xref: /freebsd/usr.sbin/inetd/inetd.8 (revision 3c5ba95ad12285ad37c182a4bfc1b240ec6d18a7)
1.\" Copyright (c) 1985, 1991, 1993, 1994
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     from: @(#)inetd.8	8.3 (Berkeley) 4/13/94
29.\" $FreeBSD$
30.\"
31.Dd January 12, 2008
32.Dt INETD 8
33.Os
34.Sh NAME
35.Nm inetd
36.Nd internet
37.Dq super-server
38.Sh SYNOPSIS
39.Nm
40.Op Fl d
41.Op Fl l
42.Op Fl w
43.Op Fl W
44.Op Fl c Ar maximum
45.Op Fl C Ar rate
46.Op Fl a Ar address | hostname
47.Op Fl p Ar filename
48.Op Fl R Ar rate
49.Op Fl s Ar maximum
50.Op Ar configuration file
51.Sh DESCRIPTION
52The
53.Nm
54utility should be run at boot time by
55.Pa /etc/rc
56(see
57.Xr rc 8 ) .
58It then listens for connections on certain
59internet sockets.
60When a connection is found on one
61of its sockets, it decides what service the socket
62corresponds to, and invokes a program to service the request.
63The server program is invoked with the service socket
64as its standard input, output and error descriptors.
65After the program is
66finished,
67.Nm
68continues to listen on the socket (except in some cases which
69will be described below).
70Essentially,
71.Nm
72allows running one daemon to invoke several others,
73reducing load on the system.
74.Pp
75The following options are available:
76.Bl -tag -width indent
77.It Fl d
78Turn on debugging.
79.It Fl l
80Turn on logging of successful connections.
81.It Fl w
82Turn on TCP Wrapping for external services.
83See the
84.Sx "IMPLEMENTATION NOTES"
85section for more information on TCP Wrappers support.
86.It Fl W
87Turn on TCP Wrapping for internal services which are built in to
88.Nm .
89.It Fl c Ar maximum
90Specify the default maximum number of
91simultaneous invocations of each service;
92the default is unlimited.
93May be overridden on a per-service basis with the "max-child"
94parameter.
95.It Fl C Ar rate
96Specify the default maximum number of times a service can be invoked
97from a single IP address in one minute; the default is unlimited.
98May be overridden on a per-service basis with the
99"max-connections-per-ip-per-minute" parameter.
100.It Fl R Ar rate
101Specify the maximum number of times a service can be invoked
102in one minute; the default is 256.
103A rate of 0 allows an unlimited number of invocations.
104.It Fl s Ar maximum
105Specify the default maximum number of
106simultaneous invocations of each service from a single IP address;
107the default is unlimited.
108May be overridden on a per-service basis with the "max-child-per-ip"
109parameter.
110.It Fl a
111Specify one specific IP address to bind to.
112Alternatively, a hostname can be specified,
113in which case the IPv4 or IPv6 address
114which corresponds to that hostname is used.
115Usually a hostname is specified when
116.Nm
117is run inside a
118.Xr jail 8 ,
119in which case the hostname corresponds to that of the
120.Xr jail 8
121environment.
122.Pp
123When the hostname specification is used
124and both IPv4 and IPv6 bindings are desired,
125one entry with the appropriate
126.Em protocol
127type for each binding
128is required for each service in
129.Pa /etc/inetd.conf .
130For example,
131a TCP-based service would need two entries,
132one using
133.Dq tcp4
134for the
135.Em protocol
136and the other using
137.Dq tcp6 .
138See the explanation of the
139.Pa /etc/inetd.conf
140.Em protocol
141field below.
142.It Fl p
143Specify an alternate file in which to store the process ID.
144.El
145.Pp
146Upon execution,
147.Nm
148reads its configuration information from a configuration
149file which, by default, is
150.Pa /etc/inetd.conf .
151There must be an entry for each field of the configuration
152file, with entries for each field separated by a tab or
153a space.
154Comments are denoted by a
155.Dq #
156at the beginning
157of a line.
158There must be an entry for each field.
159The
160fields of the configuration file are as follows:
161.Pp
162.Bd -unfilled -offset indent -compact
163service-name
164socket-type
165protocol
166{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
167user[:group][/login-class]
168server-program
169server-program-arguments
170.Ed
171.Pp
172To specify an
173.Tn "ONC RPC" Ns -based
174service, the entry would contain these fields:
175.Pp
176.Bd -unfilled -offset indent -compact
177service-name/version
178socket-type
179rpc/protocol
180{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
181user[:group][/login-class]
182server-program
183server-program-arguments
184.Ed
185.Pp
186There are two types of services that
187.Nm
188can start: standard and TCPMUX.
189A standard service has a well-known port assigned to it;
190it may be a service that implements an official Internet standard or is a
191.Bx Ns -specific
192service.
193As described in
194.Tn RFC 1078 ,
195TCPMUX services are nonstandard services that do not have a
196well-known port assigned to them.
197They are invoked from
198.Nm
199when a program connects to the
200.Dq tcpmux
201well-known port and specifies
202the service name.
203This feature is useful for adding locally-developed servers.
204TCPMUX requests are only accepted when the multiplexor service itself
205is enabled, above and beyond and specific TCPMUX-based servers; see the
206discussion of internal services below.
207.Pp
208The
209.Em service-name
210entry is the name of a valid service in
211the file
212.Pa /etc/services ,
213or the specification of a
214.Ux
215domain socket (see below).
216For
217.Dq internal
218services (discussed below), the service
219name
220should
221be the official name of the service (that is, the first entry in
222.Pa /etc/services ) .
223When used to specify an
224.Tn "ONC RPC" Ns -based
225service, this field is a valid RPC service name listed in
226the file
227.Pa /etc/rpc .
228The part on the right of the
229.Dq /
230is the RPC version number.
231This
232can simply be a single numeric argument or a range of versions.
233A range is bounded by the low version to the high version -
234.Dq rusers/1-3 .
235For TCPMUX services, the value of the
236.Em service-name
237field consists of the string
238.Dq tcpmux
239followed by a slash and the
240locally-chosen service name.
241The service names listed in
242.Pa /etc/services
243and the name
244.Dq help
245are reserved.
246Try to choose unique names for your TCPMUX services by prefixing them with
247your organization's name and suffixing them with a version number.
248.Pp
249The
250.Em socket-type
251should be one of
252.Dq stream ,
253.Dq dgram ,
254.Dq raw ,
255.Dq rdm ,
256or
257.Dq seqpacket ,
258depending on whether the socket is a stream, datagram, raw,
259reliably delivered message, or sequenced packet socket.
260TCPMUX services must use
261.Dq stream .
262.Pp
263The
264.Em protocol
265must be a valid protocol or
266.Dq unix .
267Examples are
268.Dq tcp
269or
270.Dq udp ,
271both of which imply IPv4 for backward compatibility.
272The names
273.Dq tcp4
274and
275.Dq udp4
276specify IPv4 only.
277The names
278.Dq tcp6
279and
280.Dq udp6
281specify IPv6 only.
282The names
283.Dq tcp46
284and
285.Dq udp46
286specify that the entry accepts both IPv4 and IPv6 connections
287via a wildcard
288.Dv AF_INET6
289socket.
290Rpc based services
291are specified with the
292.Dq rpc/tcp
293or
294.Dq rpc/udp
295service type.
296One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example
297.Dq rpc/tcp6
298or
299.Dq rpc/udp46 .
300TCPMUX services must use
301.Dq tcp ,
302.Dq tcp4 ,
303.Dq tcp6
304or
305.Dq tcp46 .
306.Pp
307The
308.Em wait/nowait
309entry specifies whether the server that is invoked by
310.Nm
311will take over
312the socket associated with the service access point, and thus whether
313.Nm
314should wait for the server to exit before listening for new service
315requests.
316Datagram servers must use
317.Dq wait ,
318as they are always invoked with the original datagram socket bound
319to the specified service address.
320These servers must read at least one datagram from the socket
321before exiting.
322If a datagram server connects
323to its peer, freeing the socket so
324.Nm
325can receive further messages on the socket, it is said to be
326a
327.Dq multi-threaded
328server;
329it should read one datagram from the socket and create a new socket
330connected to the peer.
331It should fork, and the parent should then exit
332to allow
333.Nm
334to check for new service requests to spawn new servers.
335Datagram servers which process all incoming datagrams
336on a socket and eventually time out are said to be
337.Dq single-threaded .
338The
339.Xr comsat 8
340and
341.Xr talkd 8
342utilities are examples of the latter type of
343datagram server.
344The
345.Xr tftpd 8
346utility is an example of a multi-threaded datagram server.
347.Pp
348Servers using stream sockets generally are multi-threaded and
349use the
350.Dq nowait
351entry.
352Connection requests for these services are accepted by
353.Nm ,
354and the server is given only the newly-accepted socket connected
355to a client of the service.
356Most stream-based services operate in this manner.
357Stream-based servers that use
358.Dq wait
359are started with the listening service socket, and must accept
360at least one connection request before exiting.
361Such a server would normally accept and process incoming connection
362requests until a timeout.
363TCPMUX services must use
364.Dq nowait .
365.Pp
366The maximum number of outstanding child processes (or
367.Dq threads )
368for a
369.Dq nowait
370service may be explicitly specified by appending a
371.Dq /
372followed by the number to the
373.Dq nowait
374keyword.
375Normally
376(or if a value of zero is specified) there is no maximum.
377Otherwise,
378once the maximum is reached, further connection attempts will be
379queued up until an existing child process exits.
380This also works
381in the case of
382.Dq wait
383mode, although a value other than one (the
384default) might not make sense in some cases.
385You can also specify the maximum number of connections per minute
386for a given IP address by appending
387a
388.Dq /
389followed by the number to the maximum number of
390outstanding child processes.
391Once the maximum is reached, further
392connections from this IP address will be dropped until the end of the
393minute.
394In addition, you can specify the maximum number of simultaneous
395invocations of each service from a single IP address by appending a
396.Dq /
397followed by the number to the maximum number of outstanding child
398processes.
399Once the maximum is reached, further connections from this
400IP address will be dropped.
401.Pp
402The
403.Em user
404entry should contain the user name of the user as whom the server
405should run.
406This allows for servers to be given less permission
407than root.
408The optional
409.Em group
410part separated by
411.Dq \&:
412allows a group name other
413than the default group for this user to be specified.
414The optional
415.Em login-class
416part separated by
417.Dq /
418allows specification of a login class other
419than the default
420.Dq daemon
421login class.
422.Pp
423The
424.Em server-program
425entry should contain the pathname of the program which is to be
426executed by
427.Nm
428when a request is found on its socket.
429If
430.Nm
431provides this service internally, this entry should
432be
433.Dq internal .
434.Pp
435The
436.Em server-program-arguments
437entry lists the arguments to be passed to the
438.Em server-program ,
439starting with argv[0], which usually is the name of
440the program.
441If the service is provided internally, the
442.Em service-name
443of the service (and any arguments to it) or the word
444.Dq internal
445should take the place of this entry.
446.Pp
447Currently, the only internal service to take arguments is
448.Dq auth .
449Without options, the service will always return
450.Dq ERROR\ : HIDDEN-USER .
451The available arguments to this service that alter its behavior are:
452.Bl -tag -width indent
453.It Fl d Ar fallback
454Provide a
455.Ar fallback
456username.
457If the real
458.Dq auth
459service is enabled
460(with the
461.Fl r
462option discussed below),
463return this username instead of an error
464when lookups fail
465for either socket credentials or the username.
466If the real
467.Dq auth
468service is disabled,
469return this username for every request.
470This is primarily useful when running this service on a NAT machine.
471.It Fl g
472Instead of returning
473the user's name to the ident requester,
474report a
475username made up of random alphanumeric characters,
476e.g.\&
477.Dq c0c993 .
478The
479.Fl g
480flag overrides not only the user names,
481but also any fallback name,
482.Pa .fakeid
483or
484.Pa .noident
485files.
486.It Fl t Xo
487.Ar sec Ns Op . Ns Ar usec
488.Xc
489Specify a timeout for the service.
490The default timeout is 10.0 seconds.
491.It Fl r
492Offer a real
493.Dq auth
494service, as per RFC 1413.
495All the remaining flags apply only in this case.
496.It Fl i
497Return numeric user IDs instead of usernames.
498.It Fl f
499If the file
500.Pa .fakeid
501exists in the home directory of the identified user, report the username
502found in that file instead of the real username.
503If the username found in
504.Pa .fakeid
505is that of an existing user,
506then the real username is reported.
507If the
508.Fl i
509flag is also given then the username in
510.Pa .fakeid
511is checked against existing user IDs instead.
512.It Fl F
513same as
514.Fl f
515but without the restriction that the username in
516.Pa .fakeid
517must not match an existing user.
518.It Fl n
519If the file
520.Pa .noident
521exists in the home directory of the identified user, return
522.Dq ERROR\ : HIDDEN-USER .
523This overrides any
524.Pa fakeid
525file which might exist.
526.It Fl o Ar osname
527Use
528.Ar osname
529instead of the name of the system as reported by
530.Xr uname 3 .
531.El
532.Pp
533The
534.Nm
535utility also provides several other
536.Dq trivial
537services internally by use of
538routines within itself.
539These services are
540.Dq echo ,
541.Dq discard ,
542.Dq chargen
543(character generator),
544.Dq daytime
545(human readable time), and
546.Dq time
547(machine readable time, in the form of the number of seconds since
548midnight, January 1, 1900).
549All of these services are available in
550both TCP and UDP versions; the UDP versions will refuse service if the
551request specifies a reply port corresponding to any internal service.
552(This is done as a defense against looping attacks; the remote IP address
553is logged.)
554For details of these services, consult the
555appropriate
556.Tn RFC
557document.
558.Pp
559The TCPMUX-demultiplexing service is also implemented as an internal service.
560For any TCPMUX-based service to function, the following line must be included
561in
562.Pa inetd.conf :
563.Bd -literal -offset indent
564tcpmux	stream	tcp	nowait	root	internal
565.Ed
566.Pp
567When given the
568.Fl l
569option
570.Nm
571will log an entry to syslog each time a connection is accepted, noting the
572service selected and the IP-number of the remote requester if available.
573Unless otherwise specified in the configuration file,
574and in the absence of the
575.Fl W
576and
577.Fl w
578options,
579.Nm
580will log to the
581.Dq daemon
582facility.
583.Pp
584The
585.Nm
586utility rereads its configuration file when it receives a hangup signal,
587.Dv SIGHUP .
588Services may be added, deleted or modified when the configuration file
589is reread.
590Except when started in debugging mode,
591or configured otherwise with the
592.Fl p
593option,
594.Nm
595records its process ID in the file
596.Pa /var/run/inetd.pid
597to assist in reconfiguration.
598.Sh IMPLEMENTATION NOTES
599.Ss TCP Wrappers
600When given the
601.Fl w
602option,
603.Nm
604will wrap all services specified as
605.Dq stream nowait
606or
607.Dq dgram
608except for
609.Dq internal
610services.
611If the
612.Fl W
613option is given, such
614.Dq internal
615services will be wrapped.
616If both options are given, wrapping for both
617internal and external services will be enabled.
618Either wrapping option
619will cause failed connections to be logged to the
620.Dq auth
621syslog facility.
622Adding the
623.Fl l
624flag to the wrapping options will include successful connections in the
625logging to the
626.Dq auth
627facility.
628.Pp
629Note that
630.Nm
631only wraps requests for a
632.Dq wait
633service while no servers are available to service requests.
634Once a
635connection to such a service has been allowed,
636.Nm
637has no control
638over subsequent connections to the service until no more servers
639are left listening for connection requests.
640.Pp
641When wrapping is enabled, the
642.Pa tcpd
643daemon is not required, as that functionality is builtin.
644For more information on TCP Wrappers, see the relevant documentation
645.Pq Xr hosts_access 5 .
646When reading that document, keep in mind that
647.Dq internal
648services have no associated daemon name.
649Therefore, the service name
650as specified in
651.Pa inetd.conf
652should be used as the daemon name for
653.Dq internal
654services.
655.Ss TCPMUX
656.Tn RFC 1078
657describes the TCPMUX protocol:
658``A TCP client connects to a foreign host on TCP port 1.
659It sends the
660service name followed by a carriage-return line-feed <CRLF>.
661The
662service name is never case sensitive.
663The server replies with a
664single character indicating positive (+) or negative (\-)
665acknowledgment, immediately followed by an optional message of
666explanation, terminated with a <CRLF>.
667If the reply was positive,
668the selected protocol begins; otherwise the connection is closed.''
669The program is passed the TCP connection as file descriptors 0 and 1.
670.Pp
671If the TCPMUX service name begins with a
672.Dq + ,
673.Nm
674returns the positive reply for the program.
675This allows you to invoke programs that use stdin/stdout
676without putting any special server code in them.
677.Pp
678The special service name
679.Dq help
680causes
681.Nm
682to list the TCPMUX services which are enabled in
683.Pa inetd.conf .
684.Ss IPsec
685The implementation includes a tiny hack
686to support IPsec policy settings for each socket.
687A special form of comment line, starting with
688.Dq Li #@ ,
689is interpreted as a policy specifier.
690Everything after the
691.Dq Li #@
692will be used as an IPsec policy string,
693as described in
694.Xr ipsec_set_policy 3 .
695Each
696policy specifier is applied to all the following lines in
697.Pa inetd.conf
698until the next policy specifier.
699An empty policy specifier resets the IPsec policy.
700.Pp
701If an invalid IPsec policy specifier appears in
702.Pa inetd.conf ,
703.Nm
704will provide an error message via the
705.Xr syslog 3
706interface and abort execution.
707.Ss Ux Domain Sockets
708In addition to running services on IP sockets,
709.Nm
710can also manage
711.Ux
712domain sockets.
713To do this you specify a
714.Em protocol
715of
716.Dq unix
717and specify the
718.Ux
719domain socket as the
720.Em service-name .
721The
722.Em service-type
723may be
724.Dq stream
725or
726.Dq dgram .
727The specification of the socket must be
728an absolute path name,
729optionally prefixed by an owner and mode
730of the form
731.Em :user:group:mode: .
732The specification:
733.Pp
734.Dl ":news:daemon:220:/var/run/sock"
735.Pp
736creates a socket owned
737by user
738.Dq news
739in group
740.Dq daemon
741with permissions allowing only that user and group to connect.
742The default owner is the user that
743.Nm
744is running as.
745The default mode only allows the socket's owner to connect.
746.Pp
747.Sy WARNING :
748while creating a
749.Ux
750domain socket,
751.Nm
752must change the ownership and permissions on the socket.
753This can only be done securely if
754the directory in which the socket is created
755is writable only by root.
756Do
757.Em NOT
758use
759.Nm
760to create sockets in world writable directories
761such as
762.Pa /tmp ;
763use
764.Pa /var/run
765or a similar directory instead.
766.Pp
767Internal services may be run on
768.Ux
769domain sockets, in the usual way.
770In this case
771the name of the internal service
772is determined using
773the last component of the socket's pathname.
774For example, specifying a socket named
775.Pa /var/run/chargen
776would invoke the
777.Dq chargen
778service when a connection is received on that socket.
779.Sh "FILES"
780.Bl -tag -width /var/run/inetd.pid -compact
781.It Pa /etc/inetd.conf
782configuration file
783.It Pa /etc/netconfig
784network configuration data base
785.It Pa /etc/rpc
786translation of service names to RPC program numbers
787.It Pa /etc/services
788translation of service names to port numbers
789.It Pa /var/run/inetd.pid
790the pid of the currently running
791.Nm
792.El
793.Sh "EXAMPLES"
794Here are several example service entries for the various types of services:
795.Bd -literal
796ftp          stream  tcp   nowait root  /usr/libexec/ftpd        ftpd -l
797ntalk        dgram   udp   wait   root  /usr/libexec/ntalkd      ntalkd
798telnet       stream  tcp6  nowait root  /usr/libexec/telnetd  telnetd
799shell        stream  tcp46  nowait root  /usr/libexec/rshd rshd
800tcpmux/+date stream  tcp   nowait guest /bin/date                date
801tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook
802rstatd/1-3   dgram   rpc/udp wait root  /usr/libexec/rpc.rstatd  rpc.rstatd
803/var/run/echo stream unix  nowait root	internal
804#@ ipsec ah/require
805chargen      stream  tcp   nowait root  internal
806#@
807.Ed
808.Sh "ERROR MESSAGES"
809The
810.Nm
811server
812logs error messages using
813.Xr syslog 3 .
814Important error messages and their explanations are:
815.Pp
816.Bl -ohang -compact
817.It Xo
818.Ar service Ns / Ns Ar protocol
819.No "server failing (looping), service terminated."
820.Xc
821The number of requests for the specified service in the past minute
822exceeded the limit.
823The limit exists to prevent a broken program
824or a malicious user from swamping the system.
825This message may occur for several reasons:
826.Bl -enum -offset indent
827.It
828There are many hosts requesting the service within a short time period.
829.It
830A broken client program is requesting the service too frequently.
831.It
832A malicious user is running a program to invoke the service in
833a denial-of-service attack.
834.It
835The invoked service program has an error that causes clients
836to retry quickly.
837.El
838.Pp
839Use the
840.Fl R Ar rate
841option,
842as described above, to change the rate limit.
843Once the limit is reached, the service will be
844reenabled automatically in 10 minutes.
845.Pp
846.It Xo
847.Ar service Ns / Ns Ar protocol :
848.No \&No such user
849.Ar user ,
850.No service ignored
851.Xc
852.It Xo
853.Ar service Ns / Ns Ar protocol :
854.No getpwnam :
855.Ar user :
856.No \&No such user
857.Xc
858No entry for
859.Ar user
860exists in the
861.Xr passwd 5
862database.
863The first message
864occurs when
865.Nm
866(re)reads the configuration file.
867The second message occurs when the
868service is invoked.
869.Pp
870.It Xo
871.Ar service :
872.No can't set uid
873.Ar uid
874.Xc
875.It Xo
876.Ar service :
877.No can't set gid
878.Ar gid
879.Xc
880The user or group ID for the entry's
881.Ar user
882field is invalid.
883.Pp
884.It "setsockopt(SO_PRIVSTATE): Operation not supported"
885The
886.Nm
887utility attempted to renounce the privileged state associated with a
888socket but was unable to.
889.Pp
890.It Xo unknown
891.Ar rpc/udp
892or
893.Ar rpc/tcp
894.Xc
895No entry was found for either
896.Ar udp
897or
898.Ar tcp
899in the
900.Xr netconfig 5
901database.
902.Pp
903.It Xo unknown
904.Ar rpc/udp6
905or
906.Ar rpc/tcp6
907.Xc
908No entry was found for either
909.Ar udp6
910or
911.Ar tcp6
912in the
913.Xr netconfig 5
914database.
915.El
916.Sh SEE ALSO
917.Xr ipsec_set_policy 3 ,
918.Xr hosts_access 5 ,
919.Xr hosts_options 5 ,
920.Xr login.conf 5 ,
921.Xr netconfig 5 ,
922.Xr passwd 5 ,
923.Xr rpc 5 ,
924.Xr services 5 ,
925.Xr comsat 8 ,
926.Xr fingerd 8 ,
927.Xr ftpd 8 ,
928.Xr rlogind 8 ,
929.Xr rpcbind 8 ,
930.Xr rshd 8 ,
931.Xr talkd 8 ,
932.Xr telnetd 8 ,
933.Xr tftpd 8
934.Rs
935.%A Michael C. St. Johns
936.%T Identification Protocol
937.%O RFC1413
938.Re
939.Sh HISTORY
940The
941.Nm
942utility appeared in
943.Bx 4.3 .
944TCPMUX is based on code and documentation by Mark Lottor.
945Support for
946.Tn "ONC RPC"
947based services is modeled after that
948provided by
949.Tn SunOS
9504.1.
951The IPsec hack was contributed by the KAME project in 1999.
952The
953.Fx
954TCP Wrappers support first appeared in
955.Fx 3.2 .
956