network-inetd.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>The inetd Super-Server</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Network Servers" href="network-servers.html" />
<link rel="PREVIOUS" title="Network Servers" href="network-servers.html" />
<link rel="NEXT" title="Network File System (NFS)" href="network-nfs.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="network-servers.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 23 Network Servers</td>
<td width="10%" align="right" valign="bottom"><a href="network-nfs.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="NETWORK-INETD" name="NETWORK-INETD">23.2 The <b
class="APPLICATION">inetd</b> ``Super-Server''</a></h1>

<i class="AUTHORGROUP"><span class="CONTRIB">Contributed by</span> Chern Lee.</i> 

<div class="SECT2">
<h2 class="SECT2"><a id="NETWORK-INETD-OVERVIEW" name="NETWORK-INETD-OVERVIEW">23.2.1
Overview</a></h2>

<p><a href="http://www.FreeBSD.org/cgi/man.cgi?query=inetd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">inetd</span>(8)</span></a> is referred
to as the ``Internet Super-Server'' because it manages connections for several daemons.
Programs that provide network service are commonly known as daemons. <b
class="APPLICATION">inetd</b> serves as a managing server for other daemons. When a
connection is received by <b class="APPLICATION">inetd</b>, it determines which daemon
the connection is destined for, spawns the particular daemon and delegates the socket to
it. Running one instance of <b class="APPLICATION">inetd</b> reduces the overall system
load as compared to running each daemon individually in stand-alone mode.</p>

<p>Primarily, <b class="APPLICATION">inetd</b> is used to spawn other daemons, but
several trivial protocols are handled directly, such as <b
class="APPLICATION">chargen</b>, <b class="APPLICATION">auth</b>, and <b
class="APPLICATION">daytime</b>.</p>

<p>This section will cover the basics in configuring <b class="APPLICATION">inetd</b>
through its command-line options and its configuration file, <tt
class="FILENAME">/etc/inetd.conf</tt>.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="NETWORK-INETD-SETTINGS" name="NETWORK-INETD-SETTINGS">23.2.2
Settings</a></h2>

<p><b class="APPLICATION">inetd</b> is initialized through the <tt
class="FILENAME">/etc/rc.conf</tt> system. The <var class="LITERAL">inetd_enable</var>
option is set to <var class="LITERAL">NO</var> by default, but is often times turned on
by <b class="APPLICATION">sysinstall</b> with the medium security profile. Placing:</p>

<pre class="PROGRAMLISTING">
inetd_enable="YES"
</pre>

or 

<pre class="PROGRAMLISTING">
inetd_enable="NO"
</pre>

into <tt class="FILENAME">/etc/rc.conf</tt> can enable or disable <b
class="APPLICATION">inetd</b> starting at boot time.<br />
<br />
<p>Additionally, different command-line options can be passed to <b
class="APPLICATION">inetd</b> via the <var class="LITERAL">inetd_flags</var> option.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="NETWORK-INETD-CMDLINE" name="NETWORK-INETD-CMDLINE">23.2.3
Command-Line Options</a></h2>

<p><b class="APPLICATION">inetd</b> synopsis:</p>

<p><var class="OPTION">inetd [-d] [-l] [-w] [-W] [-c maximum] [-C rate] [-a address |
hostname] [-p filename] [-R rate] [configuration file]</var></p>

<div class="VARIABLELIST">
<dl>
<dt>-d</dt>

<dd>
<p>Turn on debugging.</p>
</dd>

<dt>-l</dt>

<dd>
<p>Turn on logging of successful connections.</p>
</dd>

<dt>-w</dt>

<dd>
<p>Turn on TCP Wrapping for external services (on by default).</p>
</dd>

<dt>-W</dt>

<dd>
<p>Turn on TCP Wrapping for internal services which are built into <b
class="APPLICATION">inetd</b> (on by default).</p>
</dd>

<dt>-c maximum</dt>

<dd>
<p>Specify the default maximum number of simultaneous invocations of each service; the
default is unlimited. May be overridden on a per-service basis with the <var
class="OPTION">max-child</var> parameter.</p>
</dd>

<dt>-C rate</dt>

<dd>
<p>Specify the default maximum number of times a service can be invoked from a single IP
address in one minute; the default is unlimited. May be overridden on a per-service basis
with the <var class="OPTION">max-connections-per-ip-per-minute</var> parameter.</p>
</dd>

<dt>-R rate</dt>

<dd>
<p>Specify the maximum number of times a service can be invoked in one minute; the
default is 256. A rate of 0 allows an unlimited number of invocations.</p>
</dd>

<dt>-a</dt>

<dd>
<p>Specify one specific IP address to bind to. Alternatively, a hostname can be
specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is
used. Usually a hostname is specified when <b class="APPLICATION">inetd</b> is run inside
a <a href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a>, in which case
the hostname corresponds to the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=jail&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">jail</span>(8)</span></a>
environment.</p>

<p>When hostname specification is used and both IPv4 and IPv6 bindings are desired, one
entry with the appropriate protocol type for each binding is required for each service in
<tt class="FILENAME">/etc/inetd.conf</tt>. For example, a TCP-based service would need
two entries, one using <var class="LITERAL">tcp4</var> for the protocol and the other
using <var class="LITERAL">tcp6</var>.</p>
</dd>

<dt>-p</dt>

<dd>
<p>Specify an alternate file in which to store the process ID.</p>
</dd>
</dl>
</div>

<p>These options can be passed to <b class="APPLICATION">inetd</b> using the <var
class="LITERAL">inetd_flags</var> option in <tt class="FILENAME">/etc/rc.conf</tt>. By
default, <var class="LITERAL">inetd_flags</var> is set to <var class="LITERAL">-wW</var>,
which turns on TCP wrapping for <b class="APPLICATION">inetd</b>'s internal and external
services. For novice users, these parameters usually do not need to be modified or even
entered in <tt class="FILENAME">/etc/rc.conf</tt>.</p>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> An external service is a daemon outside of <b
class="APPLICATION">inetd</b>, which is invoked when a connection is received for it. On
the other hand, an internal service is one that <b class="APPLICATION">inetd</b> has the
facility of offering within itself.</p>
</blockquote>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="NETWORK-INETD-CONF" name="NETWORK-INETD-CONF">23.2.4 <tt
class="FILENAME">inetd.conf</tt></a></h2>

<p>Configuration of <b class="APPLICATION">inetd</b> is controlled through the <tt
class="FILENAME">/etc/inetd.conf</tt> file.</p>

<p>When a modification is made to <tt class="FILENAME">/etc/inetd.conf</tt>, <b
class="APPLICATION">inetd</b> can be forced to re-read its configuration file by sending
a HangUP signal to the <b class="APPLICATION">inetd</b> process as shown:</p>

<div class="EXAMPLE"><a id="NETWORK-INETD-HANGUP" name="NETWORK-INETD-HANGUP"></a>
<p><b>Example 23-1. Sending inetd a HangUP Signal</b></p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">kill -HUP `cat /var/run/inetd.pid`</kbd>
</pre>
</div>

<p>Each line of the configuration file specifies an individual daemon. Comments in the
file are preceded by a ``#''. The format of <tt class="FILENAME">/etc/inetd.conf</tt> is
as follows:</p>

<pre class="PROGRAMLISTING">
service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
user[:group][/login-class]
server-program
server-program-arguments
</pre>

<p>An example entry for the <b class="APPLICATION">ftpd</b> daemon using IPv4:</p>

<pre class="PROGRAMLISTING">