Date: Fri, 31 Jan 2014 15:30:55 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43706 - in head/en_US.ISO8859-1/books/handbook: advanced-networking network-servers Message-ID: <201401311530.s0VFUtnZ067802@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Jan 31 15:30:54 2014 New Revision: 43706 URL: http://svnweb.freebsd.org/changeset/doc/43706 Log: First 1/2 of edits to this section. Shuffle content into a more logical order and clarify text. Rename a few sub-sections and remove reference to a section that was merged into another section. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Thu Jan 30 23:42:09 2014 (r43705) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Fri Jan 31 15:30:54 2014 (r43706) @@ -4232,7 +4232,7 @@ cd /usr/src/etc; make distribution</prog <step> <para>Enable &man.inetd.8; by following the steps outlined - in <xref linkend="network-inetd-settings"/>.</para> + in <xref linkend="network-inetd-conf"/>.</para> </step> <step> Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Jan 30 23:42:09 2014 (r43705) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 15:30:54 2014 (r43706) @@ -132,20 +132,20 @@ --> <title>The <application>inetd</application> - <quote>Super-Server</quote></title> + Super-Server</title> <sect2 xml:id="network-inetd-overview"> - <title>Overview</title> - <para>The &man.inetd.8; daemon is sometimes referred to as the - <quote>Internet Super-Server</quote> because it manages - connections for many services. When a connection is received - by <application>inetd</application>, it determines which - program the connection is destined for, spawns the particular - process and delegates the socket to it (the program is invoked - with the service socket as its standard input, output and - error descriptors). Running <application>inetd</application> - for servers that are not heavily used can reduce the overall + <para>The &man.inetd.8; daemon is sometimes referred to as a + Super-Server because it manages + connections for many services. Instead of starting multiple + applications, only the <application>inetd</application> service + needs to be started. When a connection is received + for a service that is managed by <application>inetd</application>, it determines which + program the connection is destined for, spawns a + process for that program, and delegates the program a socket. + Using <application>inetd</application> + for services that are not heavily used can reduce system load, when compared to running each daemon individually in stand-alone mode.</para> @@ -155,133 +155,44 @@ <application>auth</application>, and <application>daytime</application>.</para> - <para>This section covers the basics in configuring - <application>inetd</application> through its command-line - options and its configuration file, - <filename>/etc/inetd.conf</filename>.</para> - </sect2> - - <sect2 xml:id="network-inetd-settings"> - <title>Settings</title> - - <para><application>inetd</application> is initialized through - the &man.rc.8; system. The <literal>inetd_enable</literal> - option is set to <literal>NO</literal> by default. It can be - enabled by placing:</para> - - <programlisting>inetd_enable="YES"</programlisting> - - <para>into <filename>/etc/rc.conf</filename>. - <application>inetd</application> will now start at boot time. - The command:</para> - - <screen>&prompt.root; <userinput>service inetd rcvar</userinput></screen> - - <para>can be run to display the current effective - setting.</para> - - <para>Additionally, different command-line options can be passed - to <application>inetd</application> via the - <literal>inetd_flags</literal> option.</para> - </sect2> - - <sect2 xml:id="network-inetd-cmdline"> - <title>Command-Line Options</title> - - <para>Like most server daemons, <application>inetd</application> - has a number of options that it can be passed in order to - modify its behaviour. Refer to &man.inetd.8; for - the full list of options.</para> - - <para>Options can be passed to <application>inetd</application> - using the <literal>inetd_flags</literal> option in - <filename>/etc/rc.conf</filename>. By default, - <literal>inetd_flags</literal> is set to - <literal>-wW -C 60</literal>, which turns on TCP wrapping for - <application>inetd</application>'s services, and prevents any - single <acronym>IP</acronym> address from requesting any - service more than 60 times in any given minute.</para> - - <para>Although we mention rate-limiting options below, novice - users may be pleased to note that these parameters usually do - not need to be modified. These options may be useful if - an excessive amount of connections are being established. - A full list of options can be found in - &man.inetd.8;.</para> - - <variablelist> - <varlistentry> - <term>-c maximum</term> - - <listitem> - <para>Specify the default maximum number of simultaneous - invocations of each service; the default is unlimited. - May be overridden on a per-service basis with the - <option>max-child</option> parameter.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>-C rate</term> - - <listitem> - <para>Specify the default maximum number of times a - service can be invoked from a single - <acronym>IP</acronym> address in one minute; the default - is unlimited. May be overridden on a per-service basis - with the - <option>max-connections-per-ip-per-minute</option> - parameter.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>-R rate</term> - - <listitem> - <para>Specify the maximum number of times a service can be - invoked in one minute; the default is 256. A rate of 0 - allows an unlimited number of invocations.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>-s maximum</term> - - <listitem> - <para>Specify the maximum number of times a service can be - invoked from a single <acronym>IP</acronym> address at - any one time; the default is unlimited. May be - overridden on a per-service basis with the - <option>max-child-per-ip</option> parameter.</para> - </listitem> - </varlistentry> - </variablelist> + <para>This section covers the basics of configuring + <application>inetd</application>.</para> </sect2> <sect2 xml:id="network-inetd-conf"> - <!-- XXX This section is not very clear and could do with some tlc --> - <title><filename>inetd.conf</filename></title> + <title>Configuration File</title> <para>Configuration of <application>inetd</application> is - done by editing <filename>/etc/inetd.conf</filename>.</para> + done by editing <filename>/etc/inetd.conf</filename>. Each line of this configuration file represents an application + which can be started by <application>inetd</application>. By + default, every line starts with a comment + (<literal>#</literal>), meaning that <application>inetd</application> + is not listening for any applications. To configure + <application>inetd</application> to listen for an application's + connections, remove the <literal>#</literal> at the beginning of + the line for that application.</para> - <para>When a modification is made to - <filename>/etc/inetd.conf</filename>, - <application>inetd</application> can be forced to re-read its - configuration file by running the command:</para> + <para>After saving your edits, configure <application>inetd</application> + to start at system boot by editing <filename>/etc/rc.conf</filename>:</para> - <example xml:id="network-inetd-reread"> - <title>Reloading the <application>inetd</application> - Configuration File</title> + <programlisting>inetd_enable="YES"</programlisting> - <screen>&prompt.root; <userinput>service inetd reload</userinput></screen> - </example> + <para>To start + <application>inetd</application> now, so that it listens for + the service you configured, type:</para> + + <screen>&prompt.root; <userinput>service inetd start</userinput></screen> + + <para>Typically, the default entry for an application does not + need to be edited beyond removing the <literal>#</literal>. + In some situations, it may be appropriate to edit the default + entry.</para> + + <para>As an example, this is the default entry for &man.ftpd.8; using IPv4:</para> + + <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting> - <para>Each line of the configuration file specifies an - individual daemon. Comments in the file are preceded by a - <quote>#</quote>. The format of each entry in - <filename>/etc/inetd.conf</filename> is as follows:</para> + <para>The seven columns in an entry are as follows:</para> <programlisting>service-name socket-type @@ -291,10 +202,7 @@ user[:group][/login-class] server-program server-program-arguments</programlisting> - <para>An example entry for the &man.ftpd.8; daemon using IPv4 - might read:</para> - - <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting> + <para>where:</para> <variablelist> <varlistentry> @@ -489,6 +397,95 @@ server-program-arguments</programlisting </listitem> </varlistentry> </variablelist> + + <para>When a modification is made to + <filename>/etc/inetd.conf</filename>, + <application>inetd</application> can be forced to re-read its + configuration file by running the command:</para> + + <example xml:id="network-inetd-reread"> + <title>Reloading the <application>inetd</application> + Configuration File</title> + + <screen>&prompt.root; <userinput>service inetd reload</userinput></screen> + </example> + </sect2> + + <sect2 xml:id="network-inetd-cmdline"> + <title>Command-Line Options</title> + + <para>Additionally, different command-line options can be passed + to <application>inetd</application> via the + <literal>inetd_flags</literal> option.</para> + <para>Like most server daemons, <application>inetd</application> + has a number of options that it can be passed in order to + modify its behaviour. Refer to &man.inetd.8; for + the full list of options.</para> + + <para>Options can be passed to <application>inetd</application> + using the <literal>inetd_flags</literal> option in + <filename>/etc/rc.conf</filename>. By default, + <literal>inetd_flags</literal> is set to + <literal>-wW -C 60</literal>, which turns on TCP wrapping for + <application>inetd</application>'s services, and prevents any + single <acronym>IP</acronym> address from requesting any + service more than 60 times in any given minute.</para> + + <para>Although we mention rate-limiting options below, novice + users may be pleased to note that these parameters usually do + not need to be modified. These options may be useful if + an excessive amount of connections are being established. + A full list of options can be found in + &man.inetd.8;.</para> + + <variablelist> + <varlistentry> + <term>-c maximum</term> + + <listitem> + <para>Specify the default maximum number of simultaneous + invocations of each service; the default is unlimited. + May be overridden on a per-service basis with the + <option>max-child</option> parameter.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-C rate</term> + + <listitem> + <para>Specify the default maximum number of times a + service can be invoked from a single + <acronym>IP</acronym> address in one minute; the default + is unlimited. May be overridden on a per-service basis + with the + <option>max-connections-per-ip-per-minute</option> + parameter.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-R rate</term> + + <listitem> + <para>Specify the maximum number of times a service can be + invoked in one minute; the default is 256. A rate of 0 + allows an unlimited number of invocations.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-s maximum</term> + + <listitem> + <para>Specify the maximum number of times a service can be + invoked from a single <acronym>IP</acronym> address at + any one time; the default is unlimited. May be + overridden on a per-service basis with the + <option>max-child-per-ip</option> parameter.</para> + </listitem> + </varlistentry> + </variablelist> </sect2> <sect2 xml:id="network-inetd-security">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401311530.s0VFUtnZ067802>