Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/inetd dual-stack inetd. you can write "tcp6" or "t...
details: https://anonhg.NetBSD.org/src/rev/3b33aaba8e25
branches: trunk
changeset: 474237:3b33aaba8e25
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Jul 02 04:48:19 1999 +0000
description:
dual-stack inetd. you can write "tcp6" or "tcp4" into "protocol" field.
(the style is the rough consensus among v6 implementers so it will be
the standard style)
TODO: test rpc and tcpmux on IPv6.
TODO: test identd over IPv6.
diffstat:
usr.sbin/inetd/Makefile | 9 +-
usr.sbin/inetd/inetd.8 | 44 +++++-
usr.sbin/inetd/inetd.c | 376 ++++++++++++++++++++++++++++++++++-------------
3 files changed, 323 insertions(+), 106 deletions(-)
diffs (truncated from 762 to 300 lines):
diff -r c2e931b37680 -r 3b33aaba8e25 usr.sbin/inetd/Makefile
--- a/usr.sbin/inetd/Makefile Fri Jul 02 00:19:44 1999 +0000
+++ b/usr.sbin/inetd/Makefile Fri Jul 02 04:48:19 1999 +0000
@@ -1,5 +1,5 @@
# from: @(#)Makefile 8.1 (Berkeley) 6/6/93
-# $NetBSD: Makefile,v 1.15 1999/06/06 01:53:45 thorpej Exp $
+# $NetBSD: Makefile,v 1.16 1999/07/02 04:48:19 itojun Exp $
PROG= inetd
MAN= inetd.8
@@ -11,4 +11,11 @@
LDADD+= -lwrap -lutil
DPADD+= ${LIBWRAP} ${LIBUTIL}
+# This is necessary due to be friendly with past RFC2553 API changes...
+CPPFLAGS+=-Dss_family=__ss_family -Dss_len=__ss_len
+
+CFLAGS+=-DIPSEC
+LDADD+= -lipsec
+DPADD+= ${LIBIPSEC}
+
.include <bsd.prog.mk>
diff -r c2e931b37680 -r 3b33aaba8e25 usr.sbin/inetd/inetd.8
--- a/usr.sbin/inetd/inetd.8 Fri Jul 02 00:19:44 1999 +0000
+++ b/usr.sbin/inetd/inetd.8 Fri Jul 02 04:48:19 1999 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: inetd.8,v 1.18 1999/03/22 18:43:56 garbled Exp $
+.\" $NetBSD: inetd.8,v 1.19 1999/07/02 04:48:19 itojun Exp $
.\"
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -211,13 +211,23 @@
.Pa /etc/protocols .
Examples might be
.Dq tcp
-or
+and
.Dq udp .
Rpc based services are specified with the
.Dq rpc/tcp
or
.Dq rpc/udp
service type.
+.Dq tcp
+and
+.Dq udp
+will be recognized as
+.Dq TCP or UDP over default IP version .
+It is currently IPv4, but in the future it will be IPv6.
+If you need to specify IPv4 or IPv6 explicitly, use something like
+.Dq tcp4
+or
+.Dq udp6 .
.Pp
In addition to the protocol, the configuration file may specify the
send and receive socket buffer sizes for the listening socket. This
@@ -361,6 +371,30 @@
creates a file
.Em /var/run/inetd.pid
that contains its process identifier.
+.Sh IPSEC
+The implementation includes tiny hack to support IPsec policy setting for
+each of the socket.
+A special form of comment line, starting with
+.Dq Li "#@" ,
+will work as policy specifier.
+The content of the above comment line will be treated as IPsec policy string,
+as described in
+.Xr ipsec_set_policy 3 .
+A
+.Li "#@"
+line will affect all the following lines in
+.Pa inetd.conf ,
+so you may want to reset IPsec policy by using a comment line with
+.Li "#@"
+only
+.Pq with no policy string .
+.Pp
+If invalid IPsec policy string appears on
+.Pa inetd.conf ,
+.Nm
+will leave error message using
+.Xr syslog 3 ,
+and terminates itself.
.Sh BUGS
Host address specifiers, while they make conceptual sense for RPC
services, do not work entirely correctly. This is largely because the
@@ -391,6 +425,7 @@
provided by SunOS 4.1.
Support for specifying the socket buffer sizes was added in
.Nx 1.4 .
+IPv6 support and IPsec hack was made by KAME project, in 1999.
.Sh SECURITY CONSIDERATIONS
Enabling the
.Dq echo ,
@@ -400,3 +435,8 @@
built-in trivial services is not recommended because remote
users may abuse these to cause a denial of network service to
or from the local host.
+.Sh BUGS
+.Dq rpc
+or
+.Dq tcpmux
+on IPv6 is not tested enough.
diff -r c2e931b37680 -r 3b33aaba8e25 usr.sbin/inetd/inetd.c
--- a/usr.sbin/inetd/inetd.c Fri Jul 02 00:19:44 1999 +0000
+++ b/usr.sbin/inetd/inetd.c Fri Jul 02 04:48:19 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: inetd.c,v 1.48 1999/06/06 01:53:45 thorpej Exp $ */
+/* $NetBSD: inetd.c,v 1.49 1999/07/02 04:48:19 itojun Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -77,7 +77,7 @@
#if 0
static char sccsid[] = "@(#)inetd.c 8.4 (Berkeley) 4/13/94";
#else
-__RCSID("$NetBSD: inetd.c,v 1.48 1999/06/06 01:53:45 thorpej Exp $");
+__RCSID("$NetBSD: inetd.c,v 1.49 1999/07/02 04:48:19 itojun Exp $");
#endif
#endif /* not lint */
@@ -162,6 +162,13 @@
* for new requests.
*
* Comment lines are indicated by a `#' in column 1.
+ *
+ * #ifdef IPSEC
+ * Comment lines that start with "#@" denote IPsec policy string, as described
+ * in ipsec_set_policy(3). This will affect all the following items in
+ * inetd.conf(8). To reset the policy, just use "#@" line. By default,
+ * there's no IPsec policy.
+ * #endif
*/
/*
@@ -225,6 +232,13 @@
#include "pathnames.h"
+#ifdef IPSEC
+#include <netinet6/ipsec.h>
+#ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */
+#undef IPSEC
+#endif
+#endif
+
#ifdef LIBWRAP
# include <tcpd.h>
#ifndef LIBWRAP_ALLOW_FACILITY
@@ -292,11 +306,15 @@
char *se_server; /* server program */
#define MAXARGV 20
char *se_argv[MAXARGV+1]; /* program arguments */
+#ifdef IPSEC
+ char *se_policy; /* IPsec poilcy string */
+#endif
int se_fd; /* open descriptor */
int se_type; /* type */
union {
struct sockaddr se_un_ctrladdr;
struct sockaddr_in se_un_ctrladdr_in;
+ struct sockaddr_in6 se_un_ctrladdr_in6;
struct sockaddr_un se_un_ctrladdr_un;
} se_un; /* bound address */
#define se_ctrladdr se_un.se_un_ctrladdr
@@ -346,6 +364,9 @@
void run_service __P((int, struct servtab *));
int setconfig __P((void));
void setup __P((struct servtab *));
+#ifdef IPSEC
+void ipsecsetup __P((struct servtab *));
+#endif
char *sskip __P((char **));
char *skip __P((char **));
void tcpmux __P((int, struct servtab *));
@@ -804,6 +825,10 @@
SWAP(char *, sep->se_server, cp->se_server);
for (i = 0; i < MAXARGV; i++)
SWAP(char *, sep->se_argv[i], cp->se_argv[i]);
+#ifdef IPSEC
+ SWAP(char *, sep->se_policy, cp->se_policy);
+ ipsecsetup(sep);
+#endif
SWAP(int, cp->se_type, sep->se_type);
SWAP(int, cp->se_max, sep->se_max);
#undef SWAP
@@ -844,43 +869,47 @@
setup(sep);
break;
case AF_INET:
- sep->se_ctrladdr_in.sin_family = AF_INET;
- if (!strcmp(sep->se_hostaddr,"*"))
- sep->se_ctrladdr_in.sin_addr.s_addr =
- INADDR_ANY;
- else if (!inet_aton(sep->se_hostaddr,
- &sep->se_ctrladdr_in.sin_addr)) {
- /* Do we really want to support hostname lookups here? */
- struct hostent *hp;
- hp = gethostbyname(sep->se_hostaddr);
- if (hp == 0) {
- syslog(LOG_ERR, "%s: unknown host",
- sep->se_hostaddr);
- sep->se_checked = 0;
- continue;
- } else if (hp->h_addrtype != AF_INET) {
- syslog(LOG_ERR,
- "%s: address isn't an Internet address",
- sep->se_hostaddr);
- sep->se_checked = 0;
- continue;
- } else if (hp->h_length != sizeof(struct in_addr)) {
- syslog(LOG_ERR,
- "%s: address size wrong (under DNS corruption attack?)",
- sep->se_hostaddr);
- sep->se_checked = 0;
- continue;
- } else {
- memcpy(&sep->se_ctrladdr_in.sin_addr,
- hp->h_addr_list[0],
- sizeof(struct in_addr));
- }
+ case AF_INET6:
+ {
+ struct addrinfo hints, *res;
+ char *host, *port;
+ int error;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = sep->se_family;
+ hints.ai_socktype = sep->se_socktype;
+ if (!strcmp(sep->se_hostaddr, "*")) {
+ hints.ai_flags = AI_PASSIVE;
+ host = NULL;
+ } else
+ host = sep->se_hostaddr;
+ if (isrpcservice(sep) || ISMUX(sep))
+ port = "0";
+ else
+ port = sep->se_service;
+ error = getaddrinfo(host, port, &hints, &res);
+ if (error) {
+ syslog(LOG_ERR, "%s: %s",
+ sep->se_hostaddr, gai_strerror(error));
+ sep->se_checked = 0;
+ continue;
}
+ if (res->ai_next) {
+ syslog(LOG_ERR, "%s: resolved to multiple addr",
+ sep->se_hostaddr);
+ sep->se_checked = 0;
+ freeaddrinfo(res);
+ continue;
+ }
+ memcpy(&sep->se_ctrladdr, res->ai_addr,
+ res->ai_addrlen);
if (ISMUX(sep)) {
sep->se_fd = -1;
+ freeaddrinfo(res);
continue;
}
- sep->se_ctrladdr_size = sizeof(sep->se_ctrladdr_in);
+ sep->se_ctrladdr_size = res->ai_addrlen;
+ freeaddrinfo(res);
if (isrpcservice(sep)) {
struct rpcent *rp;
@@ -902,29 +931,12 @@
if (sep->se_fd != -1)
register_rpc(sep);
} else {
- u_short port = htons(atoi(sep->se_service));
-
- if (!port) {
- sp = getservbyname(sep->se_service,
- sep->se_proto);
- if (sp == 0) {
- syslog(LOG_ERR,
- "%s/%s: unknown service",
- sep->se_service,
- sep->se_proto);
- sep->se_checked = 0;
- continue;
- }
- port = sp->s_port;
- }
- if (port != sep->se_ctrladdr_in.sin_port) {
- sep->se_ctrladdr_in.sin_port = port;
- if (sep->se_fd >= 0)
- close_sep(sep);
- }
+ if (sep->se_fd >= 0)
+ close_sep(sep);
if (sep->se_fd == -1 && !ISMUX(sep))
setup(sep);
}
+ }
}
}
endconfig();
Home |
Main Index |
Thread Index |
Old Index