1inetd(1M) System Administration Commands inetd(1M)
2
3
4
6 inetd - Solaris Management Facility delegated restarter for inet ser‐
7 vices
8
10 inetd [configuration-file] start | stop | refresh
11
12
13 svc:/network/inetd:default
14
15
17 inetd is the delegated restarter for internet services for the Service
18 Management Facility (SMF). Its basic responsibilities are to manage
19 service states in response to administrative requests, system failures,
20 and service failures; and, when appropriate, to listen for network
21 requests for services.
22
23
24 Services are no longer managed by editing the inetd configuration file,
25 inetd.conf(4). Instead, you use inetconv(1M) to convert the configura‐
26 tion file content into SMF format services, then manage these services
27 using inetadm(1M) and svcadm(1M). Once a service has been converted by
28 inetconv, any changes to the legacy data in the inetd config file will
29 not become effective. However, inetd does alert the administrator when
30 it notices change in the configuration file. See the start description
31 under the "inetd Methods" section for further information.
32
33
34 Also note that the current inetd cannot be run from outside the SMF.
35 This means it cannot be run from the command line, as was supported by
36 the previous inetd. If you attempt to do this, a message is sent to
37 stderr displaying mappings between the options supported by the previ‐
38 ous inetd to the SMF version of inetd.
39
40
41 inetd listens for connections on behalf of all services that are in
42 either the online or degraded state. A service enters one of these
43 states when the service is enabled by the user and inetd manages to
44 listen on its behalf. A listen attempt can fail if another server
45 (whether standalone or a third-party internet service) is already lis‐
46 tening on the same port. When this occurs, inetd logs this condition
47 and continues trying to bind to the port at configured intervals a con‐
48 figured number of times. See the property bind_fail_max under "Service
49 Properties," below, for more details.
50
51
52 The configuration of all inetd's managed SMF services is read when it
53 is started. It is reread when inetd is refreshed, which occurs in
54 response to an SMF request, or when it receives a SIGHUP signal. See
55 the refresh description under "inetd Methods" for the behavior on con‐
56 figuration refresh.
57
58
59 You can use the inetadm(1M) or svccfg(1M) utilities to make configura‐
60 tion changes to Internet services within the SMF repository. inetadm
61 has the advantage over svccfg in that it provides an Internet/RPC ser‐
62 vice context.
63
64 Service States
65 As part of its service management duties, inetd implements a state
66 machine for each of its managed services. The states in this machine
67 are made up of the smf(5) set of states. The semantics of these states
68 are as follows:
69
70 uninitialized
71
72 inetd has yet to process this service.
73
74
75 online
76
77 The service is handling new network requests and might have exist‐
78 ing connections active.
79
80
81 degraded
82
83 The service has entered this state because it was able to listen
84 and process requests for some, but not all, of the protocols speci‐
85 fied for the service, having exhausted its listen retries. Existing
86 network connections might be active.
87
88
89 offline
90
91 Connections might be active, but no new requests are being handled.
92 This is a transient state. A service might be offline for any of
93 the following reasons:
94
95 o The service's dependencies are unmet. When its dependen‐
96 cies become met the service's state will be re-evalu‐
97 ated.
98
99 o The service has exceeded its configured connection rate
100 limit, max_con_rate. The service's state is re-evaluated
101 when its connection offline timer, con_rate_offline,
102 expires.
103
104 o The service has reached its allowed number of active
105 connections, max_copies. The service's state is re-eval‐
106 uated when the number of active connections drops below
107 max_copies.
108
109 o inetd failed to listen on behalf of the service on all
110 its protocols. As mentioned above, inetd retries up to a
111 configured maximum number of times, at configured inter‐
112 vals.The service's state is re-evaluated when either a
113 listen attempt is successful or the retry limit is
114 reached.
115
116
117 disabled
118
119 The service has been turned off by an administrator, is not accept‐
120 ing new connections, and has none active. Administrator interven‐
121 tion is required to exit this state.
122
123
124 maintenance
125
126 A service is in this state because it is either malfunctioning and
127 needs adminstrator attention or because an administrator has
128 requested it.
129
130 Events constituting malfunctioning include: inetd's inability to
131 listen on behalf on any of the service's protocols before exceeding
132 the service's bind retry limit, non-start methods returning with
133 non-success return values, and the service exceeding its failure
134 rate.
135
136 You request the maintenance state to perform maintenance on the
137 service, such as applying a patch. No new requests are handled in
138 this state, but existing connections might be active. Administrator
139 intervention is required to exit this state.
140
141
142
143 Use inetadm(1M) to obtain the current state of a managed service.
144
145 Service Methods
146 As part of certain state transitions inetd will execute, if supplied,
147 one of a set of methods provided by the service. The set of supported
148 methods are:
149
150 inetd_start
151
152 Executed to handle a request for an online or degraded service.
153 Since there is no separate state to distinguish a service with
154 active connections, this method is not executed as part of a state
155 transition.
156
157
158 inetd_offline
159
160 Executed when a service is taken from the online or degraded state
161 to the offline state. For a wait-type service that at the time of
162 execution is performing its own listening, this method should
163 result in it ceasing listening. This method will be executed before
164 the disable method in the case an online/degraded service is dis‐
165 abled. This method is required to be implemented for a wait-type
166 service.
167
168
169 inetd_online
170
171 Executed when a service transitions from the offline state to the
172 online state. This method allows a service author to carry out some
173 preparation prior to a service starting to handle requests.
174
175
176 inetd_disable
177
178 Executed when a service transitions from the offline state to the
179 disabled state. It should result in any active connections for a
180 service being terminated.
181
182
183 inetd_refresh
184
185 Executed when both of the following conditions are met:
186
187 o inetd is refreshed, by means of the framework or a
188 SIGHUP, or a request comes in to refresh the service,
189 and
190
191 o the service is currently in the online state and there
192 are no configuration changes that would result in the
193 service needing to be taken offline and brought back
194 again.
195
196
197
198 The only compulsory method is the inetd_start method. In the absence of
199 any of the others, inetd runs no method but behaves as if one was run
200 successfully.
201
202 Service Properties
203 Configuration for SMF-managed services is stored in the SMF repository.
204 The configuration is made up of the basic configuration of a service,
205 the configuration for each of the service's methods, and the default
206 configuration applicable to all inetd-managed services.
207
208
209 For details on viewing and modifying the configuration of a service and
210 the defaults, refer to inetadm(1M).
211
212
213 The basic configuration of a service is stored in a property group
214 named inetd in the service. The properties comprising the basic config‐
215 uration are as follows:
216
217 bind_addr
218
219 The address of the network interface to which the service should be
220 bound. An empty string value causes the service to accept connec‐
221 tions on any network interface.
222
223
224 bind_fail_interval
225
226 The time interval in seconds between a failed bind attempt and a
227 retry. The values 0 and -1 specify that no retries are attempted
228 and the first failure is handled the same as exceeding
229 bind_fail_max.
230
231
232 bind_fail_max
233
234 The maximum number of times inetd retries binding to a service's
235 associated port before giving up. The value -1 specifies that no
236 retry limit is imposed. If none of the service's protocols were
237 bound to before any imposed limit is reached, the service goes to
238 the maintenance state; otherwise, if not all of the protocols were
239 bound to, the service goes to the degraded state.
240
241
242 con_rate_offline
243
244 The time in seconds a service will remain offline if it exceeds its
245 configured maximum connection rate, max_con_rate. The values 0 and
246 -1 specify that connection rate limiting is disabled.
247
248
249 connection_backlog
250
251 The backlog queue size. Represents a limit on the number of incom‐
252 ing client requests that can be queued at the listening endpoints
253 for servers.
254
255
256 endpoint_type
257
258 The type of the socket used by the service or the value tli to sig‐
259 nify a TLI-based service. Valid socket type values are: stream,
260 dgram, raw, seqpacket.
261
262
263 failrate_cnt
264
265 The count portion of the service's failure rate limit. The failure
266 rate limit applies to wait-type services and is reached when count
267 instances of the service are started within a given time. Exceeding
268 the rate results in the service being transitioned to the mainte‐
269 nance state. This is different from the behavior of the previous
270 inetd, which continued to retry every 10 minutes, indefinitely. The
271 failrate_cnt check accounts for badly behaving servers that fail
272 before consuming the service request and which would otherwise be
273 continually restarted, taxing system resources. Failure rate is
274 equivalent to the -r option of the previous inetd. The values 0 and
275 -1 specify that this feature is disabled.
276
277
278 failrate_interval
279
280 The time portion in seconds of the service's failure rate. The val‐
281 ues 0 and -1 specify that the failure rate limit feature is dis‐
282 abled.
283
284
285 inherit_env
286
287 If true, pass inetd's environment on to the service's start method.
288 Regardless of this setting, inetd will set the variables SMF_FMRI,
289 SMF_METHOD, and SMF_RESTARTER in the start method's environment, as
290 well as any environment variables set in the method context. These
291 variables are described in smf_method(5).
292
293
294 isrpc
295
296 If true, this is an RPC service.
297
298
299 max_con_rate
300
301 The maximum allowed connection rate, in connections per second, for
302 a nowait-type service. The values 0 and -1 specify that that con‐
303 nection rate limiting is disabled.
304
305
306 max_copies
307
308 The maximum number of copies of a nowait service that can run con‐
309 currently. The values 0 and -1 specify that copies limiting is dis‐
310 abled.
311
312
313 name
314
315 Can be set to one of the following values:
316
317 o a service name understood by getservbyname(3SOCKET);
318
319 o if isrpc is set to true, a service name understood by
320 getrpcbyname(3NSL);
321
322 o if isrpc is set to true, a valid RPC program number.
323
324
325 proto
326
327 In the case of socket-based services, this is a list of protocols
328 supported by the service. Valid protocols are: tcp, tcp6, tcp6only,
329 udp, udp6, and udp6only. In the case of TLI services, this is a
330 list of netids recognized by getnetconfigent(3NSL) supported by the
331 service, plus the values tcp6only and udp6only. RPC/TLI services
332 also support nettypes in this list, and inetd first tries to inter‐
333 pret the list member as a nettype for these service types. The val‐
334 ues tcp6only and udp6only are new to inetd; these values request
335 that inetd listen only for and pass on true IPv6 requests (not IPv4
336 mapped ones). See "Configuring Protocols for Sockets-Based Ser‐
337 vices," below.
338
339
340 rpc_low_version
341
342 Lowest supported RPC version. Required when isrpc is set to true.
343
344
345 rpc_high_version
346
347 Highest supported RPC version. Required when isrpc is set to true.
348
349
350 tcp_trace
351
352 If true, and this is a nowait-type service, inetd logs the client's
353 IP address and TCP port number, along with the name of the service,
354 for each incoming connection, using the syslog(3C) facility. inetd
355 uses the syslog facility code daemon and notice priority level. See
356 syslog.conf(4) for a description of syslog codes and severity lev‐
357 els. This logging is separate from the logging done by the TCP
358 wrappers facility.
359
360 tcp_trace is equivalent to the previous inetd's -t option (and the
361 /etc/default/inetd property ENABLE_CONNECTION_LOGGING).
362
363
364 tcp_wrappers
365
366 If true, enable TCP wrappers access control. This applies only to
367 services with endpoint_type set to streams and wait set to false.
368 The syslog facility code daemon is used to log allowed connections
369 (using the notice severity level) and denied traffic (using the
370 warning severity level). See syslog.conf(4) for a description of
371 syslog codes and severity levels. The stability level of the TCP
372 wrappers facility and its configuration files is External. As the
373 TCP wrappers facility is not controlled by Sun, intra-release
374 incompatibilities are not uncommon. See attributes(5).
375
376 For more information about configuring TCP wrappers, you can refer
377 to the tcpd(1M) and hosts_access(4) man pages, which are delivered
378 as part of the Solaris operating system at /usr/sfw/man. These
379 pages are not part of the standard Solaris man pages, available at
380 /usr/man.
381
382 tcp_wrappers is equivalent to the previous inetd's
383 /etc/default/inetd property ENABLE_TCPWRAPPERS.
384
385
386 wait
387
388 If true this is a wait-type service, otherwise it is a nowait-type
389 service. A wait-type service has the following characteristics:
390
391 o Its inetd_start method will take over listening duties
392 on the service's bound endpoint when it is executed.
393
394 o inetd will wait for it to exit after it is executed
395 before it resumes listening duties.
396 Datagram servers must be configured as being of type wait, as they
397 are always invoked with the original datagram endpoint that will
398 participate in delivering the service bound to the specified ser‐
399 vice. They do not have separate "listening" and "accepting" sock‐
400 ets. Connection-oriented services, such as TCP stream services can
401 be designed to be either of type wait or nowait.
402
403
404
405 A number of the basic properties are optional for a service. In their
406 absence, their values are taken from the set of default values present
407 in the defaults property group in the inetd service. These properties,
408 with their seed values, are listed below. Note that these values are
409 configurable through inetadm(1M).
410
411 bind_fail_interval -1
412 bind_fail_max -1
413 con_rate_offline -1
414 connection_backlog 10
415 failrate_count 40
416 failrate_time 60
417 inherit_env true
418 max_con_rate -1
419 max_copies -1
420 tcp_trace false
421 tcp_wrappers false
422
423
424
425 Each method specified for a service will have its configuration stored
426 in the SMF repository, within a property group of the same name as the
427 method. The set of properties allowable for these methods includes
428 those specified for the services managed by svc.startd(1M). (See
429 svc.startd(1M) for further details.) Additionally, for the inetd_start
430 method, you can set the arg0 property.
431
432
433 The arg0 property allows external wrapper programs to be used with
434 inetd services. Specifically, it allows the first argument, argv[0], of
435 the service's start method to be something other than the path of the
436 server program.
437
438
439 In the case where you want to use an external wrapper program and pass
440 arguments to the service's daemon, the arguments should be incorporated
441 as arguments to the wrapper program in the exec property. For example:
442
443 exec='/path/to/wrapper/prog service_daemon_args'
444 arg0='/path/to/service/daemon'
445
446
447
448 In addition to the special method tokens mentioned in smf_method(5),
449 inetd also supports the :kill_process token for wait-type services.
450 This results in behavior identical to that if the :kill token were sup‐
451 plied, except that the kill signal is sent only to the parent process
452 of the wait-type service's start method, not to all members of its
453 encompassing process contract (see process(4)).
454
455 Configuring Protocols for Sockets-Based Services
456 When configuring inetd for a sockets-based service, you have the
457 choice, depending on what is supported by the service, of the alterna‐
458 tives described under the proto property, above. The following are
459 guidelines for which proto values to use:
460
461 o For a service that supports only IPv4: tcp and udp
462
463 o For a service that supports only IPv6: tcp6only and udp6only
464
465 o For a service that supports both IPv4 and IPv6:
466
467 o Obsolete and not recommended: tcp6 and udp6
468
469 o Recommended: use two separate entries that differ only
470 in the proto field. One entry has tcp and the other has
471 tcp6only, or udp plus udp6only.
472
473
474 See EXAMPLES for an example of a configuration of a service that sup‐
475 ports both IPv4 and IPv6.
476
477 inetd Methods
478 inetd provides the methods listed below for consumption by the master
479 restarter, svc.startd(1M).
480
481 start
482
483 Causes inetd to start providing service. This results in inetd
484 beginning to handle smf requests for its managed services and net‐
485 work requests for those services that are in either the online or
486 degraded state.
487
488 In addition, inetd also checks if the inetd.conf(4)-format configu‐
489 ration file it is monitoring has changed since the last inet‐
490 conv(1M) conversion was carried out. If it has, then a message
491 telling the administrator to re-run inetconv to effect the changes
492 made is logged in syslog.
493
494
495 stop
496
497 Causes inetd to stop providing service. At this point, inetd tran‐
498 sitions each of its services that are not in either the maintenance
499 or disabled states to the offline state, running any appropriate
500 methods in the process.
501
502
503 refresh
504
505 Results in a refresh being performed for each of its managed ser‐
506 vices and the inetd.conf(4) format configuration file being checked
507 for change, as in the start method. When a service is refreshed,
508 its behavior depends on its current state:
509
510 o if it is in the maintenance or disabled states, no
511 action is performed because the configuration will be
512 read and consumed when the service leaves the state;
513
514 o if it is in the offline state, the configuration will be
515 read and any changes consumed immediately;
516
517 o if it is in the online or degraded state and the config‐
518 uration has changed such that a re-binding is necessary
519 to conform to it, then the service will be transitioned
520 to the offline state and back again, using the new con‐
521 figuration for the bind;
522
523 o if it is in the online state and a re-binding is not
524 necessary, then the inetd_refresh method of the service,
525 if provided, will be run to allow online wait-type ser‐
526 vices to consume any other changes.
527
528
530 No options are supported.
531
533 configuration-file
534
535 Specifies an alternate location for the legacy service file
536 (inetd.conf(4)).
537
538
539 start|stop|refresh
540
541 Specifies which of inetd's methods should be run.
542
543
545 Example 1 Configuring a Service that Supports Both IPv4 and IPv6
546
547
548 The following commands illustrate the existence of services that sup‐
549 port both IPv4 and IPv6 and assign proto properties to those services.
550
551
552 example# svcs -a | grep mysvc
553 online 15:48:29 svc:/network/mysvc:dgram4
554 online 15:48:29 svc:/network/mysvc:dgram6
555 online 15:51:47 svc:/network/mysvc:stream4
556 online 15:52:10 svc:/network/mysvc:stream6
557
558 # inetadm -M network/rpc/mysvc:dgram4 proto=udp
559 # inetadm -M network/rpc/mysvc:dgram6 proto=udp6only
560 # inetadm -M network/rpc/mysvc:stream4 proto=tcp
561 # inetadm -M network/rpc/mysvc:stream6 proto=tcp6only
562
563
564
565
566 See svcs(1) and inetadm(1M) for descriptions of those commands.
567
568
570 See attributes(5) for descriptions of the following attributes:
571
572
573
574
575 ┌─────────────────────────────┬─────────────────────────────┐
576 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
577 ├─────────────────────────────┼─────────────────────────────┤
578 │Availability │SUNWcsu │
579 ├─────────────────────────────┼─────────────────────────────┤
580 │Interface Stability │Evolving │
581 └─────────────────────────────┴─────────────────────────────┘
582
584 fmd(1M), inetadm(1M), inetconv(1M), svcadm(1M), svccfg(1M), svcs(1),
585 svc.startd(1M), syslog(3C), getnetconfigent(3NSL), getrpcbyname(3NSL),
586 getservbyname(3SOCKET), inetd.conf(4), process(4), syslog.conf(4),
587 attributes(5), smf(5), smf_method(5)
588
590 The inetd daemon performs the same function as, but is implemented sig‐
591 nificantly differently from, the daemon of the same name in Solaris 9
592 and prior Solaris operating system releases. In the current Solaris
593 release, inetd is part of the Solaris Management Facility (see smf(5))
594 and will run only within that facility.
595
596
597 The /etc/default/inetd file has been deprecated. The functionality rep‐
598 resented by the properties ENABLE_CONNECTION_LOGGING and
599 ENABLE_TCP_WRAPPERS are now available as the tcp_trace and tcp_wrappers
600 properties, respectively. These properties are described above, under
601 "Service Properties".
602
603
604
605SunOS 5.11 5 Jul 2007 inetd(1M)