History log of /freebsd-head/usr.sbin/inetd/inetd.c
Revision Date Author Comments
26571c66e80ecf6cd2be0be3b725aaafaa0c9fcc 10-Jan-2020 kevans <kevans@FreeBSD.org> inetd: two more nits

Use __COPYRIGHT for copyright to simply either embed it via .ident or have
it properly marked __unused

Move an ipsec reference to IPSEC
711cfb9928c78a7e38cc68b400fc5032c6f9ca41 10-Jan-2020 kevans <kevans@FreeBSD.org> inetd: free WITHOUT_INET6_SUPPORT build of warnings

If inetd is compiled without inet6 support, we need to error out on
rpc+inet6 services rather than attempting to call into rpc bits with an
uninitialized netid.

v4bind is only used with INET6 support, so move it under the proper #ifdefs
with v6bind.

Reported by: Pavel Timofeev <timp87 gmail com>
MFC after: 3 days
c1bba6f4610fa9c9501c17a2a1518bf4687d2651 03-Jan-2020 emaste <emaste@FreeBSD.org> inetd: fix WITHOUT_TCP_WRAPPERS build after r356248

After increasing WARNS, building WITHOUT_TCP_WRAPPERS failed because of
some unused variables.

Reported by: Cirrus-CI (against my WIP branch)
MFC with: r356248
Sponsored by: The FreeBSD Foundation
b7749b90eef349df874c2dac7852004701c58fac 01-Jan-2020 kevans <kevans@FreeBSD.org> inetd: final round of trivial cleanup, NFC

- Use MAX() for maxsock raising; small readability improvement IMO
- malloc(3) + memset(3) -> calloc(3) where appropriate
- stop casting the return value of malloc(3)
- mallloc(3) -> reallocarray(3) where appropriate

A future change may enter capability mode when forking for some of the
built-in handlers.
93e15ee75ef856b6d0eead628dc898eb6ae7a061 01-Jan-2020 kevans <kevans@FreeBSD.org> inetd: convert remaining bzero(3) to memset(3), NFC

This change is purely in the name of noise reduction from static analyzers
that want to complain that bzero(3) is obsolete in favor of memset(3).

With this, clang-analyze at least is now noise free. WARNS= 6 also appears
to have been OK for some time now, so drop the current setting and opt for
the default.
9b6286055a6359722ea6374567b0d4057c38d755 01-Jan-2020 kevans <kevans@FreeBSD.org> inetd: track all child pids, regardless of maxchild spec

Currently, child pids are only tracked if maxchildren is specified. As a
consequence, without a maxchild limit we do not get a notice in syslog on
children aborting abnormally. This turns out to be a great debugging aide at

Children are now tracked in a LIST; the management interface is decidedly
less painful when there's no upper bound on the number of entries we may
have at the cost of one small allocation per connection.

PR: 70335
46ffe94590eefad89d668b8aa4496de8127a728f 01-Jan-2020 kevans <kevans@FreeBSD.org> inetd: add some macros for checking child limits, NFC

The main point here is capturing the maxchild > 0 check. A future change to
inetd will start tracking all of the child pids so that it can give proper
and consistent notification of process exit/signalling.
6efa83058f5d9938716c57059365232d78a009d1 31-Dec-2019 kevans <kevans@FreeBSD.org> inetd: prefer strlcpy to strlen(3) check + strcpy(3), NFC

This is again functionally equivalent but more concise.
3b026cf6d540b675cd28a5a0fbde39a5d4d50ab5 31-Dec-2019 kevans <kevans@FreeBSD.org> inetd: knock out some clang analyze warnings

chargen_dg: clang-analyze is convinced that endring could be non-NULL at
entry, and thus wants to assume that rs == NULL. Just independently
initialize rs if it's NULL to appease the analyzer.

getconfigent: policy leaks on return

free_connlist: reorganize the loop to make it clear that we're not going to
access `conn` after it's been freed.

cpmip/hashval: left-shifts performed will result in UB as we take
signed 0xABC3D20F and left shift it by 5.
a5969606cabde59102f937757ff2ef11ffb8aa95 30-Dec-2019 kevans <kevans@FreeBSD.org> inetd: don't leak `policy` on return

sep->se_policy gets a strdup'd version of policy, so we don't need it to
stick around afterwards.

While here, remove a couple of NULL checks prior to free(policy).

CID: 1006865
MFC after: 3 days
872b698bd4a1bfc0bf008c09228e6fd238809c75 20-Nov-2017 pfg <pfg@FreeBSD.org> General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
20b3029086efa513f1cd6a089e22a45938c94e40 20-Mar-2017 hrs <hrs@FreeBSD.org> Simplify a pipe for signal handling.
7e6cabd06e6caa6a02eeb86308dc0cb3f27e10da 28-Feb-2017 imp <imp@FreeBSD.org> Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
a0cc94009060edcca1b8d9e6fa6dc97e0a4a35a4 14-Jan-2017 ngie <ngie@FreeBSD.org> Fix up r312105

- Only #include tcpd.h when LIBWRAP is true to avoid header include errors
- Only define whichaf when LIBWRAP is true to avoid -Wunused warning and
to avoid issues with structs being defined that should only be defined
when tcpd.h is included.

MFC after: 2 weeks
X-MFC with: r312105
Pointyhat to: ngie
Reported by: gcc tinderbox
Sponsored by: Dell EMC Isilon
a455bca7fbf701541510e32048ffb62cded99f29 14-Jan-2017 ngie <ngie@FreeBSD.org> Conditionalize libwrap support into inetd based on MK_TCP_WRAPPERS

This will allow inetd to stand by itself without libwrap.

MFC after: 2 weeks
Relnotes: yes
Reviewed by: hrs (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9056
e71c29cf64f700f1426302bd4b35e518b7be3578 05-Jan-2017 hrs <hrs@FreeBSD.org> Fix build when WITHOUT_INET6 is defined.
a8b00414bd3277f90dab52ed8739621da78238f8 31-Dec-2016 hrs <hrs@FreeBSD.org> - Add static for symbols which need not to be exported.
- Clean up warnings to the WARNS=6 level.
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
7863804c7784a00fa4e5b91c5ab2de026a22290d 02-May-2016 araujo <araujo@FreeBSD.org> Use MAX macro from sys/param.h.

MFC after: 2 weeks.
7b928e00e50c3740576acc6c6e252aed5429a5cb 23-Apr-2016 bapt <bapt@FreeBSD.org> MFC: r298111 r298114

Directly set the O_CLOEXEC flags via the open(2) attributes
Use the SOCK_CLOEXEC flags in the socket(2) 'type' attribute instead of
calling fcntl(2)

Sponsored by: Essen Hackathon
881983d98c30c4b633b31d9e3b3a70acdbafcb21 16-Apr-2016 bapt <bapt@FreeBSD.org> Use the SOCK_CLOEXEC flags in the socket(2) 'type' attribute instead of
calling fcntl(2)

MFC after: 1 week
9b89fc0844a135e094027368a901e9db83e255ed 16-Apr-2016 bapt <bapt@FreeBSD.org> Use pipe2(2) to directly set the close-on-exec flags directly

MFC after: 1 week
50371a834c64ba35aa19873f2ebb19b88b52f11d 20-Sep-2015 hrs <hrs@FreeBSD.org> MFC 281734-281736,287997-287998:

- Fix a crash on a rpc entry when an IPv6 address is explicitly
specified in -a flag.

- Fix a bug that sockaddr_in was used where sockaddr_in6 should have
been used. This was not actually harmful because offsetof(struct
sockaddr_in, sin_port) is equal to offsetof(struct sockaddr_in6,

- Remove unused union p_un.

- Use NI_MAXHOST-long buffer for getnameinfo().
Although INET6_ADDRSTRLEN was designed to hold the longest
IPv6 address in IPv4-mapped address format a long time ago,
getnameinfo() can return scope identifier in addition to it.
92177854740b4059d4a698eddb8a7cc0f09188d5 19-Sep-2015 hrs <hrs@FreeBSD.org> - Remove unused union p_un.

- Use NI_MAXHOST-long buffer for getnameinfo().
Although INET6_ADDRSTRLEN was designed to hold the longest
IPv6 address in IPv4-mapped address format a long time ago,
getnameinfo() can return scope identifier in addition to it.

MFC after: 1 day
640e18a8e1f7af344479860b74a9231045e6123b 19-Sep-2015 hrs <hrs@FreeBSD.org> - Fix a crash on a rpc entry when an IPv6 address is explicitly specified
in -a flag.

- Fix a bug that sockaddr_in was used where sockaddr_in6 should have
been used. This was not actually harmful because offsetof(struct
sockaddr_in, sin_port) is equal to offsetof(struct sockaddr_in6,

MFC after: 1 day
9e3dd6e843273a2394b666326f7de6f6a5ef084e 19-Apr-2015 eadler <eadler@FreeBSD.org> identd: restore memcpy
I should not be committing at 2:30am....

Reported by: pluknet
37e73b83f76d39132b3ecdd766567a3f296369e0 19-Apr-2015 eadler <eadler@FreeBSD.org> identd: also zero se_rpc_highvers

Reported by: pluknet
047338ae8a4a2954e70193f41c3f2c187a4def32 19-Apr-2015 eadler <eadler@FreeBSD.org> identd: remove redundant zeroing
se_rpc_lowvers was set to 0 twice, so remove one of them
I can not find any other variable which they may have been a typo of.

Reported by: gcc5.1
b5d711d3a6940afdd3615f7ffc2dcfa3faacd446 09-Nov-2014 melifaro <melifaro@FreeBSD.org> Renove faith(4) and faithd(8) from base. It looks like industry
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.

No objections from: net@
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
368bd87849c4a2f2a7b253c353dfb4100b29c7c9 20-Jan-2013 zont <zont@FreeBSD.org> - Force inetd to have listen queue size to be set to the value of
kern.ipc.somaxconn instead of hardcoded value 64.

Submitted by: Andrey Ignatov <rdna@rdna.ru>
MFC after: 2 weeks
8c1e8547690a122e46ea46591307ded406f3f72b 04-Jun-2012 delphij <delphij@FreeBSD.org> Replace the use of wall clock time with monotonically increasing
clock. In general, gettimeofday() is not appropriate interface
when accounting for elasped time because it can go backward, in
which case the policy code could errornously consider the limit
as exceeded.

MFC after: 1 week
Reported by: Mahesh Arumugam
Submitted by: Dorr H. Clark via gnn
Sponsored by: Citrix / NetScaler
e7e5b53bf16ab3b35646f0580b36fa7d7afa9678 03-Jan-2012 ed <ed@FreeBSD.org> Replace index() and rindex() calls with strchr() and strrchr().

The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
ec19ea84b8117fa04d9e5cf9d8945e0bacc2596e 02-Jan-2010 ed <ed@FreeBSD.org> ANSIfy some more tools in usr.sbin/.

Most of these tools build with WARNS=6, except for their use of K&R
function declarations.
11e4f3cd81934965eb062bc9bfefe40c76eaf8aa 19-Dec-2009 attilio <attilio@FreeBSD.org> MFC r199804:
Avoid sshd, crond, inetd and syslogd to be killed in an high-pressure
swapping environment.

Sponsored by: Sandvine Incorporated
99524169bf3f72fffa8e41ace1a952854e3f97d3 25-Nov-2009 attilio <attilio@FreeBSD.org> Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
17086da40216ad1f5c3a5e0fcc77629f9b1c15ed 13-Feb-2009 delphij <delphij@FreeBSD.org> Sync comment with actual configuration format.
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
f5875f045c1546f7504a2a0c4bc6744948772a54 01-Jul-2007 gnn <gnn@FreeBSD.org> Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by: bz
Approved by: re
eab0424fa8eca56308befc97a0f018e4c69a3a27 29-Apr-2007 dwmalone <dwmalone@FreeBSD.org> MFC: Man page improvements and don't put unix domain sockets into the
per-ip limits code.
8355c667d5270a72a500fdd281ef01faca0fa571 11-Mar-2007 dwmalone <dwmalone@FreeBSD.org> Don't try to apply connection-per-ip rate limiting to unix domain
sockets. Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.

PR: 109315
MFC after: 2 weeks
Tested-by: Aragon Gouveia <aragon@phat.za.net>
c58b7af8454700a0b65b149ad85cef2ed88e4c1e 14-Sep-2006 ru <ru@FreeBSD.org> Removed T/TCP bits.
7ab11dec1ceb0bb4713a3da61b8759290eabc5ce 18-Jan-2006 delphij <delphij@FreeBSD.org> Revert previous commit for now, which seems to have (re)introduced some
old bugs, as well as some unwanted side effects. I will do more
investigation and fix these issues first.

Pointed out by: dwmalone
55eb0335a6ca658635fcbceceb48c7173143e1cd 18-Jan-2006 delphij <delphij@FreeBSD.org> Improves and cleanups over inetd(8):

- Teach inetd(8) about kqueue, originally implemented by jmg@[1].
- Use new C99 style function prototypes instead of K&Rs.
- Raise WARNS from 2 to 6

Glanced at by: ru
MFC After: 2 weeks

[1] http://people.freebsd.org/~jmg/inetd.kq.patch,
68b438857e03b37c38beadcc0e6be9a796afdf7b 15-Jan-2006 delphij <delphij@FreeBSD.org> MFC pidfile(3) function, and convert several applications to make use
of it.

Bump __FreeBSDversion for the MFC.

Discussed with: pjd
c71407b5890e69c4a1adc0e0936f0d7e9cd24be4 16-Sep-2005 pjd <pjd@FreeBSD.org> Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by: green
da18f6ae6cb11507a5f6ae3b411b195917f3858b 24-Aug-2005 pjd <pjd@FreeBSD.org> Use pidfile(3) in inetd(8).
e33ba033454acbec171e04edba1395842e412b5c 13-May-2005 ume <ume@FreeBSD.org> NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
b8a02a7b7648ac7ce29d84ba3068a5f931fc47ef 26-Sep-2004 stefanf <stefanf@FreeBSD.org> Prefer C99's __func__ over GCC's __FUNCTION__.

Approved by: dwmalone
9fbed704d53384df13f05c4f0b546851054b6f7b 07-Aug-2004 imp <imp@FreeBSD.org> Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)
b5d0f5636118aa73b9360cde461a82e0c05557df 20-Apr-2004 brooks <brooks@FreeBSD.org> Remove the requirement that the "discard" service be defined in the
services database. Now only services that are actually used need to be

Submitted by: ume
5c9d10d927c7500e42fce5c7a98529cdcc641f35 04-Apr-2004 dwmalone <dwmalone@FreeBSD.org> The list of (key,value) pairs to request_init is terminated by a 0 key,
not NULL.

Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
MFC after: 3 days
a7b0bf21514af248fa2d99f991f6e997a481e4d7 22-Mar-2004 dwmalone <dwmalone@FreeBSD.org> On startup, warn if inetd's config file doesn't exist. This isn't
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.

PR: 60806
Submitted by: Jeff Ito <jeffi@rcn.com>
MFC after: 2 weeks
282762c918785ab291ecd9cb1b1d26f1d9200101 30-Oct-2003 peter <peter@FreeBSD.org> Rather than use the gcc -fno-builtin-log flag, just rename the 'int log'
2472b3136c8144dbb0eae73e82143695a7dac0b8 26-Oct-2003 ume <ume@FreeBSD.org> Since semantic of IPV6_PKTINFO was changed in RFC3542, we need to
use IPV6_RECVPKTINFO instead.

Reported by: someone (I had removed the mail wrongly, sorry)
84984af7251e310f7a27132c66f08a002917cbe3 26-Oct-2003 peter <peter@FreeBSD.org> Use -fno-builtin-log so gcc doesn't get ideas about using a math function
to log data. Clean up an unused variable that was hidden by the WARNS?=2
being commented out. Uncomment it now that it compiles cleanly again.
48243b0d5531915e237d98f617cc91faa6bc4f88 15-Jul-2003 dwmalone <dwmalone@FreeBSD.org> Get the connections per minute calculation right. By good fortune
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.

PR: 54354
Submitted by: Claus Assmann <ca@sendmail.org>
Submitted by: Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after: 5 days
dff9ad9d4466cd10a9d3eb787a6638565fd087c0 23-Feb-2003 dwmalone <dwmalone@FreeBSD.org> Under some unusual conditions, inetd can leak a open file discriptor
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.

PR: 47694
Submitted by: Max Okumoto <okumoto@ucsd.edu>
Obtained from: NetBSD
MFC after: 2 weeks
1825d6d17dc5133b018a2bacfbf1949153cc05be 23-Feb-2003 dwmalone <dwmalone@FreeBSD.org> After calling login_getclass, be sure to call login_close so that
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.

PR: 46845
Reviewed by: David Wang <dsw@juniper.net>
MFC after: 2 weeks
3d252cd8868660cd99a7e0b091136aafa9ccad25 13-Feb-2003 ume <ume@FreeBSD.org> The tcp_wrappers function `fromhost()' can fail. In such
cases, the `struct sockaddr' will not be allocated.

Reported by: nectar
MFC after: 2 days
b622dadf70cfe3c2f44713e390adec96e9ad98da 16-Jan-2003 rwatson <rwatson@FreeBSD.org> Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class. We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.

Pointed out by: kuriyama, max
45a362319313bfe4e2ef698d107d34b2db70b769 08-Jan-2003 rwatson <rwatson@FreeBSD.org> For now, set only the resource limits and process priority associated
with a class, rather than all aspects of the class when switching
classes for an inetd service. Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future. This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.

A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.

Reviewed by: ache
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
bd4df2f8087a78c8f8c38b02716da5716834d893 27-Oct-2002 wollman <wollman@FreeBSD.org> Add used #include <limits.h>.
31656d5090302f29415b0e07edf932feab5d7de2 04-Sep-2002 dwmalone <dwmalone@FreeBSD.org> When printing the wait status, break it down into a signal and a exit status.

PR: 41912
Submitted by: Aaron Smith <aaron@mutex.org>
MFC after: 2 weeks
a8ad3be6d583d69ffbaf65535072e91df5337a0f 04-Sep-2002 dwmalone <dwmalone@FreeBSD.org> Swap sense of no_v[46]bind variables and rename as v[46]bind_ok -
this avoids some double negatives which are a bit difficult to

Always tread v[46]bind{,_ok} as booleans.
d766507fcc9f46fa2396d3bd1c10f085d80da811 04-Sep-2002 dwmalone <dwmalone@FreeBSD.org> Fix parsing of unix domain entries after addition of IPv6 RPC support.

PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
f72048605bd3c2d2e2d67f14af1e86ec5068b6d1 02-Sep-2002 dwmalone <dwmalone@FreeBSD.org> Don't initialise policy, v4bind and v6bind where the variables are
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.

Jean-Luc and I came up with this patch independently, so it had
better be right!

PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
7161284200278991a789c6a5b6ad646e5c48f614 02-Sep-2002 dwmalone <dwmalone@FreeBSD.org> tpc -> tcp in an error message.

PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
d78d977dabef7f2caee3718adee4a8ba85b6e993 02-Sep-2002 dwmalone <dwmalone@FreeBSD.org> Clear up a few warnings (unused variable, rpc versions are usigned so use %u,
rename a parameter to avoid shadowing a global).

MFC after: 1 month
c9b1c6c3c7785ed179bd750d6e398ddbb1bff1c9 07-Aug-2002 ume <ume@FreeBSD.org> Add capability for limiting the maximum number of simultaneous
invocations of each service from a single IP address.

Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
9c2c51a1e61030bfe633fa01ea19069f3fd0091b 22-Jul-2002 ume <ume@FreeBSD.org> use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.

MFC after: 1 week
926cc1f5b35769ae3716f198b337a1b16eb022cd 15-Jul-2002 alfred <alfred@FreeBSD.org> add support for rpc IPv6 (rpc/udp/46 ...)

Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2719fbacdb1bb5e6498b73e5a76925ceb01f983b 22-Jun-2002 jmallett <jmallett@FreeBSD.org> Replace the SWAP(var0,var1) macro with SWAP(type,var0,var1) and use it as
is appropriate to avoid using typeof/__typeof__. It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.

Poked into submission by: bde
409c0fbaea7664bde34e561b69df83ac53da63c3 22-Jun-2002 jmallett <jmallett@FreeBSD.org> Unused macro.
dc62444cff0bbeaae7d549ff1d3db12784658dca 21-Jun-2002 jmallett <jmallett@FreeBSD.org> __FBSDID() strategic insertion.
9883dc836c02a70bcd7c25a009bedd6e0c7d74f5 21-Jun-2002 jmallett <jmallett@FreeBSD.org> Kill __P, yuck.
68283c74088de6957db2f8c6ea7c8d46837c158b 21-Jun-2002 jmallett <jmallett@FreeBSD.org> Mark unused variables __unused.

Built standalone, inetd(8) is WARNS=5 clean, WARNS=6 if you ignore %m fits.
40eace5efced8fed0917ed89504dd06f38d3a7f1 21-Jun-2002 jmallett <jmallett@FreeBSD.org> Use __typeof__ instead of typeof.
1bb36586265ee32c6ab1b68133d3a8a235aa2dcb 21-Jun-2002 jmallett <jmallett@FreeBSD.org> ANSI prototypes via protoize(1).
da8203a816e7d32a08b1a05af847a87122447654 26-May-2002 jwd <jwd@FreeBSD.org> Log invalid config entries. Make the -d option actually log to
the terminal(-d fix from dwmalone).

Approved by: dwmalone
MFC after: 2 weeks
f37958699205ff98449f3e2190be6f5499543446 08-May-2002 ume <ume@FreeBSD.org> Make compilable without -DINET6.
0b4a08860d3c7ed149f63ada0b88251c80127585 08-May-2002 ume <ume@FreeBSD.org> Log address family of a connection.

Requested by: matusita
Reviewed by: matusita
609f9c821344c4602d74fc1c50e1ae1f49c7f1d2 17-Jul-2001 dwmalone <dwmalone@FreeBSD.org> o Remove old setproctitle.
o Mark unused variables.
o Set WARNS?=2
o Results in no code changes.

Submitted by: Mike Barcroft <mike@q9media.com>
670077b10fcc93279109e3d87d1d6c41ccf348de 24-Jun-2001 dwmalone <dwmalone@FreeBSD.org> Fix most of the warnings given by WARNS=2.
229831d19f3c3478e62ef382202f3da4cee2b0c1 16-Jun-2001 dwmalone <dwmalone@FreeBSD.org> Give inetd the ability to manage unix domain sockets. Details of
how to use this feature are in the man page. This is based on work
by Lyndon Nerenberg.

(The only difficult part about this patch is the fact that you
can't fchown a unix domain socket, which means the sockets must be
put in a secure directory).

Reviewed by: dillon
45620ee4d33fca241aa059710254367e18415891 06-Jun-2001 dwmalone <dwmalone@FreeBSD.org> Get rid of se_ctladdrinitok, which doesn't do anything and seemes
to have been accidently imported when ipv6 support was added to

Approved by: ume
25beb6e957cd30fb5dad918e9846a1714622e08d 31-May-2001 ume <ume@FreeBSD.org> Recently, other BSDs had faith support in inetd. Though our inetd has
it already, their syntax is not compatible with ours. It will confuse
users. So, we have compatibility with their syntex.

Approved by: dwmalone
Obtained from: NetBSD
9d82cf01b52f1b36b3ab73915fcf42d0e8d4c9b9 22-Jan-2001 dwmalone <dwmalone@FreeBSD.org> Various cleanups of inetd: Avoid shadowing variables, use socklen_t
instead of ints, don't cast to char *, clear up some remote name
handling code which had become a little odd.

Should result in no functional changes.
b858cbd0d3116b30ce9c2b04bc06b26d74c17a2d 22-Jan-2001 dwmalone <dwmalone@FreeBSD.org> Don't mention /etc/protocols in inetd documentation or comments, as inetd
doesn't actually use it.

PR: 24307
Submitted by: opentrax@email.com
ce16361e1971391339a60ad4359a0272f772bfda 03-Dec-2000 dwmalone <dwmalone@FreeBSD.org> Tidy up some prototypes:
make sure there is exactly one prototype for each function,
use K&R style definitions everywhere to match dominant style,
make flag_signal take an int to avoid problems if we have
ANSI prototypes and K&R definitions.
3444fc22f5e4622db5564f9bb1380419ecda5bfe 24-Oct-2000 dwmalone <dwmalone@FreeBSD.org> Fix two typos in comments.

PR: 22268
Submitted by: Daniel S. Lewart <d-lewart@uiuc.edu>
f0de0321e63d749dc5dd31921768b81e0c79eb9a 21-Oct-2000 dwmalone <dwmalone@FreeBSD.org> Don't leak a file discriptor if a service we've called accept() for

Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
dd56a66e3b2d04da316db3da3e5c7760f374689c 02-Oct-2000 dwmalone <dwmalone@FreeBSD.org> Make reconfiguring an external service as builtin service work.

PR: 21650
Submitted by: ben
Tested by: dan@ducky.nz.freebsd.org
f36f8d5bae2c807884f6707c6d3b169c3e868e85 03-Aug-2000 dwmalone <dwmalone@FreeBSD.org> Explain "-c" option more exactly and state the default in the man

Add ability to run "inetd -R 0" to disable the default connection
per minute limit of 256 connections. Document this in man page.

Don't use maxchild as a boolean - instead check if it is greater
than zero.

Reviewed by: sheldonh
Based on a patch by: Alexander Langer <alex@big.endian.de>
cc221d575afd5334c5ac8e02eeaaa48fec13df38 31-Jul-2000 dwmalone <dwmalone@FreeBSD.org> Sleep for a second after tcp wrappers rejects a connection, so we
don't traumatise the parent inetd.

Requested by: wietse@porcupine.org
Approved by: markm
484d3fa1b115d5ed2560c12d2feb1b40639b6ea3 02-Apr-2000 ume <ume@FreeBSD.org> Make sure to use IPv4 mapped IPv6 address when mapped address is
requested in /etc/inetd.conf.

Reviewed by: shin
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
304da3fbf23470681cf2fe6d5287aa6a8693ada6 11-Mar-2000 shin <shin@FreeBSD.org> Make inetd compilable without INET6.

Approved by: jkh

Submitted by: jhb
d822ff8f85893d2b108f1c152a97dcdb80a2350c 22-Feb-2000 shin <shin@FreeBSD.org> Fix broken inet logging when wrapping options are not specified.

Approved by: jkh

Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
b7aacf578ef00562a5b1d6283329bb0cdffeca1d 03-Feb-2000 shin <shin@FreeBSD.org> Fix inetd wrong AF check for RPC services

Incorrect Address Family check is done for RPC services, and
fail to initialize it.
The error check is replaced to new one, which checks if IPv4
bind is enabled or not. (It is disabled when IPv6 numeric
addr is specified for -a bind address option.)

An review reqeust is once sent to des, but he quit MAINTAINER.

Approved by: jkh
ae4a0b7c525e452bfe97e01c4ed264d8882a0a20 28-Jan-2000 shin <shin@FreeBSD.org> Fix inconsistent debug output. (syslog -> warnx)

Specified by: sheldonh

Reviewed by: des
1427d0852ce293ef9997d38bcd4281a28bf261c5 27-Jan-2000 shin <shin@FreeBSD.org> Avoid verbose error messages when ipsec initialization for sockets failed
usually, and print it only when debug is enabled.
(This always happens when kernel is configured without IPSEC option.)
fc29f7bcf7236935ba5c171ea553ac7dca533e8c 25-Jan-2000 shin <shin@FreeBSD.org> several tcp apps IPv6 update

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
840a73c91f61d3436b296461c5f90a15e68d069e 23-Jan-2000 charnier <charnier@FreeBSD.org> Do not dot terminate sentences inside FILES section. Lowercase
inside error messages.
bf227e92603cc9a64762a4466805ae399af01617 17-Nov-1999 peter <peter@FreeBSD.org> Put the listening socket into non-blocking mode before doing an
accept(2). This is a not really problem on -current as the accept race
is fixed, however it is a MFC candidate for -stable.

This could possibly be slightly more efficient and leave the listening
socket permanently in non-blocking mode, but I wasn't certain that I
could catch all the stream/wait (not nowait) mode implications.
6fd9345dfd31d4978f3e24157cda6bbedb379557 13-Oct-1999 charnier <charnier@FreeBSD.org> Do not dot or \n terminate syslog string.
efabb9ccb197b05958967dd035c279ba3bc19cb0 28-Aug-1999 peter <peter@FreeBSD.org> $Id$ -> $FreeBSD$
f63981f6b27764ca238633434c2d184582eeb6d0 26-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Bring two wayward memory allocation failure messages in line with
those featured in the rest of the code.
da41b19a5a5999d513c50f842d2cb4aaa7511a60 23-Jul-1999 des <des@FreeBSD.org> Don't match up TCP services with UDP sockets.
c70bd623ea1cdbfe10fcbdcbaf753f66244f354b 22-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Relegate the diagnostic descriptor counter to the -DSANITY_CHECK case.
4093665e6b92fed1fdfd7a52262e823de38309f7 22-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Remove unnecessary macro introduced in previous commit.

Also, the previous commit failed to reference:

PR: 12731
Submitted by: dwmalone@maths.tcd.ie (David "Inetd" Malone)
ca4b80f3cfce79e05fca28d5f2784c284ab075d5 22-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Don't leak pipe descriptor to daemons on execv().
6f1b1c4c1118e13fe2c40cb41d74cab3ac1e1ee9 22-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Signal handlers should use _exit(2) and not exit(3).
4f4f7569f6e2e4db54f175e210d369339adb1510 22-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Move code for all builtin services from inetd.c to builtins.c, including
the Green Piece. :-)

In future, new builtin services are less likely to need to touch the
already tangled inetd.c .
cd7ecc6fc022e270d89e62000744e4a6d41d0465 21-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Fix for the hosts_options(5) spawn option.

Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.

This does not address the leaking descriptors issue discussed on the
same PR.

PR: 12731
Reviewed by: des
Submitted by: David Malone <dwmalone@maths.tcd.ie>
c292b216c3ddfc3e30f5fa42a68ae0f9b6972814 21-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Fix horribly broken comment. The submitter of the associated code sent
me the right comment and I bastardized it. :-(
e18ab7089381828852704b64216c10877171c9ec 15-Jul-1999 green <green@FreeBSD.org> By popular demand, ident_stream now takes arguments. Ex:
# This enables the old, fake ident service.
auth stream tcp nowait root internal
# This enables the new, real ident service.
auth stream tcp nowait root internal auth -r
# This enables ~/.fakeid support, too.
auth stream tcp nowait root internal auth -r -f
9560f2b1988b3b343ece8c59c1f0e3eb8da8c0f9 15-Jul-1999 green <green@FreeBSD.org> This is the working internal ident service. Turn it on by setting
the make variable REAL_IDENT, and ~/.fakeid support can be added
with FAKEID set. Note that the default behavior is the same as
the old behavior.
d6c7df715cfcc26e776c016a42cb4b70185bf721 09-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Use the proctitle to indicate that we're busy wrapping a request for a
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly

Submitted by: David Malone <dwmalone@maths.tcd.ie>
37c066a7ad337b86b969269c3392c9942dd7c22e 09-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Allow internal and external wrapping to be enabled independantly of
each other. Instead of allowing the -w option to be specified twice,
we now take -w (wrap external) and -W (wrap internal).

Discussed with: markm
60d229e604f6fdbe9921b44b59b82b2469286d78 02-Jul-1999 sheldonh <sheldonh@FreeBSD.org> Allow service alias names from /etc/services to be used when specifying
internal services in inetd.conf .

The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!

Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing

This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).

PR: 11796
Reported by: Alex Charalabidis <alex@wnm.net>
Approved by: des
e3cd370e1254eba748debce7d3a708391a60bfe2 30-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Ommitted in previous commit message:

Submitted by: David Malone <dwmalone@maths.tcd.ie>
fe92ab33f813b446ff18a55e2edcd078e0837b9f 30-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Enable wrapping for dgram services and fix logging so that -l really
does log all connections.
fa844065251811bc22db17af5fad23b2e0c99426 28-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Sync usage() with the manpage.

Approved by: mpp
b86772ac109ea7fce28171edeac05dde01f498b3 28-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Fix broken logic: (!wrap || log) -> (!wrap && log) .

Reported by: David Malone <dwmalone@maths.tcd.ie>
31aade9ad12eccc1744d769c7477e81f3a9fcf8c 27-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Add command-line option (-w), specified once to enable wrapping and
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.

Change etc/defaults/rc.conf so as to encourage wrapping on new systems.

Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.

Approved by: jkh
35595e48b45e3b93f3a947f3cf0c8bfe08fb2eb4 21-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Fix handling of maximum children and connections per minute.

Submitted by: David Malone <dwmalone@maths.tcd.ie>
e9effd7443bb52603e3ca3974904ac18fb2de6cc 17-Jun-1999 sheldonh <sheldonh@FreeBSD.org> Various fixes for inetd's TCP Wrappers support:

1) Handle forking and non-forking internal services correctly.
Turn on wrapping for internal services because it works now.
2) Preserve server names for each service on HUP.
3) Honour hosts_options(5) severity option.
4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
usage and limitations.

This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.

PR: 12097
Reviewed by: markm
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>
Submitted by: Masachika ISHIZUKA <ishizuka@ish.org>
Submitted by: David Malone <dwmalone@maths.tcd.ie>
6c657432917771c5f2ccdeb0ef085745fbd9619b 11-May-1999 des <des@FreeBSD.org> Don't stop listening to the signal pipe just because you don't have
anything else to do.

PR: 10468, 11594
9012e78ce46db3225223ddbc2aeb549be9b13561 11-Apr-1999 markm <markm@FreeBSD.org> Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by: Sheldon Hearn
f15070b9aea1b418779b2ec9186b55362f8144d6 28-Mar-1999 markm <markm@FreeBSD.org> Now inetd(8) has direct support for tcp_wrappers! Not working at the
moment is support for the internal serfvices, so these are not
enabled. Volunteers welcome!
e27bf7f1ca1dd1316747bf1569c0789e270d90d1 05-Jan-1999 danny <danny@FreeBSD.org> Make machtime() function unsigned long instead of long.
Reviewed by: phk
d953ead3300f30cea6a651b505496a68fb590a59 02-Jan-1999 des <des@FreeBSD.org> Style cleanups.

Requested by: bde
b44d350f5dbecc328917a46469163854cf764dd0 28-Dec-1998 des <des@FreeBSD.org> Back out rev. 1.42 and 1.43. Apply Graham Wheeler's signal handling patch.

Reviewed by: jkh & eivind
Submitted by: Graham Wheeler <gram@cdsec.com>
PR: bin/8183
fac338b16a41db68ed95ba54eb6f6704e0655fdb 15-Dec-1998 dillon <dillon@FreeBSD.org> Remove signal mask prior to calling exec
0257da59197a6c09cea232fa6b7c903598e79cd5 11-Dec-1998 dillon <dillon@FreeBSD.org> Reviewed by: freebsd-current

Fix signal/library corruption by blocking all signals except during
select(). The reported corruption was with reentrancy in the malloc lib.
44cddad39ceb6efbac0b9fd99486dcf8b3d98647 04-Nov-1998 phk <phk@FreeBSD.org> Add an "internal" driver for the "ident" protocol (tcp/113).

It will return "ERROR:HIDDEN-USER" for all requests.

To use it add:
ident stream tcp nowait root internal
to inetd.conf
7300b9a59ccdfc6e3f55a4eb03f9b938808b4fc9 18-Aug-1998 jb <jb@FreeBSD.org> Bruce says that %p is intended to format void pointers only. So use a void *
cast. There are pointers and then there are _pointers_. One day I'll
figure out which are which. 8-)
49f35df526d2d6fc7e1e864c8b620a9368285eca 17-Aug-1998 jb <jb@FreeBSD.org> Remove a cast and print the pointer value with %p instead of %x.
1bbb61bc9b660eceb343098fc915b172d99c9f10 24-Jul-1998 ache <ache@FreeBSD.org> Add (struct timezone *) cast to NULL for K&R
5b6f7049f1d88502a7f525ad2111dc54bc0c5aa3 23-Jul-1998 ache <ache@FreeBSD.org> Use NULL as gettimeofday arg instead of 0 cast
Add missing arg to error diagnostic
Print yet one arg of error diagnostic
dbb03b6d18114b356c2e527bb2ada90a3cc5460f 22-Jul-1998 phk <phk@FreeBSD.org> last patch misapplied.
39bd98f2969dd162576f9fe281c0e0c36f65e543 22-Jul-1998 phk <phk@FreeBSD.org> This may apply to all known versions of inetd.

For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.

Twelve years ago, code was added to inetd to detect "failing
servers". The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing"). These
compile-time constants vary depending on vendor.

The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the

I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.

PR: 7286
Reviewed by: phk
Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
70c2b190c2e5f9398684a66e0a53d2821b1f1fec 14-May-1998 guido <guido@FreeBSD.org> On request of Garrett, ad a way to specify that a service should be
reachable via T/TCP
Reviewed by: Garrett Wollman
bfcb7bdce1a0ada2f30a8235805e653c64badde7 11-May-1998 bde <bde@FreeBSD.org> Fixed gross errors in previous commit. `sapipe' was used uninitialized
to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE.

Obtained from: OpenBSD

Finished conversion from sigvec to sigaction (don't assume that sa_mask
is a scalar...). Didn't convert from sigblock to sigprocmask. Didn't
fix missing error checking for sigaction...
656f78b87c6cd19d9ff53b32ae8840cb0e17121a 08-May-1998 guido <guido@FreeBSD.org> Unblock SIGPIPE before execv(); convert from sigvec to sigaction
Obtained from: OpenBSD
779723654b931ce05465367f3c13d9e35d52f6f2 07-May-1998 guido <guido@FreeBSD.org> Redo tcpmux stuff. tcpmux handling is now performed after inetd
forks. Furthermore, invalid input for tcpmux does not lead to
an exiting inetd.
This patch is recommended for people running tcpmux (which is NOT
enabled by default)
b89888f15351f611f37a70773c1dfef4689ce268 24-Feb-1998 pst <pst@FreeBSD.org> Make maxchild and max child-per-minute default values configurable from
the command line or Makefile.
0506343883d62f6649f7bbaf1a436133cef6261d 11-Jan-1998 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'jb'.
7c6e96080c4fb49bf912942804477d202a53396c 10-Jan-1998 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'JB'.
c811dec8d3d9b6851e050cf67f85125b699f5fe5 29-Oct-1997 dima <dima@FreeBSD.org> Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
442881c24b12136177346166ba208b0cf9385677 28-Oct-1997 ache <ache@FreeBSD.org> Implement group part now, final syntax is:
6a842ce994af64318a02cea0f7cd2ef8700cb2cd 27-Oct-1997 ache <ache@FreeBSD.org> Implement login classes sepcification as user[/loginclass]

By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
e9cad8594ecde5c524e5aa90a7b69513faa56123 19-Sep-1997 charnier <charnier@FreeBSD.org> Use err(3).
b52523a54a6d14b65eff48de21014ce8ecd6e50e 29-Aug-1997 imp <imp@FreeBSD.org> Remove and odd sleep found by David Holland and posted to -security.
Reviewed by: Theo de Raadt (who put it into OpenBSD)
Submitted by: David Holland <dholland@eecs.harvard.edu>
f766bd31c5532c03c0493f7a03d3a82eee240d48 10-May-1997 davidn <davidn@FreeBSD.org> login_getclass() -> login_getpwclass().
c63d12aeb30917ad4939f3b2ba075a6c0b9d6567 28-Apr-1997 wollman <wollman@FreeBSD.org> Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.
(This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
691010efad5c05f7ee86a870abce217fe8e9b8d1 31-Mar-1997 imp <imp@FreeBSD.org> compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
b782f4df30a869a074431c7b185f0c7c69878254 22-Feb-1997 peter <peter@FreeBSD.org> Revert $FreeBSD$ to $Id$
f061fa28f5ac3f93d633c36e904431dd425e25ba 05-Feb-1997 julian <julian@FreeBSD.org> The "-a" option for inetd specifies a specific IP address for the
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.

This patch fixes this bug (in both RELENG_2_2 and -current).

This is a 2.2 candidate..(i.e. pure bug fix)

Submitted by: Archie Cobbs (archie@whistle.com)
808a36ef658c1810327b5d329469bcf5dad24b28 14-Jan-1997 jkh <jkh@FreeBSD.org> Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
7251a7b426b6334101a4812e3f72e421dd0e35d6 13-Jan-1997 peter <peter@FreeBSD.org> Implement minimal login class support (ie: does a setusercontext()).
Enabled by defining LOGIN_CAP in Makefile, on by default.
f447087e686c1248c8b178ae07905a9f42ccc918 10-Nov-1996 julian <julian@FreeBSD.org> Reviewed by: Bill fenner
Submitted by: Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
5278ea869e8b26b786bf5c94daa508b4157e68b2 10-Nov-1996 julian <julian@FreeBSD.org> Reviewed by: Bill fenner
Submitted by: Archie Cobbs (archie@whistle.com)

changes to make inetd compile cleaner under -Wall
8d80515b007e90d3114af1032da5243705a249c7 01-Nov-1996 alex <alex@FreeBSD.org> Fix incorrect length argument to memset() function. Closes PR#1937.

Submitted by: Archie Cobbs <archie@whistle.com>
e9e54bcde4c77ac5866b3bb5a79e93ed3c103d6c 28-Oct-1996 joerg <joerg@FreeBSD.org> Do not modify a malloc()ed pointer; instead, use memmove().

Detected by: phkmalloc - AJ :)
53ead71d814751405acf92b3d6587277c4137ffb 09-Aug-1996 julian <julian@FreeBSD.org> Reviewed by: various
Submitted by: archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
a811461f7d6279e0f13039d8c65d8a7ad5294252 17-Jul-1996 dg <dg@FreeBSD.org> Increased listen() queue-depth limit to 64.
41f00ad7a0f83b613e6e8c370242c9fca06363fc 07-Feb-1996 wollman <wollman@FreeBSD.org> Call setsockopt(SO_PRIVSTATE) to renounce SS_PRIV on all the sockets
we create. (Nothing being called from inetd should use it anyway,
but you can never be too careful.)

Translate the man page back into -mdoc.
eb8e89ecaf8d5bf63b246f1a592f7eed946aff7a 01-Jan-1996 peter <peter@FreeBSD.org> Make inetd use setproctitle from libutil instead of it's own version.

The old code can probably still be compiled with #define OLD_SETPROCTITLE
86f1bc4514fdcfd255f37f3218fe234bdc3664fc 05-Nov-1995 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'LINUX'.
40d1117791bd08b4042ce078b913d59201812402 03-Nov-1995 peter <peter@FreeBSD.org> Workaround for the setlogin()-in-same-session-as-inetd bug.

This causes:
1: inetd to clear it's getlogin() name at startup (in case the sysadmin
logged in and su'ed to root and restarted inetd)
2: inetd to start each spawned process in it's own session.
3: inetd to call setlogin() on non-root processes (eg: uucp for uucico)
4: log failures more extensively

This means that root spawned processes from inetd remain responsible for
setting their login name if they change their uid. (eg: rshd, login, etc).

If they do not do so, it is safer for them to have no "login name" than a
wrong one (like "root") because the getlogin() system call is documented
as "secure" on 4.4BSD. inetd when started from /etc/rc would have no login
name anyway, so this isn't really a change - it's making it consistant with
the bootup state...

The setsid() change *may* cause something to break that is doing a setsid()
itself and checking the result - it will fail now because it's already been
done. The consensis seems to be that this is unlikely. David G. thinks
this is acceptable as it is cleaner from an architectural point of view.
04b5326448f35258a4cfbc41530249be6af384df 30-Oct-1995 adam <adam@FreeBSD.org> Implement simple quoting for command args.
Previously "abc xyz" became 2 args split at the space.
4012c9269aa9d29f8205bd1a69d4d7381667a692 12-Oct-1995 wollman <wollman@FreeBSD.org> Record PID in /var/run/inetd.pid and document same.
1b1ee5553889e207087539ddafa5dfd4e28bd585 11-Jun-1995 rgrimes <rgrimes@FreeBSD.org> Merge RELENG_2_0_5 into HEAD
4f960dd75f181e9fa2edc44324f15f0ab5c64b37 30-May-1995 rgrimes <rgrimes@FreeBSD.org> Remove trailing whitespace.
2e14d9ebc3d3592c67bdf625af9ebe0dfc386653 14-Mar-1995 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'MATT_THOMAS'.
d067a90a1c9473d216429143d8c6588a4d6e235d 21-Dec-1994 wollman <wollman@FreeBSD.org> Disable UDP service looping attack.
34cd81d75f398ee455e61969b118639dacbfd7a6 23-Sep-1994 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'MACKERRAS'.
f146ba5a9becb7d9adabd5ac495d9f758d2965b2 11-Sep-1994 csgr <csgr@FreeBSD.org> - increase TOOMANY, in line with 1.x
- add logging option from 1.x
88dbb490c7dab81d81c41a7027ff7292b08c8cd9 11-Sep-1994 csgr <csgr@FreeBSD.org> Bring in handling of RPC services from 1.x
(Guess who forgot to replace his inetd until today ;-)
e16baf7a5fe7ac1453381d0017ed1dcdeefbc995 07-Aug-1994 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'SUNRPC'.
862fdf11a2ede45dec0da01ed575525d79468981 26-May-1994 rgrimes <rgrimes@FreeBSD.org> BSD 4.4 Lite usr.sbin Sources