several tcp apps IPv6 update

 -inetd
 -rshd
 -rlogind
 -telnetd
 -rsh
 -rlogin

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

1 files changed, 76 insertions, 1 deletions

diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8
index 2a3b411..66584d6 100644
--- a/usr.sbin/inetd/inetd.8
+++ b/usr.sbin/inetd/inetd.8
@@ -47,7 +47,7 @@
 .Op Fl W
 .Op Fl c Ar maximum
 .Op Fl C Ar rate
-.Op Fl a Ar address
+.Op Fl a Ar address|hostname
 .Op Fl p Ar filename
 .Op Fl R Ar rate
 .Op Ar configuration file
@@ -101,6 +101,22 @@ Specify the maximum number of times a service can be invoked
 in one minute; the default is 256.
 .It Fl a
 Specify a specific IP address to bind to.
+Or a hostname can also be specified, and then an IP address and/or an
+IPv6 address corresponds to the hostname is used. Usually hostname
+specification is used in conjunction with
+.Xr jail 8 ,
+where the hostname corresponds to a jail environment.
+
+When hostname specification is used and either of IPv4 bind and IPv6
+bind is desired, you need to specify 2 entry for each service, one for
+IPv4 and one for IPv6, in /etc/inetd.conf.
+For example,
+.Bd -literal
+telnet       stream  tcp4  nowait root  /usr/libexec/telnetd  telnetd
+telnet       stream  tcp6  nowait root  /usr/libexec/telnetd  telnetd
+.Ed
+
+See explanation for protocol field in /etc/inetd.conf for details.
 .It Fl p
 Specify an alternate file in which to store the process ID.
 .El
@@ -221,14 +237,39 @@ Examples might be
 .Dq tcp
 or
 .Dq udp .
+In this case, this entry only accept IPv4 to keep backword
+compatibility.
+The names
+.Dq tcp4 ,
+.Dq udp4
+specialized the entry to IPv4 only.
+The names
+.Dq tcp6 ,
+.Dq udp6
+specialized the entry to IPv6 only.
+The names
+.Dq tcp46 ,
+.Dq udp46
+let the entry accept each of IPv4 and IPv6 via AF_INET6 wildcard binded socket.
 If it is desired that the service is reachable via T/TCP, one should
 specify
 .Dq tcp/ttcp .
+This entry only accept IPv4 to keep backword compatibility.
+The name
+.Dq tcp4/ttcp ,
+specialized the entry to IPv4 only.
+The name
+.Dq tcp6/ttcp ,
+specialized the entry to IPv6 only.
+The name
+.Dq tcp46/ttcp ,
+let the entry accept each of IPv4 and IPv6 via AF_INET6 wildcard binded socket.
 Rpc based services are specified with the 
 .Dq rpc/tcp
 or 
 .Dq rpc/udp 
 service type.
+Currently only IPv4 is supported for rpc services.
 TCPMUX services must use 
 .Dq tcp .
 .Pp
@@ -436,6 +477,9 @@ in
 tcpmux	stream	tcp	nowait	root	internal
 .Ed
 .Pp
+Or if you wish to provide TCPMUX services also over IPv6, you can
+specify tcp46 or tcp6 instead of tcp above.
+.Pp
 When given the
 .Fl l
 option
@@ -528,6 +572,30 @@ causes
 .Nm
 to list TCPMUX services in
 .Pa inetd.conf .
+.Sh IPSEC
+The implementation includes tiny hack to support IPsec policy setting for
+each of the socket.
+A special form of comment line, starting with
+.Dq Li "#@" ,
+will work as policy specifier.
+The content of the above comment line will be treated as IPsec policy string,
+as described in
+.Xr ipsec_set_policy 3 .
+A
+.Li "#@"
+line will affect all the following lines in
+.Pa inetd.conf ,
+so you may want to reset IPsec policy by using a comment line with
+.Li "#@"
+only
+.Pq with no policy string .
+.Pp
+If invalid IPsec policy string appears on
+.Pa inetd.conf ,
+.Nm
+will leave error message using
+.Xr syslog 3 ,
+and terminates itself.
 .Sh "FILES"
 .Bl -tag -width /var/run/inetd.pid -compact
 .It Pa /etc/inetd.conf
@@ -546,9 +614,14 @@ Here are several example service entries for the various types of services:
 .Bd -literal
 ftp          stream  tcp   nowait root  /usr/libexec/ftpd        ftpd -l
 ntalk        dgram   udp   wait   root  /usr/libexec/ntalkd      ntalkd
+telnet       stream  tcp6  nowait root  /usr/libexec/telnetd  telnetd
+shell        stream  tcp46  nowait root  /usr/libexec/rshd rshd
 tcpmux/+date stream  tcp   nowait guest /bin/date                date
 tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook
 rstatd/1-3   dgram   rpc/udp wait root  /usr/libexec/rpc.rstatd  rpc.rstatd
+#@ ipsec ah/require
+chargen      stream  tcp   nowait root  internal
+#@
 .Ed
 .Sh "ERROR MESSAGES"
 The
@@ -632,6 +705,7 @@ socket but was unable to.
 .Sh SEE ALSO
 .Xr hosts_access 5 ,
 .Xr hosts_options 5 ,
+.Xr ipsec_set_policy 3 ,
 .Xr login.conf 5 ,
 .Xr passwd 5 ,
 .Xr rpc 5 ,
@@ -662,6 +736,7 @@ based services is modeled after that
 provided by
 .Tn SunOS
 4.1.
+IPsec hack was made by KAME project, in 1999.
 The
 .Tn FreeBSD
 TCP Wrappers support first appeared in