System Administration Commands inetd(1M)
NAME
inetd - Solaris Management Facility delegated restarter for
inet services
SYNOPSIS
inetd [configuration-file] start stop refresh
svc:/network/inetd:default
DESCRIPTION
inetd is the delegated restarter for internet services for
the Service Management Facility (SMF). Its basic responsi-
bilities are to manage service states in response to admin-
istrative requests, system failures, and service failures;
and, when appropriate, to listen for network requests for
services.
Services are no longer managed by editing the inetd confi-
guration file, inetd.conf(4). Instead, you use inetconv(1M)
to convert the configuration file content into SMF format
services, then manage these services using inetadm(1M) and
svcadm(1M). Once a service has been converted by inetconv,
any changes to the legacy data in the inetd config file will
not become effective. However, inetd does alert the adminis-
trator when it notices change in the configuration file. See
the start description under the "inetd Methods" section for
further information.
Also note that the current inetd cannot be run from outside
the SMF. This means it cannot be run from the command line,
as was supported by the previous inetd. If you attempt to do
this, a message is sent to stderr displaying mappings
between the options supported by the previous inetd to the
SMF version of inetd.
inetd listens for connections on behalf of all services that
are in either the online or degraded state. A service enters
one of these states when the service is enabled by the user
and inetd manages to listen on its behalf. A listen attempt
can fail if another server (whether standalone or a third-
party internet service) is already listening on the same
port. When this occurs, inetd logs this condition and con-
tinues trying to bind to the port at configured intervals a
configured number of times. See the property bindfailmax
under "Service Properties," below, for more details.
SunOS 5.11 Last change: 5 Jul 2007 1
System Administration Commands inetd(1M)
The configuration of all inetd's managed SMF services is
read when it is started. It is reread when inetd is
refreshed, which occurs in response to an SMF request, or
when it receives a SIGHUP signal. See the refresh descrip-
tion under "inetd Methods" for the behavior on configuration
refresh.
You can use the inetadm(1M) or svccfg(1M) utilities to make
configuration changes to Internet services within the SMF
repository. inetadm has the advantage over svccfg in that it
provides an Internet/RPC service context.
Service States
As part of its service management duties, inetd implements a
state machine for each of its managed services. The states
in this machine are made up of the smf(5) set of states. The
semantics of these states are as follows:
uninitialized
inetd has yet to process this service.
online
The service is handling new network requests and might
have existing connections active.
degraded
The service has entered this state because it was able
to listen and process requests for some, but not all, of
the protocols specified for the service, having
exhausted its listen retries. Existing network connec-
tions might be active.
offline
Connections might be active, but no new requests are
being handled. This is a transient state. A service
might be offline for any of the following reasons:
o The service's dependencies are unmet. When its
dependencies become met the service's state
will be re-evaluated.
o The service has exceeded its configured connec-
tion rate limit, maxconrate. The service's
state is re-evaluated when its connection
SunOS 5.11 Last change: 5 Jul 2007 2
System Administration Commands inetd(1M)
offline timer, conrateoffline, expires.
o The service has reached its allowed number of
active connections, maxcopies. The service's
state is re-evaluated when the number of active
connections drops below maxcopies.
o inetd failed to listen on behalf of the service
on all its protocols. As mentioned above, inetd
retries up to a configured maximum number of
times, at configured intervals.The service's
state is re-evaluated when either a listen
attempt is successful or the retry limit is
reached.
disabled
The service has been turned off by an administrator, is
not accepting new connections, and has none active.
Administrator intervention is required to exit this
state.
maintenance
A service is in this state because it is either malfunc-
tioning and needs adminstrator attention or because an
administrator has requested it.
Events constituting malfunctioning include: inetd's ina-
bility to listen on behalf on any of the service's pro-
tocols before exceeding the service's bind retry limit,
non-start methods returning with non-success return
values, and the service exceeding its failure rate.
You request the maintenance state to perform maintenance
on the service, such as applying a patch. No new
requests are handled in this state, but existing connec-
tions might be active. Administrator intervention is
required to exit this state.
Use inetadm(1M) to obtain the current state of a managed
service.
Service Methods
As part of certain state transitions inetd will execute, if
supplied, one of a set of methods provided by the service.
The set of supported methods are:
SunOS 5.11 Last change: 5 Jul 2007 3
System Administration Commands inetd(1M)
inetdstart
Executed to handle a request for an online or degraded
service. Since there is no separate state to distinguish
a service with active connections, this method is not
executed as part of a state transition.
inetdoffline
Executed when a service is taken from the online or
degraded state to the offline state. For a wait-type
service that at the time of execution is performing its
own listening, this method should result in it ceasing
listening. This method will be executed before the dis-
able method in the case an online/degraded service is
disabled. This method is required to be implemented for
a wait-type service.
inetdonline
Executed when a service transitions from the offline
state to the online state. This method allows a service
author to carry out some preparation prior to a service
starting to handle requests.
inetddisable
Executed when a service transitions from the offline
state to the disabled state. It should result in any
active connections for a service being terminated.
inetdrefresh
Executed when both of the following conditions are met:
o inetd is refreshed, by means of the framework
or a SIGHUP, or a request comes in to refresh
the service, and
o the service is currently in the online state
and there are no configuration changes that
would result in the service needing to be taken
offline and brought back again.
The only compulsory method is the inetdstart method. In the
absence of any of the others, inetd runs no method but
SunOS 5.11 Last change: 5 Jul 2007 4
System Administration Commands inetd(1M)
behaves as if one was run successfully.
Service Properties
Configuration for SMF-managed services is stored in the SMF
repository. The configuration is made up of the basic confi-
guration of a service, the configuration for each of the
service's methods, and the default configuration applicable
to all inetd-managed services.
For details on viewing and modifying the configuration of a
service and the defaults, refer to inetadm(1M).
The basic configuration of a service is stored in a property
group named inetd in the service. The properties comprising
the basic configuration are as follows:
bindaddr
The address of the network interface to which the ser-
vice should be bound. An empty string value causes the
service to accept connections on any network interface.
bindfailinterval
The time interval in seconds between a failed bind
attempt and a retry. The values 0 and -1 specify that no
retries are attempted and the first failure is handled
the same as exceeding bindfailmax.
bindfailmax
The maximum number of times inetd retries binding to a
service's associated port before giving up. The value -1
specifies that no retry limit is imposed. If none of the
service's protocols were bound to before any imposed
limit is reached, the service goes to the maintenance
state; otherwise, if not all of the protocols were bound
to, the service goes to the degraded state.
conrateoffline
The time in seconds a service will remain offline if it
exceeds its configured maximum connection rate,
maxconrate. The values 0 and -1 specify that connec-
tion rate limiting is disabled.
SunOS 5.11 Last change: 5 Jul 2007 5
System Administration Commands inetd(1M)
connectionbacklog
The backlog queue size. Represents a limit on the number
of incoming client requests that can be queued at the
listening endpoints for servers.
endpointtype
The type of the socket used by the service or the value
tli to signify a TLI-based service. Valid socket type
values are: stream, dgram, raw, seqpacket.
failratecnt
The count portion of the service's failure rate limit.
The failure rate limit applies to wait-type services and
is reached when count instances of the service are
started within a given time. Exceeding the rate results
in the service being transitioned to the maintenance
state. This is different from the behavior of the previ-
ous inetd, which continued to retry every 10 minutes,
indefinitely. The failratecnt check accounts for badly
behaving servers that fail before consuming the service
request and which would otherwise be continually res-
tarted, taxing system resources. Failure rate is
equivalent to the -r option of the previous inetd. The
values 0 and -1 specify that this feature is disabled.
failrateinterval
The time portion in seconds of the service's failure
rate. The values 0 and -1 specify that the failure rate
limit feature is disabled.
inheritenv
If true, pass inetd's environment on to the service's
start method. Regardless of this setting, inetd will set
the variables SMFMRI, SMFMETHOD, and SMFRESTARTER in
the start method's environment, as well as any environ-
ment variables set in the method context. These vari-
ables are described in smfmethod(5).
isrpc
If true, this is an RPC service.
SunOS 5.11 Last change: 5 Jul 2007 6
System Administration Commands inetd(1M)
maxconrate
The maximum allowed connection rate, in connections per
second, for a nowait-type service. The values 0 and -1
specify that that connection rate limiting is disabled.
maxcopies
The maximum number of copies of a nowait service that
can run concurrently. The values 0 and -1 specify that
copies limiting is disabled.
name
Can be set to one of the following values:
o a service name understood by
getservbyname(3SOCKET);
o if isrpc is set to true, a service name under-
stood by getrpcbyname(3NSL);
o if isrpc is set to true, a valid RPC program
number.
proto
In the case of socket-based services, this is a list of
protocols supported by the service. Valid protocols are:
tcp, tcp6, tcp6only, udp, udp6, and udp6only. In the
case of TLI services, this is a list of netids recog-
nized by getnetconfigent(3NSL) supported by the service,
plus the values tcp6only and udp6only. RPC/TLI services
also support nettypes in this list, and inetd first
tries to interpret the list member as a nettype for
these service types. The values tcp6only and udp6only
are new to inetd; these values request that inetd listen
only for and pass on true IPv6 requests (not IPv4 mapped
ones). See "Configuring Protocols for Sockets-Based Ser-
vices," below.
rpclowversion
Lowest supported RPC version. Required when isrpc is set
to true.
SunOS 5.11 Last change: 5 Jul 2007 7
System Administration Commands inetd(1M)
rpchighversion
Highest supported RPC version. Required when isrpc is
set to true.
tcptrace
If true, and this is a nowait-type service, inetd logs
the client's IP address and TCP port number, along with
the name of the service, for each incoming connection,
using the syslog(3C) facility. inetd uses the syslog
facility code daemon and notice priority level. See
syslog.conf(4) for a description of syslog codes and
severity levels. This logging is separate from the log-
ging done by the TCP wrappers facility.
tcptrace is equivalent to the previous inetd's -t
option (and the /etc/default/inetd property
ENABLECONECTIONLOGING).
tcpwrappers
If true, enable TCP wrappers access control. This
applies only to services with endpointtype set to
streams and wait set to false. The syslog facility code
daemon is used to log allowed connections (using the
notice severity level) and denied traffic (using the
warning severity level). See syslog.conf(4) for a
description of syslog codes and severity levels. The
stability level of the TCP wrappers facility and its
configuration files is External. As the TCP wrappers
facility is not controlled by Sun, intra-release incom-
patibilities are not uncommon. See attributes(5).
For more information about configuring TCP wrappers, you
can refer to the tcpd(1M) and hostsaccess(4) man pages,
which are delivered as part of the Solaris operating
system at /usr/sfw/man. These pages are not part of the
standard Solaris man pages, available at /usr/man.
tcpwrappers is equivalent to the previous inetd's
/etc/default/inetd property ENABLETCPWRAPERS.
wait
If true this is a wait-type service, otherwise it is a
nowait-type service. A wait-type service has the follow-
ing characteristics:
SunOS 5.11 Last change: 5 Jul 2007 8
System Administration Commands inetd(1M)
o Its inetdstart method will take over listening
duties on the service's bound endpoint when it
is executed.
o inetd will wait for it to exit after it is exe-
cuted before it resumes listening duties.
Datagram servers must be configured as being of type
wait, as they are always invoked with the original
datagram endpoint that will participate in delivering
the service bound to the specified service. They do not
have separate "listening" and "accepting" sockets.
Connection-oriented services, such as TCP stream ser-
vices can be designed to be either of type wait or
nowait.
A number of the basic properties are optional for a service.
In their absence, their values are taken from the set of
default values present in the defaults property group in the
inetd service. These properties, with their seed values, are
listed below. Note that these values are configurable
through inetadm(1M).
bindfailinterval -1
bindfailmax -1
conrateoffline -1
connectionbacklog 10
failratecount 40
failratetime 60
inheritenv true
maxconrate -1
maxcopies -1
tcptrace false
tcpwrappers false
Each method specified for a service will have its configura-
tion stored in the SMF repository, within a property group
of the same name as the method. The set of properties allow-
able for these methods includes those specified for the ser-
vices managed by svc.startd(1M). (See svc.startd(1M) for
further details.) Additionally, for the inetdstart method,
you can set the arg0 property.
The arg0 property allows external wrapper programs to be
used with inetd services. Specifically, it allows the first
argument, argv[0], of the service's start method to be some-
thing other than the path of the server program.
SunOS 5.11 Last change: 5 Jul 2007 9
System Administration Commands inetd(1M)
In the case where you want to use an external wrapper pro-
gram and pass arguments to the service's daemon, the argu-
ments should be incorporated as arguments to the wrapper
program in the exec property. For example:
exec='/path/to/wrapper/prog servicedaemonargs'
arg0='/path/to/service/daemon'
In addition to the special method tokens mentioned in
smfmethod(5), inetd also supports the :killprocess token
for wait-type services. This results in behavior identical
to that if the :kill token were supplied, except that the
kill signal is sent only to the parent process of the wait-
type service's start method, not to all members of its
encompassing process contract (see process(4)).
Configuring Protocols for Sockets-Based Services
When configuring inetd for a sockets-based service, you have
the choice, depending on what is supported by the service,
of the alternatives described under the proto property,
above. The following are guidelines for which proto values
to use:
o For a service that supports only IPv4: tcp and udp
o For a service that supports only IPv6: tcp6only and
udp6only
o For a service that supports both IPv4 and IPv6:
o Obsolete and not recommended: tcp6 and udp6
o Recommended: use two separate entries that
differ only in the proto field. One entry has
tcp and the other has tcp6only, or udp plus
udp6only.
See EXAMPLES for an example of a configuration of a service
that supports both IPv4 and IPv6.
inetd Methods
inetd provides the methods listed below for consumption by
the master restarter, svc.startd(1M).
start
Causes inetd to start providing service. This results in
inetd beginning to handle smf requests for its managed
services and network requests for those services that
SunOS 5.11 Last change: 5 Jul 2007 10
System Administration Commands inetd(1M)
are in either the online or degraded state.
In addition, inetd also checks if the inetd.conf(4)-
format configuration file it is monitoring has changed
since the last inetconv(1M) conversion was carried out.
If it has, then a message telling the administrator to
re-run inetconv to effect the changes made is logged in
syslog.
stop
Causes inetd to stop providing service. At this point,
inetd transitions each of its services that are not in
either the maintenance or disabled states to the offline
state, running any appropriate methods in the process.
refresh
Results in a refresh being performed for each of its
managed services and the inetd.conf(4) format configura-
tion file being checked for change, as in the start
method. When a service is refreshed, its behavior
depends on its current state:
o if it is in the maintenance or disabled states,
no action is performed because the configura-
tion will be read and consumed when the service
leaves the state;
o if it is in the offline state, the configura-
tion will be read and any changes consumed
immediately;
o if it is in the online or degraded state and
the configuration has changed such that a re-
binding is necessary to conform to it, then the
service will be transitioned to the offline
state and back again, using the new configura-
tion for the bind;
o if it is in the online state and a re-binding
is not necessary, then the inetdrefresh method
of the service, if provided, will be run to
allow online wait-type services to consume any
other changes.
OPTIONS
No options are supported.
SunOS 5.11 Last change: 5 Jul 2007 11
System Administration Commands inetd(1M)
OPERANDS
configuration-file
Specifies an alternate location for the legacy service
file (inetd.conf(4)).
startstoprefresh
Specifies which of inetd's methods should be run.
EXAMPLES
Example 1 Configuring a Service that Supports Both IPv4 and
IPv6
The following commands illustrate the existence of services
that support both IPv4 and IPv6 and assign proto properties
to those services.
example# svcs -a grep mysvc
online 15:48:29 svc:/network/mysvc:dgram4
online 15:48:29 svc:/network/mysvc:dgram6
online 15:51:47 svc:/network/mysvc:stream4
online 15:52:10 svc:/network/mysvc:stream6
# inetadm -M network/rpc/mysvc:dgram4 proto=udp
# inetadm -M network/rpc/mysvc:dgram6 proto=udp6only
# inetadm -M network/rpc/mysvc:stream4 proto=tcp
# inetadm -M network/rpc/mysvc:stream6 proto=tcp6only
See svcs(1) and inetadm(1M) for descriptions of those com-
mands.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 5 Jul 2007 12
System Administration Commands inetd(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsu
Interface Stability Evolving
SEE ALSO
fmd(1M), inetadm(1M), inetconv(1M), svcadm(1M), svccfg(1M),
svcs(1), svc.startd(1M), syslog(3C), getnetconfigent(3NSL),
getrpcbyname(3NSL), getservbyname(3SOCKET), inetd.conf(4),
process(4), syslog.conf(4), attributes(5), smf(5),
smfmethod(5)
NOTES
The inetd daemon performs the same function as, but is
implemented significantly differently from, the daemon of
the same name in Solaris 9 and prior Solaris operating sys-
tem releases. In the current Solaris release, inetd is part
of the Solaris Management Facility (see smf(5)) and will run
only within that facility.
The /etc/default/inetd file has been deprecated. The func-
tionality represented by the properties
ENABLECONECTIONLOGING and ENABLETCPWRAPERS are now
available as the tcptrace and tcpwrappers properties,
respectively. These properties are described above, under
"Service Properties".
SunOS 5.11 Last change: 5 Jul 2007 13
|
