xref: /freebsd/usr.sbin/inetd/inetd.8 (revision 2ad756a6bbb30fc98ee9000fba5bceec916a6c70)
1.\" Copyright (c) 1985, 1991, 1993, 1994
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     from: @(#)inetd.8	8.3 (Berkeley) 4/13/94
29.\"
30.Dd September 29, 2022
31.Dt INETD 8
32.Os
33.Sh NAME
34.Nm inetd
35.Nd internet
36.Dq super-server
37.Sh SYNOPSIS
38.Nm
39.Op Fl dlWw
40.Op Fl a Ar address
41.Op Fl C Ar rate
42.Op Fl c Ar maximum
43.Op Fl p Ar filename
44.Op Fl R Ar rate
45.Op Fl s Ar maximum
46.Op Ar configuration_file
47.Sh DESCRIPTION
48The
49.Nm
50utility should be run at boot time by
51.Pa /etc/rc
52(see
53.Xr rc 8 ) .
54It then listens for connections on certain
55internet sockets.
56When a connection is found on one
57of its sockets, it decides what service the socket
58corresponds to, and invokes a program to service the request.
59The server program is invoked with the service socket
60as its standard input, output and error descriptors.
61After the program is
62finished,
63.Nm
64continues to listen on the socket (except in some cases which
65will be described below).
66Essentially,
67.Nm
68allows running one daemon to invoke several others,
69reducing load on the system.
70.Pp
71The following options are available:
72.Bl -tag -width indent
73.It Fl a Ar address
74Specify one specific IP address to bind to.
75Alternatively, a hostname can be specified,
76in which case the IPv4 or IPv6 address
77which corresponds to that hostname is used.
78Usually a hostname is specified when
79.Nm
80is run inside a
81.Xr jail 8 ,
82in which case the hostname corresponds to that of the
83.Xr jail 8
84environment.
85.Pp
86When the hostname specification is used
87and both IPv4 and IPv6 bindings are desired,
88one entry with the appropriate
89.Em protocol
90type for each binding
91is required for each service in
92.Pa /etc/inetd.conf .
93For example,
94a TCP-based service would need two entries,
95one using
96.Dq tcp4
97for the
98.Em protocol
99and the other using
100.Dq tcp6 .
101See the explanation of the
102.Pa /etc/inetd.conf
103.Em protocol
104field below.
105.It Fl C Ar rate
106Specify the default maximum number of times a service can be invoked
107from a single IP address in one minute; the default is unlimited.
108May be overridden on a per-service basis with the
109"max-connections-per-ip-per-minute" parameter.
110.It Fl c Ar maximum
111Specify the default maximum number of
112simultaneous invocations of each service;
113the default is unlimited.
114May be overridden on a per-service basis with the "max-child"
115parameter.
116.It Fl d
117Turn on debugging.
118.It Fl l
119Turn on logging of successful connections.
120.It Fl p
121Specify an alternate file in which to store the process ID.
122.It Fl R Ar rate
123Specify the maximum number of times a service can be invoked
124in one minute; the default is 256.
125A rate of 0 allows an unlimited number of invocations.
126.It Fl s Ar maximum
127Specify the default maximum number of
128simultaneous invocations of each service from a single IP address;
129the default is unlimited.
130May be overridden on a per-service basis with the "max-child-per-ip"
131parameter.
132.It Fl W
133Turn on TCP Wrapping for internal services which are built in to
134.Nm .
135.It Fl w
136Turn on TCP Wrapping for external services.
137See the
138.Sx "IMPLEMENTATION NOTES"
139section for more information on TCP Wrappers support.
140.El
141.Pp
142Upon execution,
143.Nm
144reads its configuration information from a configuration
145file which, by default, is
146.Pa /etc/inetd.conf .
147There must be an entry for each field of the configuration
148file, with entries for each field separated by a tab or
149a space.
150Comments are denoted by a
151.Dq #
152at the beginning
153of a line.
154There must be an entry for each field.
155The
156fields of the configuration file are as follows:
157.Pp
158.Bd -unfilled -offset indent -compact
159service-name
160socket-type
161protocol
162{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
163user[:group][/login-class]
164server-program
165server-program-arguments
166.Ed
167.Pp
168To specify an
169ONC RPC-based
170service, the entry would contain these fields:
171.Pp
172.Bd -unfilled -offset indent -compact
173service-name/version
174socket-type
175rpc/protocol
176{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
177user[:group][/login-class]
178server-program
179server-program-arguments
180.Ed
181.Pp
182There are two types of services that
183.Nm
184can start: standard and TCPMUX.
185A standard service has a well-known port assigned to it;
186it may be a service that implements an official Internet standard or is a
187.Bx Ns -specific
188service.
189As described in
190RFC 1078,
191TCPMUX services are nonstandard services that do not have a
192well-known port assigned to them.
193They are invoked from
194.Nm
195when a program connects to the
196.Dq tcpmux
197well-known port and specifies
198the service name.
199This feature is useful for adding locally-developed servers.
200TCPMUX requests are only accepted when the multiplexor service itself
201is enabled, above and beyond and specific TCPMUX-based servers; see the
202discussion of internal services below.
203.Pp
204The
205.Em service-name
206entry is the name of a valid service in
207the file
208.Pa /etc/services ,
209or the specification of a
210.Ux
211domain socket (see below).
212For
213.Dq internal
214services (discussed below), the service
215name
216should
217be the official name of the service (that is, the first entry in
218.Pa /etc/services ) .
219When used to specify an
220ONC RPC-based
221service, this field is a valid RPC service name listed in
222the file
223.Pa /etc/rpc .
224The part on the right of the
225.Dq /
226is the RPC version number.
227This
228can simply be a single numeric argument or a range of versions.
229A range is bounded by the low version to the high version -
230.Dq rusers/1-3 .
231For TCPMUX services, the value of the
232.Em service-name
233field consists of the string
234.Dq tcpmux
235followed by a slash and the
236locally-chosen service name.
237The service names listed in
238.Pa /etc/services
239and the name
240.Dq help
241are reserved.
242Try to choose unique names for your TCPMUX services by prefixing them with
243your organization's name and suffixing them with a version number.
244.Pp
245The
246.Em socket-type
247should be one of
248.Dq stream ,
249.Dq dgram ,
250.Dq raw ,
251.Dq rdm ,
252or
253.Dq seqpacket ,
254depending on whether the socket is a stream, datagram, raw,
255reliably delivered message, or sequenced packet socket.
256TCPMUX services must use
257.Dq stream .
258.Pp
259The
260.Em protocol
261must be a valid protocol or
262.Dq unix .
263Examples are
264.Dq tcp
265or
266.Dq udp ,
267both of which imply IPv4 for backward compatibility.
268The names
269.Dq tcp4
270and
271.Dq udp4
272specify IPv4 only.
273The names
274.Dq tcp6
275and
276.Dq udp6
277specify IPv6 only.
278The names
279.Dq tcp46
280and
281.Dq udp46
282specify that the entry accepts both IPv4 and IPv6 connections
283via a wildcard
284.Dv AF_INET6
285socket.
286Rpc based services
287are specified with the
288.Dq rpc/tcp
289or
290.Dq rpc/udp
291service type.
292One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example
293.Dq rpc/tcp6
294or
295.Dq rpc/udp46 .
296TCPMUX services must use
297.Dq tcp ,
298.Dq tcp4 ,
299.Dq tcp6
300or
301.Dq tcp46 .
302.Pp
303The
304.Em wait/nowait
305entry specifies whether the server that is invoked by
306.Nm
307will take over
308the socket associated with the service access point, and thus whether
309.Nm
310should wait for the server to exit before listening for new service
311requests.
312Datagram servers must use
313.Dq wait ,
314as they are always invoked with the original datagram socket bound
315to the specified service address.
316These servers must read at least one datagram from the socket
317before exiting.
318If a datagram server connects
319to its peer, freeing the socket so
320.Nm
321can receive further messages on the socket, it is said to be
322a
323.Dq multi-threaded
324server;
325it should read one datagram from the socket and create a new socket
326connected to the peer.
327It should fork, and the parent should then exit
328to allow
329.Nm
330to check for new service requests to spawn new servers.
331Datagram servers which process all incoming datagrams
332on a socket and eventually time out are said to be
333.Dq single-threaded .
334The
335.Xr comsat 8
336and
337.Xr talkd 8
338utilities are examples of the latter type of
339datagram server.
340The
341.Xr tftpd 8
342utility is an example of a multi-threaded datagram server.
343.Pp
344Servers using stream sockets generally are multi-threaded and
345use the
346.Dq nowait
347entry.
348Connection requests for these services are accepted by
349.Nm ,
350and the server is given only the newly-accepted socket connected
351to a client of the service.
352Most stream-based services operate in this manner.
353Stream-based servers that use
354.Dq wait
355are started with the listening service socket, and must accept
356at least one connection request before exiting.
357Such a server would normally accept and process incoming connection
358requests until a timeout.
359TCPMUX services must use
360.Dq nowait .
361.Pp
362The maximum number of outstanding child processes (or
363.Dq threads )
364for a
365.Dq nowait
366service may be explicitly specified by appending a
367.Dq /
368followed by the number to the
369.Dq nowait
370keyword.
371Normally
372(or if a value of zero is specified) there is no maximum.
373Otherwise,
374once the maximum is reached, further connection attempts will be
375queued up until an existing child process exits.
376This also works
377in the case of
378.Dq wait
379mode, although a value other than one (the
380default) might not make sense in some cases.
381You can also specify the maximum number of connections per minute
382for a given IP address by appending
383a
384.Dq /
385followed by the number to the maximum number of
386outstanding child processes.
387Once the maximum is reached, further
388connections from this IP address will be dropped until the end of the
389minute.
390In addition, you can specify the maximum number of simultaneous
391invocations of each service from a single IP address by appending a
392.Dq /
393followed by the number to the maximum number of outstanding child
394processes.
395Once the maximum is reached, further connections from this
396IP address will be dropped.
397.Pp
398The
399.Em user
400entry should contain the user name of the user as whom the server
401should run.
402This allows for servers to be given less permission
403than root.
404The optional
405.Em group
406part separated by
407.Dq \&:
408allows a group name other
409than the default group for this user to be specified.
410The optional
411.Em login-class
412part separated by
413.Dq /
414allows specification of a login class other
415than the default
416.Dq daemon
417login class.
418.Pp
419The
420.Em server-program
421entry should contain the pathname of the program which is to be
422executed by
423.Nm
424when a request is found on its socket.
425If
426.Nm
427provides this service internally, this entry should
428be
429.Dq internal .
430.Pp
431The
432.Em server-program-arguments
433entry lists the arguments to be passed to the
434.Em server-program ,
435starting with argv[0], which usually is the name of
436the program.
437If the service is provided internally, the
438.Em service-name
439of the service (and any arguments to it) or the word
440.Dq internal
441should take the place of this entry.
442.Pp
443Currently, the only internal service to take arguments is
444.Dq auth .
445Without options, the service will always return
446.Dq ERROR\ : HIDDEN-USER .
447The available arguments to this service that alter its behavior are:
448.Bl -tag -width indent
449.It Fl d Ar fallback
450Provide a
451.Ar fallback
452username.
453If the real
454.Dq auth
455service is enabled
456(with the
457.Fl r
458option discussed below),
459return this username instead of an error
460when lookups fail
461for either socket credentials or the username.
462If the real
463.Dq auth
464service is disabled,
465return this username for every request.
466This is primarily useful when running this service on a NAT machine.
467.It Fl F
468Same as
469.Fl f
470but without the restriction that the username in
471.Pa .fakeid
472must not match an existing user.
473.It Fl f
474If the file
475.Pa .fakeid
476exists in the home directory of the identified user, report the username
477found in that file instead of the real username.
478If the username found in
479.Pa .fakeid
480is that of an existing user,
481then the real username is reported.
482If the
483.Fl i
484flag is also given then the username in
485.Pa .fakeid
486is checked against existing user IDs instead.
487.It Fl g
488Instead of returning
489the user's name to the ident requester,
490report a
491username made up of random alphanumeric characters,
492e.g.,
493.Dq c0c993 .
494The
495.Fl g
496flag overrides not only the user names,
497but also any fallback name,
498.Pa .fakeid
499or
500.Pa .noident
501files.
502.It Fl i
503Return numeric user IDs instead of usernames.
504.It Fl n
505If the file
506.Pa .noident
507exists in the home directory of the identified user, return
508.Dq ERROR\ : HIDDEN-USER .
509This overrides any
510.Pa fakeid
511file which might exist.
512.It Fl o Ar osname
513Use
514.Ar osname
515instead of the name of the system as reported by
516.Xr uname 3 .
517.It Fl r
518Offer a real
519.Dq auth
520service, as per RFC 1413.
521All the remaining flags apply only in this case.
522.It Fl t Xo
523.Ar sec Ns Op Cm \&. Ns Ar usec
524.Xc
525Specify a timeout for the service.
526The default timeout is 10.0 seconds.
527.El
528.Pp
529The
530.Nm
531utility also provides several other
532.Dq trivial
533services internally by use of
534routines within itself.
535These services are
536.Dq echo ,
537.Dq discard ,
538.Dq chargen
539(character generator),
540.Dq daytime
541(human readable time), and
542.Dq time
543(machine readable time, in the form of the number of seconds since
544midnight, January 1, 1900).
545All of these services are available in
546both TCP and UDP versions; the UDP versions will refuse service if the
547request specifies a reply port corresponding to any internal service.
548(This is done as a defense against looping attacks; the remote IP address
549is logged.)
550For details of these services, consult the
551appropriate
552RFC
553document.
554.Pp
555The TCPMUX-demultiplexing service is also implemented as an internal service.
556For any TCPMUX-based service to function, the following line must be included
557in
558.Pa inetd.conf :
559.Bd -literal -offset indent
560tcpmux	stream	tcp	nowait	root	internal
561.Ed
562.Pp
563When given the
564.Fl l
565option
566.Nm
567will log an entry to syslog each time a connection is accepted, noting the
568service selected and the IP-number of the remote requester if available.
569Unless otherwise specified in the configuration file,
570and in the absence of the
571.Fl W
572and
573.Fl w
574options,
575.Nm
576will log to the
577.Dq daemon
578facility.
579.Pp
580The
581.Nm
582utility rereads its configuration file when it receives a hangup signal,
583.Dv SIGHUP .
584Services may be added, deleted or modified when the configuration file
585is reread.
586Except when started in debugging mode,
587or configured otherwise with the
588.Fl p
589option,
590.Nm
591records its process ID in the file
592.Pa /var/run/inetd.pid
593to assist in reconfiguration.
594.Sh IMPLEMENTATION NOTES
595.Ss TCP Wrappers
596When given the
597.Fl w
598option,
599.Nm
600will wrap all services specified as
601.Dq stream nowait
602or
603.Dq dgram
604except for
605.Dq internal
606services.
607If the
608.Fl W
609option is given, such
610.Dq internal
611services will be wrapped.
612If both options are given, wrapping for both
613internal and external services will be enabled.
614Either wrapping option
615will cause failed connections to be logged to the
616.Dq auth
617syslog facility.
618Adding the
619.Fl l
620flag to the wrapping options will include successful connections in the
621logging to the
622.Dq auth
623facility.
624.Pp
625Note that
626.Nm
627only wraps requests for a
628.Dq wait
629service while no servers are available to service requests.
630Once a
631connection to such a service has been allowed,
632.Nm
633has no control
634over subsequent connections to the service until no more servers
635are left listening for connection requests.
636.Pp
637When wrapping is enabled, the
638.Pa tcpd
639daemon is not required, as that functionality is builtin.
640For more information on TCP Wrappers, see the relevant documentation
641.Pq Xr hosts_access 5 .
642When reading that document, keep in mind that
643.Dq internal
644services have no associated daemon name.
645Therefore, the service name
646as specified in
647.Pa inetd.conf
648should be used as the daemon name for
649.Dq internal
650services.
651.Ss TCPMUX
652RFC 1078
653describes the TCPMUX protocol:
654``A TCP client connects to a foreign host on TCP port 1.
655It sends the
656service name followed by a carriage-return line-feed <CRLF>.
657The
658service name is never case sensitive.
659The server replies with a
660single character indicating positive (+) or negative (\-)
661acknowledgment, immediately followed by an optional message of
662explanation, terminated with a <CRLF>.
663If the reply was positive,
664the selected protocol begins; otherwise the connection is closed.''
665The program is passed the TCP connection as file descriptors 0 and 1.
666.Pp
667If the TCPMUX service name begins with a
668.Dq + ,
669.Nm
670returns the positive reply for the program.
671This allows you to invoke programs that use stdin/stdout
672without putting any special server code in them.
673.Pp
674The special service name
675.Dq help
676causes
677.Nm
678to list the TCPMUX services which are enabled in
679.Pa inetd.conf .
680.Ss IPsec
681The implementation includes a tiny hack
682to support IPsec policy settings for each socket.
683A special form of comment line, starting with
684.Dq Li #@ ,
685is interpreted as a policy specifier.
686Everything after the
687.Dq Li #@
688will be used as an IPsec policy string,
689as described in
690.Xr ipsec_set_policy 3 .
691Each
692policy specifier is applied to all the following lines in
693.Pa inetd.conf
694until the next policy specifier.
695An empty policy specifier resets the IPsec policy.
696.Pp
697If an invalid IPsec policy specifier appears in
698.Pa inetd.conf ,
699.Nm
700will provide an error message via the
701.Xr syslog 3
702interface and abort execution.
703.Ss Ux Domain Sockets
704In addition to running services on IP sockets,
705.Nm
706can also manage
707.Ux
708domain sockets.
709To do this you specify a
710.Em protocol
711of
712.Dq unix
713and specify the
714.Ux
715domain socket as the
716.Em service-name .
717The
718.Em service-type
719may be
720.Dq stream
721or
722.Dq dgram .
723The specification of the socket must be
724an absolute path name,
725optionally prefixed by an owner and mode
726of the form
727.Em ":user:group:mode\&:" .
728The specification:
729.Pp
730.Dl ":news:daemon:220:/var/run/sock"
731.Pp
732creates a socket owned
733by user
734.Dq news
735in group
736.Dq daemon
737with permissions allowing only that user and group to connect.
738The default owner is the user that
739.Nm
740is running as.
741The default mode only allows the socket's owner to connect.
742.Pp
743.Sy WARNING :
744while creating a
745.Ux
746domain socket,
747.Nm
748must change the ownership and permissions on the socket.
749This can only be done securely if
750the directory in which the socket is created
751is writable only by root.
752Do
753.Em NOT
754use
755.Nm
756to create sockets in world writable directories
757such as
758.Pa /tmp ;
759use
760.Pa /var/run
761or a similar directory instead.
762.Pp
763Internal services may be run on
764.Ux
765domain sockets, in the usual way.
766In this case
767the name of the internal service
768is determined using
769the last component of the socket's pathname.
770For example, specifying a socket named
771.Pa /var/run/chargen
772would invoke the
773.Dq chargen
774service when a connection is received on that socket.
775.Sh "FILES"
776.Bl -tag -width /var/run/inetd.pid -compact
777.It Pa /etc/inetd.conf
778configuration file
779.It Pa /etc/netconfig
780network configuration data base
781.It Pa /etc/rpc
782translation of service names to RPC program numbers
783.It Pa /etc/services
784translation of service names to port numbers
785.It Pa /var/run/inetd.pid
786the pid of the currently running
787.Nm
788.El
789.Sh "EXAMPLES"
790Examples for a variety of services are available in
791.Pa /etc/inetd.conf .
792.Pp
793It includes examples for
794.Nm bootpd ,
795.Nm comsat ,
796.Nm cvs ,
797.Nm date ,
798.Nm fingerd ,
799.Nm ftpd ,
800.Nm imapd ,
801.Nm nc ,
802.Nm nmbd ,
803.Nm nntpd ,
804.Nm rlogind ,
805.Nm rpc.rquotad ,
806.Nm rpc.rusersd ,
807.Nm rpc.rwalld ,
808.Nm rpc.statd ,
809.Nm rpc.sprayd ,
810.Nm rshd ,
811.Nm prometheus_sysctl_exporter ,
812.Nm smtpd ,
813.Nm smbd ,
814.Nm swat
815.Nm talkd ,
816.Nm telnetd ,
817.Nm tftpd ,
818.Nm uucpd .
819.Pp
820The internal services provided by
821.Nm
822for daytime, time, echo, discard and chargen are also
823included, as well as chargen for
824.Nm ipsec
825Authentication Headers
826.Pp
827Examples for handling auth requests via
828.Nm identd ,
829are similarly included.
830.Sh "ERROR MESSAGES"
831The
832.Nm
833server
834logs error messages using
835.Xr syslog 3 .
836Important error messages and their explanations are:
837.Pp
838.Bl -ohang -compact
839.It Xo
840.Ar service Ns / Ns Ar protocol
841.No "server failing (looping), service terminated."
842.Xc
843The number of requests for the specified service in the past minute
844exceeded the limit.
845The limit exists to prevent a broken program
846or a malicious user from swamping the system.
847This message may occur for several reasons:
848.Bl -enum -offset indent
849.It
850There are many hosts requesting the service within a short time period.
851.It
852A broken client program is requesting the service too frequently.
853.It
854A malicious user is running a program to invoke the service in
855a denial-of-service attack.
856.It
857The invoked service program has an error that causes clients
858to retry quickly.
859.El
860.Pp
861Use the
862.Fl R Ar rate
863option,
864as described above, to change the rate limit.
865Once the limit is reached, the service will be
866reenabled automatically in 10 minutes.
867.Pp
868.It Xo
869.Ar service Ns / Ns Ar protocol :
870.No \&No such user
871.Ar user ,
872.No service ignored
873.Xc
874.It Xo
875.Ar service Ns / Ns Ar protocol :
876.No getpwnam :
877.Ar user :
878.No \&No such user
879.Xc
880No entry for
881.Ar user
882exists in the
883.Xr passwd 5
884database.
885The first message
886occurs when
887.Nm
888(re)reads the configuration file.
889The second message occurs when the
890service is invoked.
891.Pp
892.It Xo
893.Ar service :
894.No can't set uid
895.Ar uid
896.Xc
897.It Xo
898.Ar service :
899.No can't set gid
900.Ar gid
901.Xc
902The user or group ID for the entry's
903.Ar user
904field is invalid.
905.Pp
906.It "setsockopt(SO_PRIVSTATE): Operation not supported"
907The
908.Nm
909utility attempted to renounce the privileged state associated with a
910socket but was unable to.
911.Pp
912.It Xo unknown
913.Ar rpc/udp
914or
915.Ar rpc/tcp
916.Xc
917No entry was found for either
918.Ar udp
919or
920.Ar tcp
921in the
922.Xr netconfig 5
923database.
924.Pp
925.It Xo unknown
926.Ar rpc/udp6
927or
928.Ar rpc/tcp6
929.Xc
930No entry was found for either
931.Ar udp6
932or
933.Ar tcp6
934in the
935.Xr netconfig 5
936database.
937.El
938.Sh SEE ALSO
939.Xr cvs 1 Pq Pa ports/devel/opencvs ,
940.Xr date 1 ,
941.Xr nc 1 ,
942.Xr ipsec_set_policy 3 ,
943.Xr ipsec 4 ,
944.Xr hosts_access 5 ,
945.Xr hosts_options 5 ,
946.Xr login.conf 5 ,
947.Xr netconfig 5 ,
948.Xr passwd 5 ,
949.Xr rpc 5 ,
950.Xr services 5 ,
951.Xr bootpd 8 ,
952.Xr comsat 8 ,
953.Xr fingerd 8 ,
954.Xr ftpd 8 ,
955.Xr imapd 8 Pq Pa ports/mail/courier-imap ,
956.Xr nmbd 8 Pq Pa ports/net/samba412 ,
957.Xr rlogind 8 ,
958.Xr rpc.rquotad 8 ,
959.Xr rpc.rusersd 8 ,
960.Xr rpc.rwalld 8 ,
961.Xr rpc.statd 8 ,
962.Xr rshd 8 ,
963.Xr prometheus_sysctl_exporter 8 ,
964.Xr smbd 8 Pq Pa ports/net/samba412 ,
965.Xr talkd 8 ,
966.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd ,
967.Xr tftpd 8 ,
968.Xr uucpd 8 Pq Pa ports/net/freebsd-uucp
969.Rs
970.%A Michael C. St. Johns
971.%T Identification Protocol
972.%O RFC1413
973.Re
974.Sh HISTORY
975The
976.Nm
977utility appeared in
978.Bx 4.3 .
979TCPMUX is based on code and documentation by Mark Lottor.
980Support for
981ONC RPC-based services is modeled after that
982provided by
983SunOS
9844.1.
985The IPsec hack was contributed by the KAME project in 1999.
986The
987.Fx
988TCP Wrappers support first appeared in
989.Fx 3.2 .
990