From fenlason at redhat.com Tue Sep 2 19:23:19 2003 From: fenlason at redhat.com (Jay Fenlason) Date: Thu Oct 6 10:34:53 2005 Subject: [xinetd] Trivial patch to xinetd-2.3.12 to fix Red Hat Bugzilla #103009 Message-ID: <20030903022319.GA17857@redhat.com> This patch fixes a bug where xinetd stops working if you send it SIGHUP to cause a reconfiguration while running with the included config file. To reproduce the problem, start xinetd -f xinetd.conf.103009 -stayalive -pidfile /var/run/xinetd.pid then run "service xinetd reload" twice on a Red Hat Enterprise Linux 3 Beta system. After the second reconfiguration, xinetd will either lock up completely or die with a segmentation fault. With the included patch applied xinetd behaves as it should. -- JF -------------- next part -------------- --- xinetd-2.3.12/libs/src/sio/siosup.c.reconfig 2003-09-02 22:09:49.000000000 -0400 +++ xinetd-2.3.12/libs/src/sio/siosup.c 2003-09-02 22:10:01.000000000 -0400 @@ -861,7 +861,7 @@ int n_fds = 4; /* Let's bump 4 at a time for hysteresis */ /* If the fd is out of range of the proposed size, make n_fds big enough */ - if (fd > (__sio_n_descriptors+n_fds)) + if (fd >= (__sio_n_descriptors+n_fds)) n_fds += fd - __sio_n_descriptors; #ifdef HAVE_MMAP -------------- next part -------------- defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } service nextstep { flags = REUSE NAMEINARGS socket_type = stream protocol = tcp wait = no user = nobody server = /usr/local/bin/dtdate server_args = dtdate } service time { type = INTERNAL UNLISTED id = time-dgram socket_type = dgram protocol = udp user = root wait = yes disable = no port = 37 } service time { type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no disable = no } service ident { flags = REUSE NAMEINARGS socket_type = stream protocol = tcp wait = yes user = root server = /usr/sbin/tcpd server_args = in.identd -w } service shell { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rshd } service login { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rlogind } From linux_4ever at yahoo.com Wed Sep 3 06:30:09 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:53 2005 Subject: [xinetd] Trivial patch to xinetd-2.3.12 to fix Red Hat Bugzilla #103009 In-Reply-To: <20030903022319.GA17857@redhat.com> Message-ID: <20030903133009.25689.qmail@web9602.mail.yahoo.com> Hello, OK, its applied. After reviewing sio.c, it makes a lot of sense. Thanks, Steve Grubb __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From natbro at keepsimple.com Thu Sep 4 13:29:46 2003 From: natbro at keepsimple.com (Nat Brown) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] support for local servers on pf_unix sockets? Message-ID: <28CC1D32D30F4D4CB037F991FFB6CD1D0A5C92@mail.keepsimple.com> Anybody thinking of support for pf_unix sockets? Or does such a patch exist already? Although the bigger servers/services I use xinetd for can deal with using tcp/ip and loopback locally, there are some situations, esp on very constrained & embedded systems, where I'd prefer the local cx to be pf_local/pf_unix sockets for perf & working-set. xinetd has so much great logging & mgmnt it would be great to leverage for these rather than rolling something new. Apologies if this q is brain-dead or faq -- didn't find it in faq's, google or a troll of the mailing-list archive, and a quick browse of the source didn't look like this was trivial, either, but perhaps I didn't look well enough. Thx for any thoughts, n@ From bbraun at synack.net Thu Sep 4 14:08:44 2003 From: bbraun at synack.net (Rob Braun) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] support for local servers on pf_unix sockets? In-Reply-To: <28CC1D32D30F4D4CB037F991FFB6CD1D0A5C92@mail.keepsimple.com>; from natbro@keepsimple.com on Thu, Sep 04, 2003 at 01:29:46PM -0700 References: <28CC1D32D30F4D4CB037F991FFB6CD1D0A5C92@mail.keepsimple.com> Message-ID: <20030904140844.A11431@lh.synack.net> On Thu, Sep 04, 2003 at 01:29:46PM -0700, Nat Brown wrote: > Anybody thinking of support for pf_unix sockets? Or does such a patch > exist already? There aren't any known patches for this. I thought about adding unix domain socket support to xinetd, since there are interesting things you can do with credential passing, but it's not something I actually got around to doing. I'd be interested in looking at any patches someone would care to write for this. =) Rob From llucius at tiny.net Sun Sep 14 22:21:48 2003 From: llucius at tiny.net (Leland Lucius) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from and /etc/networks? Message-ID: <20030915052149.924F4B226@corb.mc.mpls.visi.com> I'm probably doing something wrong here, but I seem to be having a problem when trying to use the only_from option with a network name that's specified in /etc/networks. Here's /etc/networks: loopback 127.0.0.0 internal 10.2.32.0 external 10.14.3.0 Here's the xinetd service: service smtp { socket_type = stream protocol = tcp wait = no user = root group = root server = /usr/sbin/smtpd disable = no only_from = internal } I'm not allowed to connect with these messages from xinetd: 03/9/14@22:31:54: FAIL: smtp address from=10.2.32.30 03/9/14@22:31:54: START: smtp from=10.2.32.30 03/9/14@22:31:54: EXIT: smtp status=0 duration=0(sec) Here's a dump of the service: Service = smtp State = Active Service configuration: smtp id = smtp flags = IPv4 socket_type = stream Protocol (name,number) = (tcp,6) port = 25 Groups = no PER_SOURCE = -1 Bind = All addresses. Server = /usr/sbin/smtpd Server argv = smtpd Only from: 10.2.32.0/255.255.255.255(NET) No access: No blocked sites Logging to common log file Log_on_success flags = HOST DURATION EXIT HOST Log_on_failure flags = HOST ATTEMPT running servers = 0 retry servers = 0 attempts = 0 service fd = 9 I'm rather curious about the netmask. Should it have been 255.255.255.0? Now, I was able to get around it by munging /etc/networks like this: loopback 127.0.0.0 internal 0.10.2.32 external 10.14.3.0 Am I just going bonkers? Thanks much, Leland Some versions: xinetd Version 20030122 started with libwrap loadavg options compiled in. Linux clonixmb 2.4.19-4suse-SMP #3 SMP Fri Sep 12 00:01:42 CDT 2003 s390x unknown (It's 64-bit in case it matters.) From linux_4ever at yahoo.com Mon Sep 15 06:04:53 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from and /etc/networks? In-Reply-To: <20030915052149.924F4B226@corb.mc.mpls.visi.com> Message-ID: <20030915130453.82150.qmail@web9607.mail.yahoo.com> Hello, For now, you should use the numeric network + netmask option. I have never ever tested using /etc/networks, therefore it is unlikely to work. Now that you point it out I will test it, make corrections, and submit a patch to cvs later today. -Steve Grubb __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From llucius at tiny.net Mon Sep 15 06:24:21 2003 From: llucius at tiny.net (Leland Lucius) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] only_from and /etc/networks? In-Reply-To: <20030915130453.82150.qmail@web9607.mail.yahoo.com> Message-ID: <20030915132423.9590BC6B7@conn.mc.mpls.visi.com> Fair enough. Thanks much. Leland > -----Original Message----- > From: xinetd-admin@xinetd.org > [mailto:xinetd-admin@xinetd.org] On Behalf Of Steve G > Sent: Monday, September 15, 2003 8:05 AM > To: xinetd@xinetd.org > Subject: Re: [xinetd] only_from and /etc/networks? > > Hello, > > For now, you should use the numeric network + netmask option. > I have never ever tested using /etc/networks, therefore it is > unlikely to work. Now that you point it out I will test it, > make corrections, and submit a patch to cvs later today. > > -Steve Grubb > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design > software http://sitebuilder.yahoo.com > _______________________________________________ > xinetd mailing list > xinetd@xinetd.org > http://www.xinetd.org/mailman/listinfo/xinetd > > From mrchen5 at yahoo.com Tue Sep 16 13:24:34 2003 From: mrchen5 at yahoo.com (Jonathan Chen) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] ssh to work with redhat 9 Message-ID: <20030916202434.76140.qmail@web14404.mail.yahoo.com> Hello, I had ssh to work with RH 7.2 and copying the same info to RH9 and it seems not working. I've tried to turn off sshd so that only xinetd answers the calls and it seems to not work. Where else do I need need to change in order to get ssh to work with xinetd? Secondly, has anyone tried to get xinetd to work with samba? Here is my ssh info... service ssh { disable = no socket_type = stream wait = no user = root server = /usr/sbin/sshd #It's not listed in my /etc/services port = 22 server_args = -i only_from = 192.168.5.0/24 localhost log_on_failure = ATTEMPT HOST USERID } I almost followed word for word from a recommended xinetd tutorial link. Thanks for any help. -Jonathan __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From fenlason at redhat.com Tue Sep 16 14:00:49 2003 From: fenlason at redhat.com (Jay Fenlason) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] ssh to work with redhat 9 In-Reply-To: <20030916202434.76140.qmail@web14404.mail.yahoo.com> References: <20030916202434.76140.qmail@web14404.mail.yahoo.com> Message-ID: <20030916210049.GA6077@redhat.com> On Tue, Sep 16, 2003 at 01:24:34PM -0700, Jonathan Chen wrote: > Hello, > > I had ssh to work with RH 7.2 and copying the same > info to RH9 and it seems not working. I've tried to > turn off sshd so that only xinetd answers the calls > and it seems to not work. Where else do I need need > to change in order to get ssh to work with xinetd? > > Secondly, has anyone tried to get xinetd to work with > samba? > > Here is my ssh info... > > service ssh > { > disable = no > socket_type = stream > wait = no > user = root > server = /usr/sbin/sshd > #It's not listed in my /etc/services > port = 22 > server_args = -i > only_from = 192.168.5.0/24 localhost > log_on_failure = ATTEMPT HOST USERID > > } > > > I almost followed word for word from a recommended > xinetd tutorial link. "man xinetd.conf" says that you need "type = UNLISTED" for services not listed in /etc/services. This is a feature in newer versions of xinetd. You may still be running an old version on your Red Hat Linux 7.2 system that pre-dates this requirement. I don't think it would be practical to get Samba to work under Xinetd. And why would you want to? Samba already has a reasonable set of access controls. -- JF From linux_4ever at yahoo.com Tue Sep 16 17:54:23 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] ssh to work with redhat 9 In-Reply-To: <20030916210049.GA6077@redhat.com> Message-ID: <20030917005423.55776.qmail@web9605.mail.yahoo.com> >> I had ssh to work with RH 7.2 and copying the same >> info to RH9 and it seems not working. >> Where else do I need need to change in order to get >>ssh to work with xinetd? I copy & pasted your setting into my RH 9 system, adjusted the only_from for my network, killed sshd, & restarted xinetd. It works fine. I can connect with ssh. What error message are you getting? Have you checked your firewall & hosts.allow files? netstat -taun | grep LISTEN >"man xinetd.conf" says that you need "type = UNLISTED" >for services not listed in /etc/services. Right. However ssh is a listed service. service ssh { port = 22 } Now if you have a port statement, it has to match what /etc/services says. Otherwise you tell xinetd that its unlisted. But again, ssh is listed for port 22. -Steve Grubb __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From kdd281 at hotmail.com Mon Sep 29 17:30:42 2003 From: kdd281 at hotmail.com (Kevin Droz) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Xinetd - Forward GRE Protocol to another machine Message-ID: An HTML attachment was scrubbed... URL: http://www.xinetd.org/pipermail/xinetd/attachments/20030930/26032f40/attachment.html From linux_4ever at yahoo.com Mon Sep 29 19:38:34 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Xinetd - Forward GRE Protocol to another machine In-Reply-To: Message-ID: <20030930023834.8104.qmail@web9602.mail.yahoo.com> Hello, Not terribly familiar with GRE. You will have to do something like this: service gre { type = UNLISTED wait = no socket_type = stream protocol = gre port = ???? redirect = ???? } You will need to fill in the port with whatever the daemon listens on. As for socket_type, you might try netstat -taun and see what you get for a socket type. Xinetd supports raw, stream, dgram, and seq_packet. If you have trouble, let me know what your config is just for that service, what daemon you are using, and how you test it. Its hard to troubleshoot without knowing more about your setup. -Steve Grubb __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com From kdd281 at hotmail.com Tue Sep 30 06:23:43 2003 From: kdd281 at hotmail.com (Kevin Droz) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Forwarding GRE Protocol to another machine Message-ID: I have been putting different settings into conf file. The GRE protocol doesn't have a "port number". The GRE is also known as IP/47. I have tried plugging that information in but no luck so far. Win 2K PPTP uses TCP port 1723 and this GRE protocol. I tried netstat but it did not show anything. I did see TCP port 1723 open. It can reach the server but fails to authenticate with the server because of this GRE. Any other suggestions? Thanks, Kevin. _________________________________________________________________ Share your photos without swamping your Inbox. Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es From linux_4ever at yahoo.com Tue Sep 30 07:51:51 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Forwarding GRE Protocol to another machine In-Reply-To: Message-ID: <20030930145151.3964.qmail@web9608.mail.yahoo.com> >The GRE protocol doesn't have a "port number". Then xinetd in its current form won't redirect the packets. >Any other suggestions? You might be able to use IPTables to forward gre packets. -Steve Grubb __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com From llucius at tiny.net Tue Sep 30 15:45:20 2003 From: llucius at tiny.net (Leland Lucius) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Any way to do this with xinetd? In-Reply-To: Message-ID: <20030930224523.1213C81AE@corb.mc.mpls.visi.com> I have a server that normal runs as a daemon, but it really only needs to run once a day. The rest of the day the resources it uses could be given to other processes. So, I thought I'd try running it from xinetd. Unfortunately, when it gets started it tries to listen on the same port that xinetd is listening on. This is all expected behavior. I was just wondering if there was a way to make xinetd listen for a connection, not accept it, release the port, start the server, wait, rebind to the port when the server ends, and starting listening again. I've played around with "wait=yes|no" but it doesn't quite do what I need. I know, probably not doable. Just thought I'd ask. Thanks much, Leland From linux_4ever at yahoo.com Tue Sep 30 16:59:25 2003 From: linux_4ever at yahoo.com (Steve G) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Any way to do this with xinetd? In-Reply-To: <20030930224523.1213C81AE@corb.mc.mpls.visi.com> Message-ID: <20030930235925.4112.qmail@web9601.mail.yahoo.com> >I was just wondering if there was a way to make xinetd listen >for a connection, not accept it, release the port, start the >server, wait, rebind to the port when the server ends, and >starting listening again. You've almost described what xinetd does. :) What's your daemon? Its easier to help when I know what you are trying to do. Basically, disable your daemon from starting up in the init scripts & kill all instances of it, then fill in a service configuration in the /etc/xinetd.d directory. Your xinetd.conf file probably has an includedir directive that is /etc/xinetd.d. And restart xinetd. To get a service running, you need to know only a couple of things. First is whether or not its tcp or udp. If its tcp, then wait = no, if its udp wait = yes. Is it a known service? if not flags = unknown and you have to have a port directive. socket_type = stream or udp based on above info. server, socket_type, wait, & user are the minimum...you may need port and flags, too. -Steve Grubb __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com From llucius at tiny.net Tue Sep 30 19:10:08 2003 From: llucius at tiny.net (Leland Lucius) Date: Thu Oct 6 10:34:54 2005 Subject: [xinetd] Any way to do this with xinetd? In-Reply-To: <20030930235925.4112.qmail@web9601.mail.yahoo.com> Message-ID: <20031001021011.0E051826F@conn.mc.mpls.visi.com> > > What's your daemon? Its easier to help when I know what you > are trying to do. Basically, disable your daemon from > starting up in the init scripts & kill all instances of it, > then fill in a service configuration in the /etc/xinetd.d > directory. Your xinetd.conf file probably has an includedir > directive that is /etc/xinetd.d. And restart xinetd. > The product is called FDR/UPSTREAM (http://www.fdr.com/ups.cfm). Unfortunately, the manuals aren't online, but it is basically a client/server type of backup software. A central server and each machines daemon work together to backup the machine to a central tape library. The central server runs under IBM's z/OS mainframe OS and, in the case, the machines to be backed up are running under Linux for S/390. Unfortunately, it seems that the software doesn't support running from xinetd/inetd. It wants to be its own daemon and control its own ports. Here's the xinetd.conf file I've set up for it: (it uses port 1972 by default, so I just used the name from /etc/services) service intersys-cache { socket_type = stream protocol = tcp wait = no user = root group = root server = /opt/fdrupstream/usd disable = no } When the central server attempts to connect I receive messages similar to this from the client: Tue Sep 30 21:06:03 2003 User: root, Group: root, PID: 32549 Msg #PC1275I Entering UPSTREAM v3.2.1c (Linux S390) Config file: /opt/fdrupstream/upstream.cfg Work path : /opt/fdrupstream Using TCP/IP, in port: 1972, out port: 1972 Tue Sep 30 21:06:03 2003 User: root, Group: root, PID: 32549 Msg #PC4825I (TCP/IP) Port number already in use Usually caused by another copy of UPSTREAM actively listening on the inbound TCP/IP port. Msg #PC4765E (TCP/IP) bind failed The bind call (which is used to begin communications for remote initiates) failed. This usually occurs when another copy of UPSTREAM has already bound to the inbound TCP port. This message can be ignored unless you need to service remote requests. There are no options for the daemon that tell him to use the already established connection near as I can tell. It just isn't "super-server" friendly. I've got a support call into the vendor as well. I was just hoping to figure it out this evening. Thanks much, Leland