1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 29.\" $FreeBSD$ 30.\" 31.Dd September 29, 2022 32.Dt INETD 8 33.Os 34.Sh NAME 35.Nm inetd 36.Nd internet 37.Dq super-server 38.Sh SYNOPSIS 39.Nm 40.Op Fl dlWw 41.Op Fl a Ar address 42.Op Fl C Ar rate 43.Op Fl c Ar maximum 44.Op Fl p Ar filename 45.Op Fl R Ar rate 46.Op Fl s Ar maximum 47.Op Ar configuration_file 48.Sh DESCRIPTION 49The 50.Nm 51utility should be run at boot time by 52.Pa /etc/rc 53(see 54.Xr rc 8 ) . 55It then listens for connections on certain 56internet sockets. 57When a connection is found on one 58of its sockets, it decides what service the socket 59corresponds to, and invokes a program to service the request. 60The server program is invoked with the service socket 61as its standard input, output and error descriptors. 62After the program is 63finished, 64.Nm 65continues to listen on the socket (except in some cases which 66will be described below). 67Essentially, 68.Nm 69allows running one daemon to invoke several others, 70reducing load on the system. 71.Pp 72The following options are available: 73.Bl -tag -width indent 74.It Fl a Ar address 75Specify one specific IP address to bind to. 76Alternatively, a hostname can be specified, 77in which case the IPv4 or IPv6 address 78which corresponds to that hostname is used. 79Usually a hostname is specified when 80.Nm 81is run inside a 82.Xr jail 8 , 83in which case the hostname corresponds to that of the 84.Xr jail 8 85environment. 86.Pp 87When the hostname specification is used 88and both IPv4 and IPv6 bindings are desired, 89one entry with the appropriate 90.Em protocol 91type for each binding 92is required for each service in 93.Pa /etc/inetd.conf . 94For example, 95a TCP-based service would need two entries, 96one using 97.Dq tcp4 98for the 99.Em protocol 100and the other using 101.Dq tcp6 . 102See the explanation of the 103.Pa /etc/inetd.conf 104.Em protocol 105field below. 106.It Fl C Ar rate 107Specify the default maximum number of times a service can be invoked 108from a single IP address in one minute; the default is unlimited. 109May be overridden on a per-service basis with the 110"max-connections-per-ip-per-minute" parameter. 111.It Fl c Ar maximum 112Specify the default maximum number of 113simultaneous invocations of each service; 114the default is unlimited. 115May be overridden on a per-service basis with the "max-child" 116parameter. 117.It Fl d 118Turn on debugging. 119.It Fl l 120Turn on logging of successful connections. 121.It Fl p 122Specify an alternate file in which to store the process ID. 123.It Fl R Ar rate 124Specify the maximum number of times a service can be invoked 125in one minute; the default is 256. 126A rate of 0 allows an unlimited number of invocations. 127.It Fl s Ar maximum 128Specify the default maximum number of 129simultaneous invocations of each service from a single IP address; 130the default is unlimited. 131May be overridden on a per-service basis with the "max-child-per-ip" 132parameter. 133.It Fl W 134Turn on TCP Wrapping for internal services which are built in to 135.Nm . 136.It Fl w 137Turn on TCP Wrapping for external services. 138See the 139.Sx "IMPLEMENTATION NOTES" 140section for more information on TCP Wrappers support. 141.El 142.Pp 143Upon execution, 144.Nm 145reads its configuration information from a configuration 146file which, by default, is 147.Pa /etc/inetd.conf . 148There must be an entry for each field of the configuration 149file, with entries for each field separated by a tab or 150a space. 151Comments are denoted by a 152.Dq # 153at the beginning 154of a line. 155There must be an entry for each field. 156The 157fields of the configuration file are as follows: 158.Pp 159.Bd -unfilled -offset indent -compact 160service-name 161socket-type 162protocol 163{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] 164user[:group][/login-class] 165server-program 166server-program-arguments 167.Ed 168.Pp 169To specify an 170ONC RPC-based 171service, the entry would contain these fields: 172.Pp 173.Bd -unfilled -offset indent -compact 174service-name/version 175socket-type 176rpc/protocol 177{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] 178user[:group][/login-class] 179server-program 180server-program-arguments 181.Ed 182.Pp 183There are two types of services that 184.Nm 185can start: standard and TCPMUX. 186A standard service has a well-known port assigned to it; 187it may be a service that implements an official Internet standard or is a 188.Bx Ns -specific 189service. 190As described in 191RFC 1078, 192TCPMUX services are nonstandard services that do not have a 193well-known port assigned to them. 194They are invoked from 195.Nm 196when a program connects to the 197.Dq tcpmux 198well-known port and specifies 199the service name. 200This feature is useful for adding locally-developed servers. 201TCPMUX requests are only accepted when the multiplexor service itself 202is enabled, above and beyond and specific TCPMUX-based servers; see the 203discussion of internal services below. 204.Pp 205The 206.Em service-name 207entry is the name of a valid service in 208the file 209.Pa /etc/services , 210or the specification of a 211.Ux 212domain socket (see below). 213For 214.Dq internal 215services (discussed below), the service 216name 217should 218be the official name of the service (that is, the first entry in 219.Pa /etc/services ) . 220When used to specify an 221ONC RPC-based 222service, this field is a valid RPC service name listed in 223the file 224.Pa /etc/rpc . 225The part on the right of the 226.Dq / 227is the RPC version number. 228This 229can simply be a single numeric argument or a range of versions. 230A range is bounded by the low version to the high version - 231.Dq rusers/1-3 . 232For TCPMUX services, the value of the 233.Em service-name 234field consists of the string 235.Dq tcpmux 236followed by a slash and the 237locally-chosen service name. 238The service names listed in 239.Pa /etc/services 240and the name 241.Dq help 242are reserved. 243Try to choose unique names for your TCPMUX services by prefixing them with 244your organization's name and suffixing them with a version number. 245.Pp 246The 247.Em socket-type 248should be one of 249.Dq stream , 250.Dq dgram , 251.Dq raw , 252.Dq rdm , 253or 254.Dq seqpacket , 255depending on whether the socket is a stream, datagram, raw, 256reliably delivered message, or sequenced packet socket. 257TCPMUX services must use 258.Dq stream . 259.Pp 260The 261.Em protocol 262must be a valid protocol or 263.Dq unix . 264Examples are 265.Dq tcp 266or 267.Dq udp , 268both of which imply IPv4 for backward compatibility. 269The names 270.Dq tcp4 271and 272.Dq udp4 273specify IPv4 only. 274The names 275.Dq tcp6 276and 277.Dq udp6 278specify IPv6 only. 279The names 280.Dq tcp46 281and 282.Dq udp46 283specify that the entry accepts both IPv4 and IPv6 connections 284via a wildcard 285.Dv AF_INET6 286socket. 287Rpc based services 288are specified with the 289.Dq rpc/tcp 290or 291.Dq rpc/udp 292service type. 293One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example 294.Dq rpc/tcp6 295or 296.Dq rpc/udp46 . 297TCPMUX services must use 298.Dq tcp , 299.Dq tcp4 , 300.Dq tcp6 301or 302.Dq tcp46 . 303.Pp 304The 305.Em wait/nowait 306entry specifies whether the server that is invoked by 307.Nm 308will take over 309the socket associated with the service access point, and thus whether 310.Nm 311should wait for the server to exit before listening for new service 312requests. 313Datagram servers must use 314.Dq wait , 315as they are always invoked with the original datagram socket bound 316to the specified service address. 317These servers must read at least one datagram from the socket 318before exiting. 319If a datagram server connects 320to its peer, freeing the socket so 321.Nm 322can receive further messages on the socket, it is said to be 323a 324.Dq multi-threaded 325server; 326it should read one datagram from the socket and create a new socket 327connected to the peer. 328It should fork, and the parent should then exit 329to allow 330.Nm 331to check for new service requests to spawn new servers. 332Datagram servers which process all incoming datagrams 333on a socket and eventually time out are said to be 334.Dq single-threaded . 335The 336.Xr comsat 8 337and 338.Xr talkd 8 339utilities are examples of the latter type of 340datagram server. 341The 342.Xr tftpd 8 343utility is an example of a multi-threaded datagram server. 344.Pp 345Servers using stream sockets generally are multi-threaded and 346use the 347.Dq nowait 348entry. 349Connection requests for these services are accepted by 350.Nm , 351and the server is given only the newly-accepted socket connected 352to a client of the service. 353Most stream-based services operate in this manner. 354Stream-based servers that use 355.Dq wait 356are started with the listening service socket, and must accept 357at least one connection request before exiting. 358Such a server would normally accept and process incoming connection 359requests until a timeout. 360TCPMUX services must use 361.Dq nowait . 362.Pp 363The maximum number of outstanding child processes (or 364.Dq threads ) 365for a 366.Dq nowait 367service may be explicitly specified by appending a 368.Dq / 369followed by the number to the 370.Dq nowait 371keyword. 372Normally 373(or if a value of zero is specified) there is no maximum. 374Otherwise, 375once the maximum is reached, further connection attempts will be 376queued up until an existing child process exits. 377This also works 378in the case of 379.Dq wait 380mode, although a value other than one (the 381default) might not make sense in some cases. 382You can also specify the maximum number of connections per minute 383for a given IP address by appending 384a 385.Dq / 386followed by the number to the maximum number of 387outstanding child processes. 388Once the maximum is reached, further 389connections from this IP address will be dropped until the end of the 390minute. 391In addition, you can specify the maximum number of simultaneous 392invocations of each service from a single IP address by appending a 393.Dq / 394followed by the number to the maximum number of outstanding child 395processes. 396Once the maximum is reached, further connections from this 397IP address will be dropped. 398.Pp 399The 400.Em user 401entry should contain the user name of the user as whom the server 402should run. 403This allows for servers to be given less permission 404than root. 405The optional 406.Em group 407part separated by 408.Dq \&: 409allows a group name other 410than the default group for this user to be specified. 411The optional 412.Em login-class 413part separated by 414.Dq / 415allows specification of a login class other 416than the default 417.Dq daemon 418login class. 419.Pp 420The 421.Em server-program 422entry should contain the pathname of the program which is to be 423executed by 424.Nm 425when a request is found on its socket. 426If 427.Nm 428provides this service internally, this entry should 429be 430.Dq internal . 431.Pp 432The 433.Em server-program-arguments 434entry lists the arguments to be passed to the 435.Em server-program , 436starting with argv[0], which usually is the name of 437the program. 438If the service is provided internally, the 439.Em service-name 440of the service (and any arguments to it) or the word 441.Dq internal 442should take the place of this entry. 443.Pp 444Currently, the only internal service to take arguments is 445.Dq auth . 446Without options, the service will always return 447.Dq ERROR\ : HIDDEN-USER . 448The available arguments to this service that alter its behavior are: 449.Bl -tag -width indent 450.It Fl d Ar fallback 451Provide a 452.Ar fallback 453username. 454If the real 455.Dq auth 456service is enabled 457(with the 458.Fl r 459option discussed below), 460return this username instead of an error 461when lookups fail 462for either socket credentials or the username. 463If the real 464.Dq auth 465service is disabled, 466return this username for every request. 467This is primarily useful when running this service on a NAT machine. 468.It Fl F 469Same as 470.Fl f 471but without the restriction that the username in 472.Pa .fakeid 473must not match an existing user. 474.It Fl f 475If the file 476.Pa .fakeid 477exists in the home directory of the identified user, report the username 478found in that file instead of the real username. 479If the username found in 480.Pa .fakeid 481is that of an existing user, 482then the real username is reported. 483If the 484.Fl i 485flag is also given then the username in 486.Pa .fakeid 487is checked against existing user IDs instead. 488.It Fl g 489Instead of returning 490the user's name to the ident requester, 491report a 492username made up of random alphanumeric characters, 493e.g., 494.Dq c0c993 . 495The 496.Fl g 497flag overrides not only the user names, 498but also any fallback name, 499.Pa .fakeid 500or 501.Pa .noident 502files. 503.It Fl i 504Return numeric user IDs instead of usernames. 505.It Fl n 506If the file 507.Pa .noident 508exists in the home directory of the identified user, return 509.Dq ERROR\ : HIDDEN-USER . 510This overrides any 511.Pa fakeid 512file which might exist. 513.It Fl o Ar osname 514Use 515.Ar osname 516instead of the name of the system as reported by 517.Xr uname 3 . 518.It Fl r 519Offer a real 520.Dq auth 521service, as per RFC 1413. 522All the remaining flags apply only in this case. 523.It Fl t Xo 524.Ar sec Ns Op Cm \&. Ns Ar usec 525.Xc 526Specify a timeout for the service. 527The default timeout is 10.0 seconds. 528.El 529.Pp 530The 531.Nm 532utility also provides several other 533.Dq trivial 534services internally by use of 535routines within itself. 536These services are 537.Dq echo , 538.Dq discard , 539.Dq chargen 540(character generator), 541.Dq daytime 542(human readable time), and 543.Dq time 544(machine readable time, in the form of the number of seconds since 545midnight, January 1, 1900). 546All of these services are available in 547both TCP and UDP versions; the UDP versions will refuse service if the 548request specifies a reply port corresponding to any internal service. 549(This is done as a defense against looping attacks; the remote IP address 550is logged.) 551For details of these services, consult the 552appropriate 553RFC 554document. 555.Pp 556The TCPMUX-demultiplexing service is also implemented as an internal service. 557For any TCPMUX-based service to function, the following line must be included 558in 559.Pa inetd.conf : 560.Bd -literal -offset indent 561tcpmux stream tcp nowait root internal 562.Ed 563.Pp 564When given the 565.Fl l 566option 567.Nm 568will log an entry to syslog each time a connection is accepted, noting the 569service selected and the IP-number of the remote requester if available. 570Unless otherwise specified in the configuration file, 571and in the absence of the 572.Fl W 573and 574.Fl w 575options, 576.Nm 577will log to the 578.Dq daemon 579facility. 580.Pp 581The 582.Nm 583utility rereads its configuration file when it receives a hangup signal, 584.Dv SIGHUP . 585Services may be added, deleted or modified when the configuration file 586is reread. 587Except when started in debugging mode, 588or configured otherwise with the 589.Fl p 590option, 591.Nm 592records its process ID in the file 593.Pa /var/run/inetd.pid 594to assist in reconfiguration. 595.Sh IMPLEMENTATION NOTES 596.Ss TCP Wrappers 597When given the 598.Fl w 599option, 600.Nm 601will wrap all services specified as 602.Dq stream nowait 603or 604.Dq dgram 605except for 606.Dq internal 607services. 608If the 609.Fl W 610option is given, such 611.Dq internal 612services will be wrapped. 613If both options are given, wrapping for both 614internal and external services will be enabled. 615Either wrapping option 616will cause failed connections to be logged to the 617.Dq auth 618syslog facility. 619Adding the 620.Fl l 621flag to the wrapping options will include successful connections in the 622logging to the 623.Dq auth 624facility. 625.Pp 626Note that 627.Nm 628only wraps requests for a 629.Dq wait 630service while no servers are available to service requests. 631Once a 632connection to such a service has been allowed, 633.Nm 634has no control 635over subsequent connections to the service until no more servers 636are left listening for connection requests. 637.Pp 638When wrapping is enabled, the 639.Pa tcpd 640daemon is not required, as that functionality is builtin. 641For more information on TCP Wrappers, see the relevant documentation 642.Pq Xr hosts_access 5 . 643When reading that document, keep in mind that 644.Dq internal 645services have no associated daemon name. 646Therefore, the service name 647as specified in 648.Pa inetd.conf 649should be used as the daemon name for 650.Dq internal 651services. 652.Ss TCPMUX 653RFC 1078 654describes the TCPMUX protocol: 655``A TCP client connects to a foreign host on TCP port 1. 656It sends the 657service name followed by a carriage-return line-feed <CRLF>. 658The 659service name is never case sensitive. 660The server replies with a 661single character indicating positive (+) or negative (\-) 662acknowledgment, immediately followed by an optional message of 663explanation, terminated with a <CRLF>. 664If the reply was positive, 665the selected protocol begins; otherwise the connection is closed.'' 666The program is passed the TCP connection as file descriptors 0 and 1. 667.Pp 668If the TCPMUX service name begins with a 669.Dq + , 670.Nm 671returns the positive reply for the program. 672This allows you to invoke programs that use stdin/stdout 673without putting any special server code in them. 674.Pp 675The special service name 676.Dq help 677causes 678.Nm 679to list the TCPMUX services which are enabled in 680.Pa inetd.conf . 681.Ss IPsec 682The implementation includes a tiny hack 683to support IPsec policy settings for each socket. 684A special form of comment line, starting with 685.Dq Li #@ , 686is interpreted as a policy specifier. 687Everything after the 688.Dq Li #@ 689will be used as an IPsec policy string, 690as described in 691.Xr ipsec_set_policy 3 . 692Each 693policy specifier is applied to all the following lines in 694.Pa inetd.conf 695until the next policy specifier. 696An empty policy specifier resets the IPsec policy. 697.Pp 698If an invalid IPsec policy specifier appears in 699.Pa inetd.conf , 700.Nm 701will provide an error message via the 702.Xr syslog 3 703interface and abort execution. 704.Ss Ux Domain Sockets 705In addition to running services on IP sockets, 706.Nm 707can also manage 708.Ux 709domain sockets. 710To do this you specify a 711.Em protocol 712of 713.Dq unix 714and specify the 715.Ux 716domain socket as the 717.Em service-name . 718The 719.Em service-type 720may be 721.Dq stream 722or 723.Dq dgram . 724The specification of the socket must be 725an absolute path name, 726optionally prefixed by an owner and mode 727of the form 728.Em ":user:group:mode\&:" . 729The specification: 730.Pp 731.Dl ":news:daemon:220:/var/run/sock" 732.Pp 733creates a socket owned 734by user 735.Dq news 736in group 737.Dq daemon 738with permissions allowing only that user and group to connect. 739The default owner is the user that 740.Nm 741is running as. 742The default mode only allows the socket's owner to connect. 743.Pp 744.Sy WARNING : 745while creating a 746.Ux 747domain socket, 748.Nm 749must change the ownership and permissions on the socket. 750This can only be done securely if 751the directory in which the socket is created 752is writable only by root. 753Do 754.Em NOT 755use 756.Nm 757to create sockets in world writable directories 758such as 759.Pa /tmp ; 760use 761.Pa /var/run 762or a similar directory instead. 763.Pp 764Internal services may be run on 765.Ux 766domain sockets, in the usual way. 767In this case 768the name of the internal service 769is determined using 770the last component of the socket's pathname. 771For example, specifying a socket named 772.Pa /var/run/chargen 773would invoke the 774.Dq chargen 775service when a connection is received on that socket. 776.Sh "FILES" 777.Bl -tag -width /var/run/inetd.pid -compact 778.It Pa /etc/inetd.conf 779configuration file 780.It Pa /etc/netconfig 781network configuration data base 782.It Pa /etc/rpc 783translation of service names to RPC program numbers 784.It Pa /etc/services 785translation of service names to port numbers 786.It Pa /var/run/inetd.pid 787the pid of the currently running 788.Nm 789.El 790.Sh "EXAMPLES" 791Examples for a variety of services are available in 792.Pa /etc/inetd.conf . 793.Pp 794It includes examples for 795.Nm bootpd , 796.Nm comsat , 797.Nm cvs , 798.Nm date , 799.Nm fingerd , 800.Nm ftpd , 801.Nm imapd , 802.Nm nc , 803.Nm nmbd , 804.Nm nntpd , 805.Nm rlogind , 806.Nm rpc.rquotad , 807.Nm rpc.rusersd , 808.Nm rpc.rwalld , 809.Nm rpc.statd , 810.Nm rpc.sprayd , 811.Nm rshd , 812.Nm prometheus_sysctl_exporter , 813.Nm smtpd , 814.Nm smbd , 815.Nm swat 816.Nm talkd , 817.Nm telnetd , 818.Nm tftpd , 819.Nm uucpd . 820.Pp 821The internal services provided by 822.Nm 823for daytime, time, echo, discard and chargen are also 824included, as well as chargen for 825.Nm ipsec 826Authentication Headers 827.Pp 828Examples for handling auth requests via 829.Nm identd , 830are similarly included. 831.Sh "ERROR MESSAGES" 832The 833.Nm 834server 835logs error messages using 836.Xr syslog 3 . 837Important error messages and their explanations are: 838.Pp 839.Bl -ohang -compact 840.It Xo 841.Ar service Ns / Ns Ar protocol 842.No "server failing (looping), service terminated." 843.Xc 844The number of requests for the specified service in the past minute 845exceeded the limit. 846The limit exists to prevent a broken program 847or a malicious user from swamping the system. 848This message may occur for several reasons: 849.Bl -enum -offset indent 850.It 851There are many hosts requesting the service within a short time period. 852.It 853A broken client program is requesting the service too frequently. 854.It 855A malicious user is running a program to invoke the service in 856a denial-of-service attack. 857.It 858The invoked service program has an error that causes clients 859to retry quickly. 860.El 861.Pp 862Use the 863.Fl R Ar rate 864option, 865as described above, to change the rate limit. 866Once the limit is reached, the service will be 867reenabled automatically in 10 minutes. 868.Pp 869.It Xo 870.Ar service Ns / Ns Ar protocol : 871.No \&No such user 872.Ar user , 873.No service ignored 874.Xc 875.It Xo 876.Ar service Ns / Ns Ar protocol : 877.No getpwnam : 878.Ar user : 879.No \&No such user 880.Xc 881No entry for 882.Ar user 883exists in the 884.Xr passwd 5 885database. 886The first message 887occurs when 888.Nm 889(re)reads the configuration file. 890The second message occurs when the 891service is invoked. 892.Pp 893.It Xo 894.Ar service : 895.No can't set uid 896.Ar uid 897.Xc 898.It Xo 899.Ar service : 900.No can't set gid 901.Ar gid 902.Xc 903The user or group ID for the entry's 904.Ar user 905field is invalid. 906.Pp 907.It "setsockopt(SO_PRIVSTATE): Operation not supported" 908The 909.Nm 910utility attempted to renounce the privileged state associated with a 911socket but was unable to. 912.Pp 913.It Xo unknown 914.Ar rpc/udp 915or 916.Ar rpc/tcp 917.Xc 918No entry was found for either 919.Ar udp 920or 921.Ar tcp 922in the 923.Xr netconfig 5 924database. 925.Pp 926.It Xo unknown 927.Ar rpc/udp6 928or 929.Ar rpc/tcp6 930.Xc 931No entry was found for either 932.Ar udp6 933or 934.Ar tcp6 935in the 936.Xr netconfig 5 937database. 938.El 939.Sh SEE ALSO 940.Xr cvs 1 Pq Pa ports/devel/opencvs , 941.Xr date 1 , 942.Xr nc 1 , 943.Xr ipsec_set_policy 3 , 944.Xr ipsec 4 , 945.Xr hosts_access 5 , 946.Xr hosts_options 5 , 947.Xr login.conf 5 , 948.Xr netconfig 5 , 949.Xr passwd 5 , 950.Xr rpc 5 , 951.Xr services 5 , 952.Xr bootpd 8 , 953.Xr comsat 8 , 954.Xr fingerd 8 , 955.Xr ftpd 8 , 956.Xr imapd 8 Pq Pa ports/mail/courier-imap , 957.Xr nmbd 8 Pq Pa ports/net/samba412 , 958.Xr rlogind 8 , 959.Xr rpc.rquotad 8 , 960.Xr rpc.rusersd 8 , 961.Xr rpc.rwalld 8 , 962.Xr rpc.statd 8 , 963.Xr rshd 8 , 964.Xr prometheus_sysctl_exporter 8 , 965.Xr smbd 8 Pq Pa ports/net/samba412 , 966.Xr talkd 8 , 967.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd , 968.Xr tftpd 8 , 969.Xr uucpd 8 Pq Pa ports/net/freebsd-uucp 970.Rs 971.%A Michael C. St. Johns 972.%T Identification Protocol 973.%O RFC1413 974.Re 975.Sh HISTORY 976The 977.Nm 978utility appeared in 979.Bx 4.3 . 980TCPMUX is based on code and documentation by Mark Lottor. 981Support for 982ONC RPC-based services is modeled after that 983provided by 984SunOS 9854.1. 986The IPsec hack was contributed by the KAME project in 1999. 987The 988.Fx 989TCP Wrappers support first appeared in 990.Fx 3.2 . 991