Re: Why not inetd?
Peter van Dijk: Research shows that FreeBSD 4.0's inetd actually doesn't have these misfeatures anymore - it has a concurrency limit (yes, really!) and a max-connections-per-minute-per-remote-IP. starting with at most 2.8.8, it has. freebsd 2.8.8 is my religion. clemens
Re: Why not inetd?
On Tue, 6 Jun 2000, John Gonzalez/netMDC admin wrote: On Tue, 6 Jun 2000, Peter Samuel wrote: I've never seen this. How? What operating system? What version of inetd? You've got me curious now. Regards Peter -- man inetd pop3 stream tcp nowait.120 root /var/qmail/bin/tcp-env tcp-env.. Thanks for partially answering my question :) This works for linux, and others have reported a similar mechanism for FreeBSD, however it doesn't work for Solaris, and I'd be pretty sure it won't work for HP/UX, OSF (or whatever Compaq are calling Digital Unix these days) and any other commercial Unix. Regards Peter -- Peter Samuel[EMAIL PROTECTED] Technical Consultantor at present: eServ. Pty Ltd [EMAIL PROTECTED] Phone: +61 2 9206 3410 Fax: +61 2 9281 1301 "If you kill all your unhappy customers, you'll only have happy ones left"
Re: Why not inetd?
On Mon, 5 Jun 2000, John Gonzalez/netMDC admin wrote: While i agree with Peter that tcpserver is superior, i dont want people getting the wrong idea of inetd. inetd by default has the above behaviour, but can be overridden in the configuration file to accept any number of connections. I've never seen this. How? What operating system? What version of inetd? You've got me curious now. Regards Peter -- Peter Samuel[EMAIL PROTECTED] Technical Consultantor at present: eServ. Pty Ltd [EMAIL PROTECTED] Phone: +61 2 9206 3410 Fax: +61 2 9281 1301 "If you kill all your unhappy customers, you'll only have happy ones left"
Re: Why not inetd?
On Tue, Jun 06, 2000 at 07:22:25PM +1000, Peter Samuel wrote: On Mon, 5 Jun 2000, John Gonzalez/netMDC admin wrote: While i agree with Peter that tcpserver is superior, i dont want people getting the wrong idea of inetd. inetd by default has the above behaviour, but can be overridden in the configuration file to accept any number of connections. I've never seen this. How? What operating system? What version of inetd? You've got me curious now. Research shows that FreeBSD 4.0's inetd actually doesn't have these misfeatures anymore - it has a concurrency limit (yes, really!) and a max-connections-per-minute-per-remote-IP. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Re: Why not inetd?
On Tue, 6 Jun 2000, Peter Samuel wrote: I've never seen this. How? What operating system? What version of inetd? You've got me curious now. Regards Peter -- man inetd pop3 stream tcp nowait.120 root /var/qmail/bin/tcp-env tcp-env.. -- ___ _ __ _ __ /___ ___ /__ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [-[system info]---] 11:55am up 26 days, 17:21, 4 users, load average: 0.15, 0.19, 0.18
Re: Why not inetd?
John Gonzalez/netMDC admin: On Tue, 6 Jun 2000, Peter Samuel wrote: I've never seen this. How? What operating system? What version of inetd? You've got me curious now. man inetd this is one of those things. we are used to spend five minutes on inetd.conf using vendor-supplied-template-files-or-example-snippets :) clemens
Re: Why not inetd?
I'm not following??? On Wed, 7 Jun 2000, clemensF wrote: John Gonzalez/netMDC admin: On Tue, 6 Jun 2000, Peter Samuel wrote: I've never seen this. How? What operating system? What version of inetd? You've got me curious now. man inetd this is one of those things. we are used to spend five minutes on inetd.conf using vendor-supplied-template-files-or-example-snippets :) clemens -- ___ _ __ _ __ /___ ___ /__ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [-[system info]---] 9:45pm up 27 days, 3:11, 2 users, load average: 0.03, 0.14, 0.16
Re: Why not inetd?
On Mon, 5 Jun 2000, Magnus Naeslund wrote: I run a relatively low traffic mailserver. It runs qmail smptd and pop3 from inetd. I hear all the time that inetd sucks, but i never hear any reasons why. So my question is: why does inetd sucks? Two that immediately come to mind: No inbuilt support for access control - it requires a helper program such as tcpd from the tcp_wrappers program. tcpserver has this built in. It has a rate limiting "feature" whereby it will stop servicing a port for 10 MINUTES if it thinks the rate of incoming connections is too high (I have flat lined a remote inetd with qmail-remote from a 14k4 modem). tcpserver doesn't care about rate, it just cares about simultaneous connections. Inetd will serve UDP connections which is something tcpserver will not. Regards Peter -- Peter Samuel[EMAIL PROTECTED] Technical Consultantor at present: eServ. Pty Ltd [EMAIL PROTECTED] Phone: +61 2 9206 3410 Fax: +61 2 9281 1301 "If you kill all your unhappy customers, you'll only have happy ones left"
Re: Why not inetd?
I run a relatively low traffic mailserver. It runs qmail smptd and pop3 from inetd. I hear all the time that inetd sucks, but i never hear any reasons why. So my question is: why does inetd sucks? /Magnus Näslund It does not give the programs it runs any information about the client, like ip-address etc. It does not log connections. It does not offer any access-control features. It may have a built-in unconfigurable max-limit as to how many programs it will run per minute or second. It may call listen() with a too low tcp connection backlog number. -- Gjermund Sorseth
Re: Why not inetd?
On Mon, 5 Jun 2000, Peter Samuel wrote: It has a rate limiting "feature" whereby it will stop servicing a port for 10 MINUTES if it thinks the rate of incoming connections is too high (I have flat lined a remote inetd with qmail-remote from a 14k4 modem). tcpserver doesn't care about rate, it just cares about simultaneous connections. Regards Peter -- Peter Samuel[EMAIL PROTECTED] While i agree with Peter that tcpserver is superior, i dont want people getting the wrong idea of inetd. inetd by default has the above behaviour, but can be overridden in the configuration file to accept any number of connections. -- ___ _ __ _ __ /___ ___ /__ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [-[system info]---] 12:00pm up 25 days, 17:26, 3 users, load average: 0.62, 0.29, 0.20
Re: Why not inetd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5 Jun 00, at 12:02, John Gonzalez/netMDC admin wrote: inetd by default has the above behaviour, but can be overridden in the configuration file to accept any number of connections. That's bad, too. I want to limit the number of live incoming connections - simply because I have a limited number of open file handles. I don't want other programs to starve because inetd- spawned service got all the handles. -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTvXdFMwP8g7qbw/EQJKVQCg9QVjj9758ceNoKUF0RnIjjNEsCoAoPTM Nxrg9fO2WTP98lvgP5sLcGk/ =ZA/e -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]