s/SO_ACCEPTFITLER/SO_ACCEPTFILTER/.

inetd.8: remove trailing whitespace

inetd.8: new sentence, new line; minor formatting issues

PR/56448: Solomon Ritzow: Various improvements.

Rate limiting code has been moved to ratelimit.c. I renamed
clear_ip_list to rl_clear_ip_list and broke the code up into more
functions. I have also made the per-IP rate limiting allocation more
efficient. IP addresses are now stored in their network format instead
of a string from getnameinfo (see inetd.h struct rl_ip_node). malloc
calls use only the space needed by the structure by using offsetof on
union members (I suppose this can be a bit dangerous if not done
correctly...). Per-IP rate limiting still supports textual comparison
using getnameinfo for address families other than AF_INET and AF_INET6, but I
don't think there are any that are actually compatible or used by inetd (I
haven't tested UNIX sockets with a remote bound to another file, but I did test
using IPv6 with the textual format by commenting out the IPv6 specific
code, and it works properly). Still potentially handy for the future.
The IP node list (se_rl_ip_list) now uses the <sys/queue.h> SLIST macros
instead of a custom list. I've broken rl_process up into helper functions
for each type of rate limiting and created a separate function for
address stringification, for use with printouts from the -d flag. I
tried to reduce stack memory use by moving printing code involving
string buffers into separate functions. I haven't tested rl_ipv6_eq on
a 32-bit system.

The code for the positional syntax has also been moved to parse.c.
Function try_biltin has been added to remove parse.c:parse_server's
dependency on the biltin structure definition.

File inetd.h has been updated with the proper function prototypes, and
the servtab structure has been update with the new IP node SLIST. I also
moved things around a bit. The way we (a peer and myself)
formatted inetd.h previously was somewhat confusing. Function and global
variable prototypes are now organized by the source file they are
defined in.

I also added a -f flag that I saw in another problem report
(https://gnats.netbsd.org/12823) that I thought could be useful. It
runs inetd in the foreground but without debug printouts or SO_DEBUG.
I'm not completely sure about the line "if (foreground) setsid()" that
I changed from "if (debug) setsid()".

Use Dq.

Wording and formatting improvements.
New sentence, new line.

Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1

From their notes:

All new functionality should be explained by the updated manpage.

The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.

getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.

memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.

The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.

Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()

parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.

Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.

The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.

setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.

Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()

We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.

Security related:

The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?

We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.

Simplify.

Rework previous (and the text it modified) for clarity.

branches: 1.59.2;
New sentence, new line.

PR/52412: Edgar Pettijohn: Describe the service/port syntax.

Use more markup.

Change manpage reference from talkd to ntalkd.
(Man link does exist, but no binary.)

Back out mDNS changes which were not discussed.
There is design work that needs to be done first.

Bump date for mDNS support.

Add mDNS Service Directory support to inetd(8).
inetd(8) can now advertize services in the mDNS-SD.
(Per service configuration option in inetd.conf(5).)

New sentence, new line; remove trailing whitespace.

Fix typo; also do some minor wording adjustments nearby.

Bump date for previous.

Changed one period into a colon.

Added documentation that inetd can open UNIX-domain sockets. It's been
able to do this for over a decade but it hasn't been documented and it's
quite a nice feature.

Manual pages for accept_filters(9), from FreeBSD. Also, document syntax we
added in NetBSD for specifying accept filters in inetd.conf.

branches: 1.47.2;
Move TNF licenses to 2 clause form

branches: 1.46.4;
Tell what happens if reaches max spawn rate.

(I added this because I forgot it was ten minutes
as defined by RETRYTIME in inetd.c.)

branches: 1.45.10;
Remove useless lines. From YOMURA Masanori in private mail.
While here, remove outdated comment.

note that hosts_allow does not affect internal services

Bump date for previous, and use Em for
emphasis instead of Sy for symbolic for marking up a warning.

Document that TCP wrappers do not work on UDP services, per PR 18960

Allow quoting using single or double quotes inside inetd.conf. Closes
PR 24192 by Tyler Retzlaff.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22366, verified by myself.

.Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.

Fix typos pointed out by Igor Sobrado in PR misc/19621.

Drop some unnecessary .Pp, sort sections and SEE ALSO.

Document TCPmux internal service, per additional discussion of PR 12325.
The text was snatched directly from the comment about it in inetd.c and
modified for better clarity.

Add text to more clearly document that tcpd is not needed, per PR 10754.
Add a FILES section. Add a few more references to SEE ALSO.
Clean up nroff nits (e.g. spaces at end of line).

Mention relevant RFCs in "SEE ALSO".

Improve grammar slightly in the description for IPsec policy settings.

Document that the path to the configuration file given on the command
line must be absolute, unless the -d option is given on the command line.

Clean one paragraph.

add faithd(8) support. with "faith/tcp6" protocol specification,
it will open a socket with setsockopt(IPV6_FAITH).

typo

clarify tcp4/tcp6 interaction.

branches: 1.27.2;
sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".

refrain using non-standard .Sh. use .Ss.

Typos (from OpenBSD)

A colon is the preferred way to split a user and group name pair; make this
possible and depreciate the use of dot.

branches: 1.23.2;
s/acknowledgment/acknowledgement/

avoid multiple BUGS section.

clearify and woring fix.

document tcp4/tcp6 manipulation.

dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)

TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.

More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.

Clarify the syntax a bit

Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)

Add support for specifying the send and receive socket buffer sizes. This
is especially useful for TCP servers which must specify the receive
socket buffer size before the connection is made so that the connection's
window scale factor can be properly advertised.

Example /etc/inetd.conf configuration line:

shell stream tcp,rcvbuf=1m nowait root /usr/libexec/rshd rshd

That line will cause the rshd to advertise a 1 megabyte window, which could
improve the performance of an rcp in some situations.

adjust documentation to reflect reality per PR#4859

add missing .Nm sections

branches: 1.12.2;
minor .Nm cleanup

merge lite2 [actually, just update ucb sccs id's]

Rewrite of wait/nowait information in light of identd(8) use of wait.
Removed some blank linkes that made bad formatting. (PR 3647)

fix problem with restarting service after SIGHUP (PR 3093)
indicate proper invocation point and RCS ID police (PR 3098)

Get the local-address-part code in here (instead of "comsat" you can
use "127.0.0.1:comsat"). While I'm here, do trailing whitespace
cleanup, .Nm usage police in the manpage, and a couple of trivial text
typo fixes.

xref hosts_access.5 and hosts_options.5

use the new libwrap functionality to provide tcpd-like functionality
as part of inetd. uses /etc/hosts.{allow,deny} as tcpd does, etc. it
is basically exactly like tcpd except that you don't need to change
the server to /usr/local/sbin/tcpd.

XXX should document better somewhere

Fix spelling errors

Allow for a group name to be specified in the ``user'' field: user[.group]
Allow for max # of invocations to be specified; appended to ``wait''
field: wait/nowait[.max]
Allow for RPC specifications in numeric format.
Inetd now stores its pid in `/var/run/inetd.pid'.
Support for AF_UNIX family.

Add RCS indentifiers.

Add support for starting RPC servers.

branches: 1.1.1;
Initial revision