365.Dq /
366followed by the number to the
367.Dq nowait
368keyword.
369Normally
370(or if a value of zero is specified) there is no maximum.
371Otherwise,
372once the maximum is reached, further connection attempts will be
373queued up until an existing child process exits.
374This also works
375in the case of
376.Dq wait
377mode, although a value other than one (the
378default) might not make sense in some cases.
379You can also specify the maximum number of connections per minute
380for a given IP address by appending
381a
382.Dq /
383followed by the number to the maximum number of
384outstanding child processes.
385Once the maximum is reached, further
386connections from this IP address will be dropped until the end of the
387minute.
388In addition, you can specify the maximum number of simultaneous
389invocations of each service from a single IP address by appending a
390.Dq /
391followed by the number to the maximum number of outstanding child
392processes.
393Once the maximum is reached, further connections from this
394IP address will be dropped.
395.Pp
396The
397.Em user
398entry should contain the user name of the user as whom the server
399should run.
400This allows for servers to be given less permission
401than root.
402The optional
403.Em group
404part separated by
405.Dq \&:
406allows a group name other
407than the default group for this user to be specified.
408The optional
409.Em login-class
410part separated by
411.Dq /
412allows specification of a login class other
413than the default
414.Dq daemon
415login class.
416.Pp
417The
418.Em server-program
419entry should contain the pathname of the program which is to be
420executed by
421.Nm
422when a request is found on its socket.
423If
424.Nm
425provides this service internally, this entry should
426be
427.Dq internal .
428.Pp
429The
430.Em server-program-arguments
431entry lists the arguments to be passed to the
432.Em server-program ,
433starting with argv[0], which usually is the name of
434the program.
435If the service is provided internally, the
436.Em service-name
437of the service (and any arguments to it) or the word
438.Dq internal
439should take the place of this entry.
440.Pp
441Currently, the only internal service to take arguments is
442.Dq auth .
443Without options, the service will always return
444.Dq ERROR\ : HIDDEN-USER .
445The available arguments to this service that alter its behavior are:
446.Bl -tag -width indent
447.It Fl d Ar fallback
448Provide a
449.Ar fallback
450username.
451If the real
452.Dq auth
453service is enabled
454(with the
455.Fl r
456option discussed below),
457return this username instead of an error
458when lookups fail
459for either socket credentials or the username.
460If the real
461.Dq auth
462service is disabled,
463return this username for every request.
464This is primarily useful when running this service on a NAT machine.
465.It Fl F
466Same as
467.Fl f
468but without the restriction that the username in
469.Pa .fakeid
470must not match an existing user.
471.It Fl f
472If the file
473.Pa .fakeid
474exists in the home directory of the identified user, report the username
475found in that file instead of the real username.
476If the username found in
477.Pa .fakeid
478is that of an existing user,
479then the real username is reported.
480If the
481.Fl i
482flag is also given then the username in
483.Pa .fakeid
484is checked against existing user IDs instead.
485.It Fl g
486Instead of returning
487the user's name to the ident requester,
488report a
489username made up of random alphanumeric characters,
490e.g.,
491.Dq c0c993 .
492The
493.Fl g
494flag overrides not only the user names,
495but also any fallback name,
496.Pa .fakeid
497or
498.Pa .noident
499files.
500.It Fl i
501Return numeric user IDs instead of usernames.
502.It Fl n
503If the file
504.Pa .noident
505exists in the home directory of the identified user, return
506.Dq ERROR\ : HIDDEN-USER .
507This overrides any
508.Pa fakeid
509file which might exist.
510.It Fl o Ar osname
511Use
512.Ar osname
513instead of the name of the system as reported by
514.Xr uname 3 .
515.It Fl r
516Offer a real
517.Dq auth
518service, as per RFC 1413.
519All the remaining flags apply only in this case.
520.It Fl t Xo
521.Ar sec Ns Op Cm \&. Ns Ar usec
522.Xc
523Specify a timeout for the service.
524The default timeout is 10.0 seconds.
525.El
526.Pp
527The
528.Nm
529utility also provides several other
530.Dq trivial
531services internally by use of
532routines within itself.
533These services are
534.Dq echo ,
535.Dq discard ,
536.Dq chargen
537(character generator),
538.Dq daytime
539(human readable time), and
540.Dq time
541(machine readable time, in the form of the number of seconds since
542midnight, January 1, 1900).
543All of these services are available in
544both TCP and UDP versions; the UDP versions will refuse service if the
545request specifies a reply port corresponding to any internal service.
546(This is done as a defense against looping attacks; the remote IP address
547is logged.)
548For details of these services, consult the
549appropriate
550RFC
551document.
552.Pp
553The TCPMUX-demultiplexing service is also implemented as an internal service.
554For any TCPMUX-based service to function, the following line must be included
555in
556.Pa inetd.conf :
557.Bd -literal -offset indent
558tcpmux	stream	tcp	nowait	root	internal
559.Ed
560.Pp
561When given the
562.Fl l
563option
564.Nm
565will log an entry to syslog each time a connection is accepted, noting the
566service selected and the IP-number of the remote requester if available.
567Unless otherwise specified in the configuration file,
568and in the absence of the
569.Fl W
570and
571.Fl w
572options,
573.Nm
574will log to the
575.Dq daemon
576facility.
577.Pp
578The
579.Nm
580utility rereads its configuration file when it receives a hangup signal,
581.Dv SIGHUP .
582Services may be added, deleted or modified when the configuration file
583is reread.
584Except when started in debugging mode,
585or configured otherwise with the
586.Fl p
587option,
588.Nm
589records its process ID in the file
590.Pa /var/run/inetd.pid
591to assist in reconfiguration.
592.Sh IMPLEMENTATION NOTES
593.Ss TCP Wrappers
594When given the
595.Fl w
596option,
597.Nm
598will wrap all services specified as
599.Dq stream nowait
600or
601.Dq dgram
602except for
603.Dq internal
604services.
605If the
606.Fl W
607option is given, such
608.Dq internal
609services will be wrapped.
610If both options are given, wrapping for both
611internal and external services will be enabled.
612Either wrapping option
613will cause failed connections to be logged to the
614.Dq auth
615syslog facility.
616Adding the
617.Fl l
618flag to the wrapping options will include successful connections in the
619logging to the
620.Dq auth
621facility.
622.Pp
623Note that
624.Nm
625only wraps requests for a
626.Dq wait
627service while no servers are available to service requests.
628Once a
629connection to such a service has been allowed,
630.Nm
631has no control
632over subsequent connections to the service until no more servers
633are left listening for connection requests.
634.Pp
635When wrapping is enabled, the
636.Pa tcpd
637daemon is not required, as that functionality is builtin.
638For more information on TCP Wrappers, see the relevant documentation
639.Pq Xr hosts_access 5 .
640When reading that document, keep in mind that
641.Dq internal
642services have no associated daemon name.
643Therefore, the service name
644as specified in
645.Pa inetd.conf
646should be used as the daemon name for
647.Dq internal
648services.
649.Ss TCPMUX
650RFC 1078
651describes the TCPMUX protocol:
652``A TCP client connects to a foreign host on TCP port 1.
653It sends the
654service name followed by a carriage-return line-feed <CRLF>.
655The
656service name is never case sensitive.
657The server replies with a
658single character indicating positive (+) or negative (\-)
659acknowledgment, immediately followed by an optional message of
660explanation, terminated with a <CRLF>.
661If the reply was positive,
662the selected protocol begins; otherwise the connection is closed.''
663The program is passed the TCP connection as file descriptors 0 and 1.
664.Pp
665If the TCPMUX service name begins with a
666.Dq + ,
667.Nm
668returns the positive reply for the program.
669This allows you to invoke programs that use stdin/stdout
670without putting any special server code in them.
671.Pp
672The special service name
673.Dq help
674causes
675.Nm
676to list the TCPMUX services which are enabled in
677.Pa inetd.conf .
678.Ss IPsec
679The implementation includes a tiny hack
680to support IPsec policy settings for each socket.
681A special form of comment line, starting with
682.Dq Li #@ ,
683is interpreted as a policy specifier.
684Everything after the
685.Dq Li #@
686will be used as an IPsec policy string,
687as described in
688.Xr ipsec_set_policy 3 .
689Each
690policy specifier is applied to all the following lines in
691.Pa inetd.conf
692until the next policy specifier.
693An empty policy specifier resets the IPsec policy.
694.Pp
695If an invalid IPsec policy specifier appears in
696.Pa inetd.conf ,
697.Nm
698will provide an error message via the
699.Xr syslog 3
700interface and abort execution.
701.Ss Ux Domain Sockets
702In addition to running services on IP sockets,
703.Nm
704can also manage
705.Ux
706domain sockets.
707To do this you specify a
708.Em protocol
709of
710.Dq unix
711and specify the
712.Ux
713domain socket as the
714.Em service-name .
715The
716.Em service-type
717may be
718.Dq stream
719or
720.Dq dgram .
721The specification of the socket must be
722an absolute path name,
723optionally prefixed by an owner and mode
724of the form
725.Em ":user:group:mode\&:" .
726The specification:
727.Pp
728.Dl ":news:daemon:220:/var/run/sock"
729.Pp
730creates a socket owned
731by user
732.Dq news
733in group
734.Dq daemon
735with permissions allowing only that user and group to connect.
736The default owner is the user that
737.Nm
738is running as.
739The default mode only allows the socket's owner to connect.
740.Pp
741.Sy WARNING :
742while creating a
743.Ux
744domain socket,
745.Nm
746must change the ownership and permissions on the socket.
747This can only be done securely if
748the directory in which the socket is created
749is writable only by root.
750Do
751.Em NOT
752use
753.Nm
754to create sockets in world writable directories
755such as
756.Pa /tmp ;
757use
758.Pa /var/run
759or a similar directory instead.
760.Pp
761Internal services may be run on
762.Ux
763domain sockets, in the usual way.
764In this case
765the name of the internal service
766is determined using
767the last component of the socket's pathname.
768For example, specifying a socket named
769.Pa /var/run/chargen
770would invoke the
771.Dq chargen
772service when a connection is received on that socket.
773.Sh "FILES"
774.Bl -tag -width /var/run/inetd.pid -compact
775.It Pa /etc/inetd.conf
776configuration file
777.It Pa /etc/netconfig
778network configuration data base
779.It Pa /etc/rpc
780translation of service names to RPC program numbers
781.It Pa /etc/services
782translation of service names to port numbers
783.It Pa /var/run/inetd.pid
784the pid of the currently running
785.Nm
786.El
787.Sh "EXAMPLES"
788Examples for a variety of services are available in
789.Pa /etc/inetd.conf .
790.Pp
791It includes examples for
792.Nm bootpd ,
793.Nm comsat ,
794.Nm cvs ,
795.Nm date ,
796.Nm fingerd ,
797.Nm ftpd ,
798.Nm imapd ,
799.Nm nc ,
800.Nm nmbd ,
801.Nm nntpd ,
802.Nm rlogind ,
803.Nm rpc.rquotad ,
804.Nm rpc.rusersd ,
805.Nm rpc.rwalld ,
806.Nm rpc.statd ,
807.Nm rpc.sprayd ,
808.Nm rshd ,
809.Nm prometheus_sysctl_exporter ,
810.Nm smtpd ,
811.Nm smbd ,
812.Nm swat
813.Nm talkd ,
814.Nm telnetd ,
815.Nm tftpd ,
816.Nm uucpd .
817.Pp
818The internal services provided by
819.Nm
820for daytime, time, echo, discard and chargen are also
821included, as well as chargen for
822.Nm ipsec
823Authentication Headers
824.Pp
825Examples for handling auth requests via
826.Nm identd ,
827are similarly included.
828.Sh "ERROR MESSAGES"
829The
830.Nm
831server
832logs error messages using
833.Xr syslog 3 .
834Important error messages and their explanations are:
835.Pp
836.Bl -ohang -compact
837.It Xo
838.Ar service Ns / Ns Ar protocol
839.No "server failing (looping), service terminated."
840.Xc
841The number of requests for the specified service in the past minute
842exceeded the limit.
843The limit exists to prevent a broken program
844or a malicious user from swamping the system.
845This message may occur for several reasons:
846.Bl -enum -offset indent
847.It
848There are many hosts requesting the service within a short time period.
849.It
850A broken client program is requesting the service too frequently.
851.It
852A malicious user is running a program to invoke the service in
853a denial-of-service attack.
854.It
855The invoked service program has an error that causes clients
856to retry quickly.
857.El
858.Pp
859Use the
860.Fl R Ar rate
861option,
862as described above, to change the rate limit.
863Once the limit is reached, the service will be
864reenabled automatically in 10 minutes.
865.Pp
866.It Xo
867.Ar service Ns / Ns Ar protocol :
868.No \&No such user
869.Ar user ,
870.No service ignored
871.Xc
872.It Xo
873.Ar service Ns / Ns Ar protocol :
874.No getpwnam :
875.Ar user :
876.No \&No such user
877.Xc
878No entry for
879.Ar user
880exists in the
881.Xr passwd 5
882database.
883The first message
884occurs when
885.Nm
886(re)reads the configuration file.
887The second message occurs when the
888service is invoked.
889.Pp
890.It Xo
891.Ar service :
892.No can't set uid
893.Ar uid
894.Xc
895.It Xo
896.Ar service :
897.No can't set gid
898.Ar gid
899.Xc
900The user or group ID for the entry's
901.Ar user
902field is invalid.
903.Pp
904.It "setsockopt(SO_PRIVSTATE): Operation not supported"
905The
906.Nm
907utility attempted to renounce the privileged state associated with a
908socket but was unable to.
909.Pp
910.It Xo unknown
911.Ar rpc/udp
912or
913.Ar rpc/tcp
914.Xc
915No entry was found for either
916.Ar udp
917or
918.Ar tcp
919in the
920.Xr netconfig 5
921database.
922.Pp
923.It Xo unknown
924.Ar rpc/udp6
925or
926.Ar rpc/tcp6
927.Xc
928No entry was found for either
929.Ar udp6
930or
931.Ar tcp6
932in the
933.Xr netconfig 5
934database.
935.El
936.Sh SEE ALSO
937.Xr cvs 1 Pq Pa ports/devel/opencvs ,
938.Xr date 1 ,
939.Xr nc 1 ,
940.Xr ipsec_set_policy 3 ,
941.Xr ipsec 4 ,
942.Xr hosts_access 5 ,
943.Xr hosts_options 5 ,
944.Xr login.conf 5 ,
945.Xr netconfig 5 ,
946.Xr passwd 5 ,
947.Xr rpc 5 ,
948.Xr services 5 ,
949.Xr bootpd 8 ,
950.Xr comsat 8 ,
951.Xr fingerd 8 ,
952.Xr ftpd 8 ,
953.Xr imapd 8 Pq Pa ports/mail/courier-imap ,
954.Xr nmbd 8 Pq Pa ports/net/samba412 ,
955.Xr rlogind 8 ,
956.Xr rpc.rquotad 8 ,
957.Xr rpc.rusersd 8 ,
958.Xr rpc.rwalld 8 ,
959.Xr rpc.statd 8 ,
960.Xr rshd 8 ,
961.Xr prometheus_sysctl_exporter 8 ,
962.Xr smbd 8 Pq Pa ports/net/samba412 ,
963.Xr talkd 8 ,
964.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd ,
965.Xr tftpd 8 ,
966.Xr uucpd 8 Pq Pa ports/net/freebsd-uucp
967.Rs
968.%A Michael C. St. Johns
969.%T Identification Protocol
970.%O RFC1413
971.Re
972.Sh HISTORY
973The
974.Nm
975utility appeared in
976.Bx 4.3 .
977TCPMUX is based on code and documentation by Mark Lottor.
978Support for
979ONC RPC-based services is modeled after that
980provided by
981SunOS
9824.1.
983The IPsec hack was contributed by the KAME project in 1999.
984The
985.Fx
986TCP Wrappers support first appeared in
987.Fx 3.2 .
988