1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 33.\" $FreeBSD: src/usr.sbin/inetd/inetd.8,v 1.46.2.13 2003/03/12 22:08:14 trhodes Exp $ 34.\" 35.Dd February 7, 1996 36.Dt INETD 8 37.Os 38.Sh NAME 39.Nm inetd 40.Nd internet 41.Dq super-server 42.Sh SYNOPSIS 43.Nm 44.Op Fl d 45.Op Fl l 46.Op Fl w 47.Op Fl W 48.Op Fl c Ar maximum 49.Op Fl C Ar rate 50.Op Fl a Ar address | hostname 51.Op Fl p Ar filename 52.Op Fl R Ar rate 53.Op Fl s Ar maximum 54.Op Ar configuration file 55.Sh DESCRIPTION 56The 57.Nm 58utility should be run at boot time by 59.Pa /etc/rc 60(see 61.Xr rc 8 ) . 62It then listens for connections on certain 63internet sockets. When a connection is found on one 64of its sockets, it decides what service the socket 65corresponds to, and invokes a program to service the request. 66The server program is invoked with the service socket 67as its standard input, output and error descriptors. 68After the program is 69finished, 70.Nm 71continues to listen on the socket (except in some cases which 72will be described below). Essentially, 73.Nm 74allows running one daemon to invoke several others, 75reducing load on the system. 76.Pp 77The following options are available: 78.Bl -tag -width indent 79.It Fl d 80Turn on debugging. 81.It Fl l 82Turn on logging of successful connections. 83.It Fl w 84Turn on TCP Wrapping for external services. 85See the 86.Sx "IMPLEMENTATION NOTES" 87section for more information on TCP Wrappers support. 88.It Fl W 89Turn on TCP Wrapping for internal services which are built into 90.Nm . 91.It Fl c Ar maximum 92Specify the default maximum number of 93simultaneous invocations of each service; 94the default is unlimited. 95May be overridden on a per-service basis with the "max-child" 96parameter. 97.It Fl C Ar rate 98Specify the default maximum number of times a service can be invoked 99from a single IP address in one minute; the default is unlimited. 100May be overridden on a per-service basis with the 101"max-connections-per-ip-per-minute" parameter. 102.It Fl R Ar rate 103Specify the maximum number of times a service can be invoked 104in one minute; the default is 256. 105A rate of 0 allows an unlimited number of invocations. 106.It Fl s Ar maximum 107Specify the default maximum number of 108simultaneous invocations of each service from a single IP address; 109the default is unlimited. 110May be overridden on a per-service basis with the "max-child-per-ip" 111parameter. 112.It Fl a 113Specify one specific IP address to bind to. 114Alternatively, a hostname can be specified, 115in which case the IPv4 or IPv6 address 116which corresponds to that hostname is used. 117Usually a hostname is specified when 118.Nm 119is run inside a 120.Xr jail 8 , 121in which case the hostname corresponds to the 122.Xr jail 8 123environment. 124.Pp 125When hostname specification is used 126and both IPv4 and IPv6 bindings are desired, 127one entry with the appropriate 128.Em protocol 129type for each binding 130is required for each service in 131.Pa /etc/inetd.conf . 132For example, 133a TCP-based service would need two entries, 134one using 135.Dq tcp4 136for the 137.Em protocol 138and the other using 139.Dq tcp6 . 140See the explanation of the 141.Pa /etc/inetd.conf 142.Em protocol 143field below. 144.It Fl p 145Specify an alternate file in which to store the process ID. 146.El 147.Pp 148Upon execution, 149.Nm 150reads its configuration information from a configuration 151file which, by default, is 152.Pa /etc/inetd.conf . 153There must be an entry for each field of the configuration 154file, with entries for each field separated by a tab or 155a space. Comments are denoted by a 156.Dq # 157at the beginning 158of a line. There must be an entry for each field. The 159fields of the configuration file are as follows: 160.Pp 161.Bd -unfilled -offset indent -compact 162service name 163socket type 164protocol 165{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] 166user[:group][/login-class] 167server program 168server program arguments 169.Ed 170.Pp 171To specify an 172.Tn "ONC RPC" Ns -based 173service, the entry would contain these fields: 174.Pp 175.Bd -unfilled -offset indent -compact 176service name/version 177socket type 178rpc/protocol 179user[:group][/login-class] 180server program 181server program arguments 182.Ed 183.Pp 184There are two types of services that 185.Nm 186can start: standard and TCPMUX. 187A standard service has a well-known port assigned to it; 188it may be a service that implements an official Internet standard or is a 189.Bx Ns -specific 190service. 191As described in 192.Tn RFC 1078 , 193TCPMUX services are nonstandard services that do not have a 194well-known port assigned to them. 195They are invoked from 196.Nm 197when a program connects to the 198.Dq tcpmux 199well-known port and specifies 200the service name. 201This feature is useful for adding locally-developed servers. 202TCPMUX requests are only accepted when the multiplexor service itself 203is enabled, above and beyond and specific TCPMUX-based servers; see the 204discussion of internal services below. 205.Pp 206The 207.Em service-name 208entry is the name of a valid service in 209the file 210.Pa /etc/services , 211or the specification of a 212.Ux 213domain socket (see below). 214For 215.Dq internal 216services (discussed below), the service 217name 218should 219be the official name of the service (that is, the first entry in 220.Pa /etc/services ) . 221When used to specify an 222.Tn "ONC RPC" Ns -based 223service, this field is a valid RPC service name in 224the file 225.Pa /etc/rpc . 226The part on the right of the 227.Dq / 228is the RPC version number. 229This 230can simply be a single numeric argument or a range of versions. 231A range is bounded by the low version to the high version - 232.Dq rusers/1-3 . 233For TCPMUX services, the value of the 234.Em service-name 235field consists of the string 236.Dq tcpmux 237followed by a slash and the 238locally-chosen service name. 239The service names listed in 240.Pa /etc/services 241and the name 242.Dq help 243are reserved. 244Try to choose unique names for your TCPMUX services by prefixing them with 245your organization's name and suffixing them with a version number. 246.Pp 247The 248.Em socket-type 249should be one of 250.Dq stream , 251.Dq dgram , 252.Dq raw , 253.Dq rdm , 254or 255.Dq seqpacket , 256depending on whether the socket is a stream, datagram, raw, 257reliably delivered message, or sequenced packet socket. 258TCPMUX services must use 259.Dq stream . 260.Pp 261The 262.Em protocol 263must be a valid protocol or 264.Dq unix . 265Examples are 266.Dq tcp 267or 268.Dq udp , 269both of which imply IPv4 for backward compatibility. 270The names 271.Dq tcp4 272and 273.Dq udp4 274specify IPv4 only. 275The names 276.Dq tcp6 277and 278.Dq udp6 279specify IPv6 only. 280The names 281.Dq tcp46 282and 283.Dq udp46 284specify that the entry accepts both IPv4 and IPv6 connections 285via a wildcard 286.Dv AF_INET6 287socket. 288If it is desired that the service is reachable via T/TCP, one should 289specify 290.Dq tcp/ttcp , 291which implies IPv4 for backward compatibility. 292The name 293.Dq tcp4/ttcp 294specifies IPv4 only, while 295.Dq tcp6/ttcp 296specifies IPv6 only. 297The name 298.Dq tcp46/ttcp 299specify that the entry accepts both IPv6 and IPv6 connections 300via a wildcard 301.Dv AF_INET6 302socket. 303Rpc based services 304(for which only IPv4 is supported at this time) 305are specified with the 306.Dq rpc/tcp 307or 308.Dq rpc/udp 309service type. 310TCPMUX services must use 311.Dq tcp , 312.Dq tcp4 , 313.Dq tcp6 314or 315.Dq tcp46 . 316.Pp 317The 318.Em wait/nowait 319entry specifies whether the server that is invoked by 320.Nm 321will take over 322the socket associated with the service access point, and thus whether 323.Nm 324should wait for the server to exit before listening for new service 325requests. 326Datagram servers must use 327.Dq wait , 328as they are always invoked with the original datagram socket bound 329to the specified service address. 330These servers must read at least one datagram from the socket 331before exiting. 332If a datagram server connects 333to its peer, freeing the socket so 334.Nm 335can receive further messages on the socket, it is said to be 336a 337.Dq multi-threaded 338server; 339it should read one datagram from the socket and create a new socket 340connected to the peer. 341It should fork, and the parent should then exit 342to allow 343.Nm 344to check for new service requests to spawn new servers. 345Datagram servers which process all incoming datagrams 346on a socket and eventually time out are said to be 347.Dq single-threaded . 348.Xr Comsat 8 , 349.Pq Xr biff 1 350and 351.Xr talkd 8 352are both examples of the latter type of 353datagram server. 354.Xr Tftpd 8 355is an example of a multi-threaded datagram server. 356.Pp 357Servers using stream sockets generally are multi-threaded and 358use the 359.Dq nowait 360entry. 361Connection requests for these services are accepted by 362.Nm , 363and the server is given only the newly-accepted socket connected 364to a client of the service. 365Most stream-based services operate in this manner. 366Stream-based servers that use 367.Dq wait 368are started with the listening service socket, and must accept 369at least one connection request before exiting. 370Such a server would normally accept and process incoming connection 371requests until a timeout. 372TCPMUX services must use 373.Dq nowait . 374.Pp 375The maximum number of outstanding child processes (or 376.Dq threads ) 377for a 378.Dq nowait 379service may be explicitly specified by appending a 380.Dq / 381followed by the number to the 382.Dq nowait 383keyword. 384Normally 385(or if a value of zero is specified) there is no maximum. 386Otherwise, 387once the maximum is reached, further connection attempts will be 388queued up until an existing child process exits. 389This also works 390in the case of 391.Dq wait 392mode, although a value other than one (the 393default) might not make sense in some cases. 394You can also specify the maximum number of connections per minute 395for a given IP address by appending 396a 397.Dq / 398followed by the number to the maximum number of 399outstanding child processes. 400Once the maximum is reached, further 401connections from this IP address will be dropped until the end of the 402minute. 403In addition, you can specify the maximum number of simultaneous 404invocations of each service from a single IP address by appending a 405.Dq / 406followed by the number to the maximum number of outstanding child 407processes. Once the maximum is reached, further connections from this 408IP address will be dropped. 409.Pp 410The 411.Em user 412entry should contain the user name of the user as whom the server 413should run. This allows for servers to be given less permission 414than root. 415Optional 416.Em group 417part separated by 418.Dq \&: 419allows to specify group name different 420than default group for this user. 421Optional 422.Em login-class 423part separated by 424.Dq / 425allows to specify login class different 426than default 427.Dq daemon 428login class. 429.Pp 430The 431.Em server-program 432entry should contain the pathname of the program which is to be 433executed by 434.Nm 435when a request is found on its socket. If 436.Nm 437provides this service internally, this entry should 438be 439.Dq internal . 440.Pp 441The 442.Em server program arguments 443should be just as arguments 444normally are, starting with argv[0], which is the name of 445the program. If the service is provided internally, the 446.Em service-name 447of the service (and any arguments to it) or the word 448.Dq internal 449should take the place of this entry. 450.Pp 451Currently, the only internal service to take arguments is 452.Dq auth . 453Without options, the service will always return 454.Dq ERROR\ : HIDDEN-USER . 455The available arguments to this service that alter its behavior are: 456.Bl -tag -width indent 457.It Fl d Ar fallback 458Provide a 459.Ar fallback 460username. 461If the real 462.Dq auth 463service is enabled 464(with the 465.Fl r 466option discussed below), 467return this username instead of an error 468when lookups fail 469for either socket credentials or the username. 470If the real 471.Dq auth 472service is disabled, 473return this username for every request. 474This is primarily useful when running this service on a NAT machine. 475.It Fl g 476Instead of returning 477the user's name to the ident requester, 478report a 479username made up of random alphanumeric characters, 480e.g.\& 481.Dq c0c993 . 482The 483.Fl g 484flag overrides not only the user names, 485but also any fallback name, 486.Pa .fakeid 487or 488.Pa .noident 489files. 490.It Fl t Xo 491.Ar sec Ns Op . Ns Ar usec 492.Xc 493Specify a timeout for the service. 494The default timeout is 10.0 seconds. 495.It Fl r 496Offer a real 497.Dq auth 498service, as per RFC 1413. 499All the remaining flags apply only in this case. 500.It Fl i 501Return numeric user IDs instead of usernames. 502.It Fl f 503If the file 504.Pa .fakeid 505exists in the home directory of the identified user, report the username 506found in that file instead of the real username. 507If the username found in 508.Pa .fakeid 509is that of an existing user, 510then the real username is reported. 511If the 512.Fl i 513flag is also given then the username in 514.Pa .fakeid 515is checked against existing user IDs instead. 516.It Fl F 517same as 518.Fl f 519but without the restriction that the username in 520.Pa .fakeid 521must not match an existing user. 522.It Fl n 523If the file 524.Pa .noident 525exists in the home directory of the identified user, return 526.Dq ERROR\ : HIDDEN-USER . 527This overrides any 528.Pa fakeid 529file which might exist. 530.It Fl o Ar osname 531Use 532.Ar osname 533instead of the name of the system as reported by 534.Xr uname 3 . 535.El 536.Pp 537The 538.Nm 539utility also provides several other 540.Dq trivial 541services internally by use of 542routines within itself. These services are 543.Dq echo , 544.Dq discard , 545.Dq chargen 546(character generator), 547.Dq daytime 548(human readable time), and 549.Dq time 550(machine readable time, in the form of the number of seconds since 551midnight, January 1, 1900). All of these services are available in 552both TCP and UDP versions; the UDP versions will refuse service if the 553request specifies a reply port corresponding to any internal service. 554(This is done as a defense against looping attacks; the remote IP address 555is logged.) 556For details of these services, consult the 557appropriate 558.Tn RFC 559document. 560.Pp 561The TCPMUX-demultiplexing service is also implemented as an internal service. 562For any TCPMUX-based service to function, the following line must be included 563in 564.Pa inetd.conf : 565.Bd -literal -offset indent 566tcpmux stream tcp nowait root internal 567.Ed 568.Pp 569When given the 570.Fl l 571option 572.Nm 573will log an entry to syslog each time a connection is accepted, noting the 574service selected and the IP-number of the remote requester if available. 575Unless otherwise specified in the configuration file, 576and in the absence of the 577.Fl W 578and 579.Fl w 580options, 581.Nm 582will log to the 583.Dq daemon 584facility. 585.Pp 586The 587.Nm 588utility rereads its configuration file when it receives a hangup signal, 589.Dv SIGHUP . 590Services may be added, deleted or modified when the configuration file 591is reread. 592Except when started in debugging mode, 593.Nm 594records its process ID in the file 595.Pa /var/run/inetd.pid 596to assist in reconfiguration. 597.Sh IMPLEMENTATION NOTES 598.Ss TCP Wrappers 599When given the 600.Fl w 601option, 602.Nm 603will wrap all services specified as 604.Dq stream nowait 605or 606.Dq dgram 607except for 608.Dq internal 609services. 610If the 611.Fl W 612option is given, such 613.Dq internal 614services will be wrapped. 615If both options are given, wrapping for both 616internal and external services will be enabled. 617Either wrapping option 618will cause failed connections to be logged to the 619.Dq auth 620syslog facility. 621Adding the 622.Fl l 623flag to the wrapping options will include successful connections in the 624logging to the 625.Dq auth 626facility. 627.Pp 628Note that 629.Nm 630only wraps requests for a 631.Dq wait 632service while no servers are available to service requests. 633Once a 634connection to such a service has been allowed, 635.Nm 636has no control 637over subsequent connections to the service until no more servers 638are left listening for connection requests. 639.Pp 640When wrapping is enabled, the 641.Pa tcpd 642daemon is not required, as that functionality is builtin. 643For more information on TCP Wrappers, see the relevant documentation 644.Pq Xr hosts_access 5 . 645When reading that document, keep in mind that 646.Dq internal 647services have no associated daemon name. 648Therefore, the service name 649as specified in 650.Pa inetd.conf 651should be used as the daemon name for 652.Dq internal 653services. 654.Ss TCPMUX 655.Tn RFC 1078 656describes the TCPMUX protocol: 657``A TCP client connects to a foreign host on TCP port 1. It sends the 658service name followed by a carriage-return line-feed <CRLF>. The 659service name is never case sensitive. The server replies with a 660single character indicating positive (+) or negative (\-) 661acknowledgment, immediately followed by an optional message of 662explanation, terminated with a <CRLF>. If the reply was positive, 663the selected protocol begins; otherwise the connection is closed.'' 664The program is passed the TCP connection as file descriptors 0 and 1. 665.Pp 666If the TCPMUX service name begins with a 667.Dq + , 668.Nm 669returns the positive reply for the program. 670This allows you to invoke programs that use stdin/stdout 671without putting any special server code in them. 672.Pp 673The special service name 674.Dq help 675causes 676.Nm 677to list TCPMUX services in 678.Pa inetd.conf . 679.Ss IPsec 680The implementation includes a tiny hack 681to support IPsec policy settings for each socket. 682A special form of comment line, starting with 683.Dq Li #@ , 684is interpreted as a policy specifier. 685Everything after the 686.Dq Li #@ 687will be used as an IPsec policy string, 688as described in 689.Xr ipsec_set_policy 3 . 690Each 691policy specifier is applied to all the following lines in 692.Pa inetd.conf 693until the next policy specifier. 694An empty policy specifier resets the IPsec policy. 695.Pp 696If an invalid IPsec policy specifier appears in 697.Pa inetd.conf , 698.Nm 699will provide an error message via the 700.Xr syslog 3 701interface and abort execution. 702.Ss Ux Domain Sockets 703In addition to running services on IP sockets, 704.Nm 705can also manage 706.Ux 707domain sockets. 708To do this you specify a 709.Em protocol 710of 711.Dq unix 712and specify the 713.Ux 714domain socket as the 715.Em service-name . 716The 717.Em service-type 718may be 719.Dq stream 720or 721.Dq dgram . 722The specification of the socket must be 723an absolute path name, 724optionally prefixed by an owner and mode 725of the form 726.Em :user:group:mode: . 727The specification: 728.Pp 729.Dl ":news:daemon:220:/var/run/sock" 730.Pp 731creates a socket owned 732by user 733.Dq news 734in group 735.Dq daemon 736with permissions allowing only that user and group to connect. 737The default owner is the user that 738.Nm 739is running as. 740The default mode only allows the socket's owner to connect. 741.Pp 742.Sy WARNING : 743while creating 744.Ux 745domain socket, 746.Nm 747must change the ownership and permissions on the socket. 748This can only be done securely if 749the directory in which the socket is created 750is writable only by root. 751Do 752.Em NOT 753use 754.Nm 755to create sockets in world writable directories, 756such as 757.Pa /tmp , 758instead use 759.Pa /var/run 760or a similar directory. 761.Pp 762Internal services may be run on 763.Ux 764domain sockets, in the usual way. 765In this case 766the name of the internal service 767is determined using 768the last component of the socket's pathname. 769.Sh "FILES" 770.Bl -tag -width /var/run/inetd.pid -compact 771.It Pa /etc/inetd.conf 772configuration file 773.It Pa /etc/rpc 774translation of service names to RPC program numbers 775.It Pa /etc/services 776translation of service names to port numbers 777.It Pa /var/run/inetd.pid 778the pid of the currently running 779.Nm 780.El 781.Sh "EXAMPLES" 782Here are several example service entries for the various types of services: 783.Bd -literal 784ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 785ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 786telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 787shell stream tcp46 nowait root /usr/libexec/rshd rshd 788tcpmux/+date stream tcp nowait guest /bin/date date 789tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 790rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 791/var/run/echo stream unix nowait root internal 792#@ ipsec ah/require 793chargen stream tcp nowait root internal 794#@ 795.Ed 796.Sh "ERROR MESSAGES" 797The 798.Nm 799server 800logs error messages using 801.Xr syslog 3 . 802Important error messages and their explanations are: 803.Pp 804.Bl -ohang -compact 805.It Xo 806.Ar service Ns / Ns Ar protocol 807.No "server failing (looping), service terminated." 808.Xc 809The number of requests for the specified service in the past minute 810exceeded the limit. 811The limit exists to prevent a broken program 812or a malicious user from swamping the system. 813This message may occur for several reasons: 814.Bl -enum -offset indent 815.It 816There are many hosts requesting the service within a short time period. 817.It 818A broken client program is requesting the service too frequently. 819.It 820A malicious user is running a program to invoke the service in 821a denial-of-service attack. 822.It 823The invoked service program has an error that causes clients 824to retry quickly. 825.El 826.Pp 827Use the 828.Fl R Ar rate 829option, 830as described above, to change the rate limit. 831Once the limit is reached, the service will be 832reenabled automatically in 10 minutes. 833.Pp 834.It Xo 835.Ar service Ns / Ns Ar protocol : 836.No \&No such user 837.Ar user , 838.No service ignored 839.Xc 840.It Xo 841.Ar service Ns / Ns Ar protocol : 842.No getpwnam : 843.Ar user : 844.No \&No such user 845.Xc 846No entry for 847.Ar user 848exists in the 849.Xr passwd 5 850database. 851The first message 852occurs when 853.Nm 854(re)reads the configuration file. 855The second message occurs when the 856service is invoked. 857.Pp 858.It Xo 859.Ar service : 860.No can't set uid 861.Ar uid 862.Xc 863.It Xo 864.Ar service : 865.No can't set gid 866.Ar gid 867.Xc 868The user or group ID for the entry's 869.Ar user 870field is invalid. 871.Pp 872.It "setsockopt(SO_PRIVSTATE): Operation not supported" 873The 874.Nm 875utility attempted to renounce the privileged state associated with a 876socket but was unable to. 877.El 878.Sh SEE ALSO 879.Xr ipsec_set_policy 3 , 880.Xr hosts_access 5 , 881.Xr hosts_options 5 , 882.Xr login.conf 5 , 883.Xr passwd 5 , 884.Xr rpc 5 , 885.Xr services 5 , 886.Xr comsat 8 , 887.Xr fingerd 8 , 888.Xr ftpd 8 , 889.Xr rlogind 8 , 890.Xr rpcbind 8 , 891.Xr rshd 8 , 892.Xr telnetd 8 , 893.Xr tftpd 8 894.Rs 895.%A Michael C. St. Johns 896.%T Identification Protocol 897.%O RFC 1413 898.Re 899.Sh HISTORY 900The 901.Nm 902utility appeared in 903.Bx 4.3 . 904TCPMUX is based on code and documentation by Mark Lottor. 905Support for 906.Tn "ONC RPC" 907based services is modeled after that 908provided by 909.Tn SunOS 9104.1. 911The IPsec hack was contributed by the KAME project in 1999. 912The 913.Fx 914TCP Wrappers support first appeared in 915.Fx 3.2 . 916