xref: /freebsd/usr.sbin/inetd/inetd.8 (revision d30a1689f5b37e78ea189232a8b94a7011dc0dc8)
1.\" Copyright (c) 1985, 1991, 1993, 1994
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"     from: @(#)inetd.8	8.3 (Berkeley) 4/13/94
29.\" $FreeBSD$
30.\"
31.Dd September 29, 2022
32.Dt INETD 8
33.Os
34.Sh NAME
35.Nm inetd
36.Nd internet
37.Dq super-server
38.Sh SYNOPSIS
39.Nm
40.Op Fl dlWw
41.Op Fl a Ar address
42.Op Fl C Ar rate
43.Op Fl c Ar maximum
44.Op Fl p Ar filename
45.Op Fl R Ar rate
46.Op Fl s Ar maximum
47.Op Ar configuration_file
48.Sh DESCRIPTION
49The
50.Nm
51utility should be run at boot time by
52.Pa /etc/rc
53(see
54.Xr rc 8 ) .
55It then listens for connections on certain
56internet sockets.
57When a connection is found on one
58of its sockets, it decides what service the socket
59corresponds to, and invokes a program to service the request.
60The server program is invoked with the service socket
61as its standard input, output and error descriptors.
62After the program is
63finished,
64.Nm
65continues to listen on the socket (except in some cases which
66will be described below).
67Essentially,
68.Nm
69allows running one daemon to invoke several others,
70reducing load on the system.
71.Pp
72The following options are available:
73.Bl -tag -width indent
74.It Fl a Ar address
75Specify one specific IP address to bind to.
76Alternatively, a hostname can be specified,
77in which case the IPv4 or IPv6 address
78which corresponds to that hostname is used.
79Usually a hostname is specified when
80.Nm
81is run inside a
82.Xr jail 8 ,
83in which case the hostname corresponds to that of the
84.Xr jail 8
85environment.
86.Pp
87When the hostname specification is used
88and both IPv4 and IPv6 bindings are desired,
89one entry with the appropriate
90.Em protocol
91type for each binding
92is required for each service in
93.Pa /etc/inetd.conf .
94For example,
95a TCP-based service would need two entries,
96one using
97.Dq tcp4
98for the
99.Em protocol
100and the other using
101.Dq tcp6 .
102See the explanation of the
103.Pa /etc/inetd.conf
104.Em protocol
105field below.
106.It Fl C Ar rate
107Specify the default maximum number of times a service can be invoked
108from a single IP address in one minute; the default is unlimited.
109May be overridden on a per-service basis with the
110"max-connections-per-ip-per-minute" parameter.
111.It Fl c Ar maximum
112Specify the default maximum number of
113simultaneous invocations of each service;
114the default is unlimited.
115May be overridden on a per-service basis with the "max-child"
116parameter.
117.It Fl d
118Turn on debugging.
119.It Fl l
120Turn on logging of successful connections.
121.It Fl p
122Specify an alternate file in which to store the process ID.
123.It Fl R Ar rate
124Specify the maximum number of times a service can be invoked
125in one minute; the default is 256.
126A rate of 0 allows an unlimited number of invocations.
127.It Fl s Ar maximum
128Specify the default maximum number of
129simultaneous invocations of each service from a single IP address;
130the default is unlimited.
131May be overridden on a per-service basis with the "max-child-per-ip"
132parameter.
133.It Fl W
134Turn on TCP Wrapping for internal services which are built in to
135.Nm .
136.It Fl w
137Turn on TCP Wrapping for external services.
138See the
139.Sx "IMPLEMENTATION NOTES"
140section for more information on TCP Wrappers support.
141.El
142.Pp
143Upon execution,
144.Nm
145reads its configuration information from a configuration
146file which, by default, is
147.Pa /etc/inetd.conf .
148There must be an entry for each field of the configuration
149file, with entries for each field separated by a tab or
150a space.
151Comments are denoted by a
152.Dq #
153at the beginning
154of a line.
155There must be an entry for each field.
156The
157fields of the configuration file are as follows:
158.Pp
159.Bd -unfilled -offset indent -compact
160service-name
161socket-type
162protocol
163{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
164user[:group][/login-class]
165server-program
166server-program-arguments
167.Ed
168.Pp
169To specify an
170ONC RPC-based
171service, the entry would contain these fields:
172.Pp
173.Bd -unfilled -offset indent -compact
174service-name/version
175socket-type
176rpc/protocol
177{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
178user[:group][/login-class]
179server-program
180server-program-arguments
181.Ed
182.Pp
183There are two types of services that
184.Nm
185can start: standard and TCPMUX.
186A standard service has a well-known port assigned to it;
187it may be a service that implements an official Internet standard or is a
188.Bx Ns -specific
189service.
190As described in
191RFC 1078,
192TCPMUX services are nonstandard services that do not have a
193well-known port assigned to them.
194They are invoked from
195.Nm
196when a program connects to the
197.Dq tcpmux
198well-known port and specifies
199the service name.
200This feature is useful for adding locally-developed servers.
201TCPMUX requests are only accepted when the multiplexor service itself
202is enabled, above and beyond and specific TCPMUX-based servers; see the
203discussion of internal services below.
204.Pp
205The
206.Em service-name
207entry is the name of a valid service in
208the file
209.Pa /etc/services ,
210or the specification of a
211.Ux
212domain socket (see below).
213For
214.Dq internal
215services (discussed below), the service
216name
217should
218be the official name of the service (that is, the first entry in
219.Pa /etc/services ) .
220When used to specify an
221ONC RPC-based
222service, this field is a valid RPC service name listed in
223the file
224.Pa /etc/rpc .
225The part on the right of the
226.Dq /
227is the RPC version number.
228This
229can simply be a single numeric argument or a range of versions.
230A range is bounded by the low version to the high version -
231.Dq rusers/1-3 .
232For TCPMUX services, the value of the
233.Em service-name
234field consists of the string
235.Dq tcpmux
236followed by a slash and the
237locally-chosen service name.
238The service names listed in
239.Pa /etc/services
240and the name
241.Dq help
242are reserved.
243Try to choose unique names for your TCPMUX services by prefixing them with
244your organization's name and suffixing them with a version number.
245.Pp
246The
247.Em socket-type
248should be one of
249.Dq stream ,
250.Dq dgram ,
251.Dq raw ,
252.Dq rdm ,
253or
254.Dq seqpacket ,
255depending on whether the socket is a stream, datagram, raw,
256reliably delivered message, or sequenced packet socket.
257TCPMUX services must use
258.Dq stream .
259.Pp
260The
261.Em protocol
262must be a valid protocol or
263.Dq unix .
264Examples are
265.Dq tcp
266or
267.Dq udp ,
268both of which imply IPv4 for backward compatibility.
269The names
270.Dq tcp4
271and
272.Dq udp4
273specify IPv4 only.
274The names
275.Dq tcp6
276and
277.Dq udp6
278specify IPv6 only.
279The names
280.Dq tcp46
281and
282.Dq udp46
283specify that the entry accepts both IPv4 and IPv6 connections
284via a wildcard
285.Dv AF_INET6
286socket.
287Rpc based services
288are specified with the
289.Dq rpc/tcp
290or
291.Dq rpc/udp
292service type.
293One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example
294.Dq rpc/tcp6
295or
296.Dq rpc/udp46 .
297TCPMUX services must use
298.Dq tcp ,
299.Dq tcp4 ,
300.Dq tcp6
301or
302.Dq tcp46 .
303.Pp
304The
305.Em wait/nowait
306entry specifies whether the server that is invoked by
307.Nm
308will take over
309the socket associated with the service access point, and thus whether
310.Nm
311should wait for the server to exit before listening for new service
312requests.
313Datagram servers must use
314.Dq wait ,
315as they are always invoked with the original datagram socket bound
316to the specified service address.
317These servers must read at least one datagram from the socket
318before exiting.
319If a datagram server connects
320to its peer, freeing the socket so
321.Nm
322can receive further messages on the socket, it is said to be
323a
324.Dq multi-threaded
325server;
326it should read one datagram from the socket and create a new socket
327connected to the peer.
328It should fork, and the parent should then exit
329to allow
330.Nm
331to check for new service requests to spawn new servers.
332Datagram servers which process all incoming datagrams
333on a socket and eventually time out are said to be
334.Dq single-threaded .
335The
336.Xr comsat 8
337and
338.Xr talkd 8
339utilities are examples of the latter type of
340datagram server.
341The
342.Xr tftpd 8
343utility is an example of a multi-threaded datagram server.
344.Pp
345Servers using stream sockets generally are multi-threaded and
346use the
347.Dq nowait
348entry.
349Connection requests for these services are accepted by
350.Nm ,
351and the server is given only the newly-accepted socket connected
352to a client of the service.
353Most stream-based services operate in this manner.
354Stream-based servers that use
355.Dq wait
356are started with the listening service socket, and must accept
357at least one connection request before exiting.
358Such a server would normally accept and process incoming connection
359requests until a timeout.
360TCPMUX services must use
361.Dq nowait .
362.Pp
363The maximum number of outstanding child processes (or
364.Dq threads )
365for a
366.Dq nowait
367service may be explicitly specified by appending a
368.Dq /
369followed by the number to the
370.Dq nowait
371keyword.
372Normally
373(or if a value of zero is specified) there is no maximum.
374Otherwise,
375once the maximum is reached, further connection attempts will be
376queued up until an existing child process exits.
377This also works
378in the case of
379.Dq wait
380mode, although a value other than one (the
381default) might not make sense in some cases.
382You can also specify the maximum number of connections per minute
383for a given IP address by appending
384a
385.Dq /
386followed by the number to the maximum number of
387outstanding child processes.
388Once the maximum is reached, further
389connections from this IP address will be dropped until the end of the
390minute.
391In addition, you can specify the maximum number of simultaneous
392invocations of each service from a single IP address by appending a
393.Dq /
394followed by the number to the maximum number of outstanding child
395processes.
396Once the maximum is reached, further connections from this
397IP address will be dropped.
398.Pp
399The
400.Em user
401entry should contain the user name of the user as whom the server
402should run.
403This allows for servers to be given less permission
404than root.
405The optional
406.Em group
407part separated by
408.Dq \&:
409allows a group name other
410than the default group for this user to be specified.
411The optional
412.Em login-class
413part separated by
414.Dq /
415allows specification of a login class other
416than the default
417.Dq daemon
418login class.
419.Pp
420The
421.Em server-program
422entry should contain the pathname of the program which is to be
423executed by
424.Nm
425when a request is found on its socket.
426If
427.Nm
428provides this service internally, this entry should
429be
430.Dq internal .
431.Pp
432The
433.Em server-program-arguments
434entry lists the arguments to be passed to the
435.Em server-program ,
436starting with argv[0], which usually is the name of
437the program.
438If the service is provided internally, the
439.Em service-name
440of the service (and any arguments to it) or the word
441.Dq internal
442should take the place of this entry.
443.Pp
444Currently, the only internal service to take arguments is
445.Dq auth .
446Without options, the service will always return
447.Dq ERROR\ : HIDDEN-USER .
448The available arguments to this service that alter its behavior are:
449.Bl -tag -width indent
450.It Fl d Ar fallback
451Provide a
452.Ar fallback
453username.
454If the real
455.Dq auth
456service is enabled
457(with the
458.Fl r
459option discussed below),
460return this username instead of an error
461when lookups fail
462for either socket credentials or the username.
463If the real
464.Dq auth
465service is disabled,
466return this username for every request.
467This is primarily useful when running this service on a NAT machine.
468.It Fl F
469Same as
470.Fl f
471but without the restriction that the username in
472.Pa .fakeid
473must not match an existing user.
474.It Fl f
475If the file
476.Pa .fakeid
477exists in the home directory of the identified user, report the username
478found in that file instead of the real username.
479If the username found in
480.Pa .fakeid
481is that of an existing user,
482then the real username is reported.
483If the
484.Fl i
485flag is also given then the username in
486.Pa .fakeid
487is checked against existing user IDs instead.
488.It Fl g
489Instead of returning
490the user's name to the ident requester,
491report a
492username made up of random alphanumeric characters,
493e.g.,
494.Dq c0c993 .
495The
496.Fl g
497flag overrides not only the user names,
498but also any fallback name,
499.Pa .fakeid
500or
501.Pa .noident
502files.
503.It Fl i
504Return numeric user IDs instead of usernames.
505.It Fl n
506If the file
507.Pa .noident
508exists in the home directory of the identified user, return
509.Dq ERROR\ : HIDDEN-USER .
510This overrides any
511.Pa fakeid
512file which might exist.
513.It Fl o Ar osname
514Use
515.Ar osname
516instead of the name of the system as reported by
517.Xr uname 3 .
518.It Fl r
519Offer a real
520.Dq auth
521service, as per RFC 1413.
522All the remaining flags apply only in this case.
523.It Fl t Xo
524.Ar sec Ns Op Cm \&. Ns Ar usec
525.Xc
526Specify a timeout for the service.
527The default timeout is 10.0 seconds.
528.El
529.Pp
530The
531.Nm
532utility also provides several other
533.Dq trivial
534services internally by use of
535routines within itself.
536These services are
537.Dq echo ,
538.Dq discard ,
539.Dq chargen
540(character generator),
541.Dq daytime
542(human readable time), and
543.Dq time
544(machine readable time, in the form of the number of seconds since
545midnight, January 1, 1900).
546All of these services are available in
547both TCP and UDP versions; the UDP versions will refuse service if the
548request specifies a reply port corresponding to any internal service.
549(This is done as a defense against looping attacks; the remote IP address
550is logged.)
551For details of these services, consult the
552appropriate
553RFC
554document.
555.Pp
556The TCPMUX-demultiplexing service is also implemented as an internal service.
557For any TCPMUX-based service to function, the following line must be included
558in
559.Pa inetd.conf :
560.Bd -literal -offset indent
561tcpmux	stream	tcp	nowait	root	internal
562.Ed
563.Pp
564When given the
565.Fl l
566option
567.Nm
568will log an entry to syslog each time a connection is accepted, noting the
569service selected and the IP-number of the remote requester if available.
570Unless otherwise specified in the configuration file,
571and in the absence of the
572.Fl W
573and
574.Fl w
575options,
576.Nm
577will log to the
578.Dq daemon
579facility.
580.Pp
581The
582.Nm
583utility rereads its configuration file when it receives a hangup signal,
584.Dv SIGHUP .
585Services may be added, deleted or modified when the configuration file
586is reread.
587Except when started in debugging mode,
588or configured otherwise with the
589.Fl p
590option,
591.Nm
592records its process ID in the file
593.Pa /var/run/inetd.pid
594to assist in reconfiguration.
595.Sh IMPLEMENTATION NOTES
596.Ss TCP Wrappers
597When given the
598.Fl w
599option,
600.Nm
601will wrap all services specified as
602.Dq stream nowait
603or
604.Dq dgram
605except for
606.Dq internal
607services.
608If the
609.Fl W
610option is given, such
611.Dq internal
612services will be wrapped.
613If both options are given, wrapping for both
614internal and external services will be enabled.
615Either wrapping option
616will cause failed connections to be logged to the
617.Dq auth
618syslog facility.
619Adding the
620.Fl l
621flag to the wrapping options will include successful connections in the
622logging to the
623.Dq auth
624facility.
625.Pp
626Note that
627.Nm
628only wraps requests for a
629.Dq wait
630service while no servers are available to service requests.
631Once a
632connection to such a service has been allowed,
633.Nm
634has no control
635over subsequent connections to the service until no more servers
636are left listening for connection requests.
637.Pp
638When wrapping is enabled, the
639.Pa tcpd
640daemon is not required, as that functionality is builtin.
641For more information on TCP Wrappers, see the relevant documentation
642.Pq Xr hosts_access 5 .
643When reading that document, keep in mind that
644.Dq internal
645services have no associated daemon name.
646Therefore, the service name
647as specified in
648.Pa inetd.conf
649should be used as the daemon name for
650.Dq internal
651services.
652.Ss TCPMUX
653RFC 1078
654describes the TCPMUX protocol:
655``A TCP client connects to a foreign host on TCP port 1.
656It sends the
657service name followed by a carriage-return line-feed <CRLF>.
658The
659service name is never case sensitive.
660The server replies with a
661single character indicating positive (+) or negative (\-)
662acknowledgment, immediately followed by an optional message of
663explanation, terminated with a <CRLF>.
664If the reply was positive,
665the selected protocol begins; otherwise the connection is closed.''
666The program is passed the TCP connection as file descriptors 0 and 1.
667.Pp
668If the TCPMUX service name begins with a
669.Dq + ,
670.Nm
671returns the positive reply for the program.
672This allows you to invoke programs that use stdin/stdout
673without putting any special server code in them.
674.Pp
675The special service name
676.Dq help
677causes
678.Nm
679to list the TCPMUX services which are enabled in
680.Pa inetd.conf .
681.Ss IPsec
682The implementation includes a tiny hack
683to support IPsec policy settings for each socket.
684A special form of comment line, starting with
685.Dq Li #@ ,
686is interpreted as a policy specifier.
687Everything after the
688.Dq Li #@
689will be used as an IPsec policy string,
690as described in
691.Xr ipsec_set_policy 3 .
692Each
693policy specifier is applied to all the following lines in
694.Pa inetd.conf
695until the next policy specifier.
696An empty policy specifier resets the IPsec policy.
697.Pp
698If an invalid IPsec policy specifier appears in
699.Pa inetd.conf ,
700.Nm
701will provide an error message via the
702.Xr syslog 3
703interface and abort execution.
704.Ss Ux Domain Sockets
705In addition to running services on IP sockets,
706.Nm
707can also manage
708.Ux
709domain sockets.
710To do this you specify a
711.Em protocol
712of
713.Dq unix
714and specify the
715.Ux
716domain socket as the
717.Em service-name .
718The
719.Em service-type
720may be
721.Dq stream
722or
723.Dq dgram .
724The specification of the socket must be
725an absolute path name,
726optionally prefixed by an owner and mode
727of the form
728.Em ":user:group:mode\&:" .
729The specification:
730.Pp
731.Dl ":news:daemon:220:/var/run/sock"
732.Pp
733creates a socket owned
734by user
735.Dq news
736in group
737.Dq daemon
738with permissions allowing only that user and group to connect.
739The default owner is the user that
740.Nm
741is running as.
742The default mode only allows the socket's owner to connect.
743.Pp
744.Sy WARNING :
745while creating a
746.Ux
747domain socket,
748.Nm
749must change the ownership and permissions on the socket.
750This can only be done securely if
751the directory in which the socket is created
752is writable only by root.
753Do
754.Em NOT
755use
756.Nm
757to create sockets in world writable directories
758such as
759.Pa /tmp ;
760use
761.Pa /var/run
762or a similar directory instead.
763.Pp
764Internal services may be run on
765.Ux
766domain sockets, in the usual way.
767In this case
768the name of the internal service
769is determined using
770the last component of the socket's pathname.
771For example, specifying a socket named
772.Pa /var/run/chargen
773would invoke the
774.Dq chargen
775service when a connection is received on that socket.
776.Sh "FILES"
777.Bl -tag -width /var/run/inetd.pid -compact
778.It Pa /etc/inetd.conf
779configuration file
780.It Pa /etc/netconfig
781network configuration data base
782.It Pa /etc/rpc
783translation of service names to RPC program numbers
784.It Pa /etc/services
785translation of service names to port numbers
786.It Pa /var/run/inetd.pid
787the pid of the currently running
788.Nm
789.El
790.Sh "EXAMPLES"
791Examples for a variety of services are available in
792.Pa /etc/inetd.conf .
793.Pp
794It includes examples for
795.Nm bootpd ,
796.Nm comsat ,
797.Nm cvs ,
798.Nm date ,
799.Nm fingerd ,
800.Nm ftpd ,
801.Nm imapd ,
802.Nm nc ,
803.Nm nmbd ,
804.Nm nntpd ,
805.Nm rlogind ,
806.Nm rpc.rquotad ,
807.Nm rpc.rusersd ,
808.Nm rpc.rwalld ,
809.Nm rpc.statd ,
810.Nm rpc.sprayd ,
811.Nm rshd ,
812.Nm prometheus_sysctl_exporter ,
813.Nm smtpd ,
814.Nm smbd ,
815.Nm swat
816.Nm talkd ,
817.Nm telnetd ,
818.Nm tftpd ,
819.Nm uucpd .
820.Pp
821The internal services provided by
822.Nm
823for daytime, time, echo, discard and chargen are also
824included, as well as chargen for
825.Nm ipsec
826Authentication Headers
827.Pp
828Examples for handling auth requests via
829.Nm identd ,
830are similarly included.
831.Sh "ERROR MESSAGES"
832The
833.Nm
834server
835logs error messages using
836.Xr syslog 3 .
837Important error messages and their explanations are:
838.Pp
839.Bl -ohang -compact
840.It Xo
841.Ar service Ns / Ns Ar protocol
842.No "server failing (looping), service terminated."
843.Xc
844The number of requests for the specified service in the past minute
845exceeded the limit.
846The limit exists to prevent a broken program
847or a malicious user from swamping the system.
848This message may occur for several reasons:
849.Bl -enum -offset indent
850.It
851There are many hosts requesting the service within a short time period.
852.It
853A broken client program is requesting the service too frequently.
854.It
855A malicious user is running a program to invoke the service in
856a denial-of-service attack.
857.It
858The invoked service program has an error that causes clients
859to retry quickly.
860.El
861.Pp
862Use the
863.Fl R Ar rate
864option,
865as described above, to change the rate limit.
866Once the limit is reached, the service will be
867reenabled automatically in 10 minutes.
868.Pp
869.It Xo
870.Ar service Ns / Ns Ar protocol :
871.No \&No such user
872.Ar user ,
873.No service ignored
874.Xc
875.It Xo
876.Ar service Ns / Ns Ar protocol :
877.No getpwnam :
878.Ar user :
879.No \&No such user
880.Xc
881No entry for
882.Ar user
883exists in the
884.Xr passwd 5
885database.
886The first message
887occurs when
888.Nm
889(re)reads the configuration file.
890The second message occurs when the
891service is invoked.
892.Pp
893.It Xo
894.Ar service :
895.No can't set uid
896.Ar uid
897.Xc
898.It Xo
899.Ar service :
900.No can't set gid
901.Ar gid
902.Xc
903The user or group ID for the entry's
904.Ar user
905field is invalid.
906.Pp
907.It "setsockopt(SO_PRIVSTATE): Operation not supported"
908The
909.Nm
910utility attempted to renounce the privileged state associated with a
911socket but was unable to.
912.Pp
913.It Xo unknown
914.Ar rpc/udp
915or
916.Ar rpc/tcp
917.Xc
918No entry was found for either
919.Ar udp
920or
921.Ar tcp
922in the
923.Xr netconfig 5
924database.
925.Pp
926.It Xo unknown
927.Ar rpc/udp6
928or
929.Ar rpc/tcp6
930.Xc
931No entry was found for either
932.Ar udp6
933or
934.Ar tcp6
935in the
936.Xr netconfig 5
937database.
938.El
939.Sh SEE ALSO
940.Xr cvs 1 Pq Pa ports/devel/opencvs ,
941.Xr date 1 ,
942.Xr nc 1 ,
943.Xr ipsec_set_policy 3 ,
944.Xr ipsec 4 ,
945.Xr hosts_access 5 ,
946.Xr hosts_options 5 ,
947.Xr login.conf 5 ,
948.Xr netconfig 5 ,
949.Xr passwd 5 ,
950.Xr rpc 5 ,
951.Xr services 5 ,
952.Xr bootpd 8 ,
953.Xr comsat 8 ,
954.Xr fingerd 8 ,
955.Xr ftpd 8 ,
956.Xr imapd 8 Pq Pa ports/mail/courier-imap ,
957.Xr nmbd 8 Pq Pa ports/net/samba412 ,
958.Xr rlogind 8 ,
959.Xr rpc.rquotad 8 ,
960.Xr rpc.rusersd 8 ,
961.Xr rpc.rwalld 8 ,
962.Xr rpc.statd 8 ,
963.Xr rshd 8 ,
964.Xr prometheus_sysctl_exporter 8 ,
965.Xr smbd 8 Pq Pa ports/net/samba412 ,
966.Xr talkd 8 ,
967.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd ,
968.Xr tftpd 8 ,
969.Xr uucpd 8 Pq Pa ports/net/freebsd-uucp
970.Rs
971.%A Michael C. St. Johns
972.%T Identification Protocol
973.%O RFC1413
974.Re
975.Sh HISTORY
976The
977.Nm
978utility appeared in
979.Bx 4.3 .
980TCPMUX is based on code and documentation by Mark Lottor.
981Support for
982ONC RPC-based services is modeled after that
983provided by
984SunOS
9854.1.
986The IPsec hack was contributed by the KAME project in 1999.
987The
988.Fx
989TCP Wrappers support first appeared in
990.Fx 3.2 .
991