tcpmux - implement RFC 1078, for inetd's without built-in support
The Internet RFC 1078 specification is one of the shortest and clearest
of the lot. It allows a local site to implement TCP stream based ser-
vices with no "well known port" assigned, and almost no coding, by map-
ping a local site policy service name to a shell command.
This implementation provides compatibility with the modern BSD inetd's
built-in version. To enable the generic service install a line in
tcpmux stream tcp nowait root /usr/local/libexec/tcpmux tcpmux
and possibly one in /etc/services (if it is not present):
tcpmux 1/tcp # Fabulous TCP Port Service Multiplexer
Define the services to be presented in /etc/tcpmux.conf exactly as they
would be in inetd's configuration file. This service does not output
the RFC1078 reply code, unless the service name is prefix with a plus
(+). As an extension to the inetd version a prefix of minus (-) makes
the service name always fail (internally).
Two additional configuration extensions are allowed, the first of which
adds to the protocol. A newhost:newport prefixed with an commercial at
(@) specifies that the services has moved. An empty newhost defaults
to the current, an empty newport is taken as the same port. Also the
service may chain to an unprivileged account by shifting to another
configuration file with a less-than (<).
In all cases the meta symbol (+, -, <, or @) is the first character of
the configuration line. See the EXAMPLES below.
Command line assignments are added to the environment. This allows the
specification of an alternate configuration file on the command-line.
Print only a brief help message.
Show only the standerd version banner, the compile-time tunes,
and the location of the configuration files. If the config file
is not accessible by the invoker the error from stat(2) is also
This specifies the name of the configuration file, to override
the default file (which is usually in /etc). This allows mortal
logins to run the clever mux on an open high port.
RCF1078_CONF=/home/earth/ksb/lib/rfc1078.conf listenr.pl -p2022 tcpmux
Use the perl listener (from the msrcmux source) to run a tcpmux
on port 2022.
listenr.pl -p2022 tcpmux RCF1078_CONF=/home/earth/ksb/lib/rfc1078.conf
Same as above, but allow tcpmux to set the environment variable.
pagesize stream tcp nowait nobody /usr/bin/pageszie pagesize
Output the system pagesize, but do not include the RFC 1078 pos-
itive acknowledgment code. This is not recommended behavior for
any service. The muxcat(1l) client's option -F allows clients
to connect to such a service.
+date stream tcp nowait nobody /bin/date date
Output the system clock as a network service, the hard way.
-uptime stream tcp nowait nobody /usr/bin/uptime uptime
Provide an explicit failure message ("Sorry") for the "uptime"
uptime stream tcp nowait nobody /bin/echo echo -uptime
Produce a failure message via echo(1).
<service stream tcp nowait login new.conf tcpmux
The process drops uid to the named login, then continues pro-
cessing with the new configuration file new.conf. That file is
relative to the new login's home directory, and must be readable
by the login. An acknowledgment of "+service" is sent to the
This is an extension to the configuration file and is only
available in this implementation of the amazing mux.
The service returns the "@newhost:newport" rather than an
acknowledgment code of either plus (+) or minus (-). The client
should re-attempt the connection to the given host on the given
port, with the same services. Either value may be the empty,
which should be treated as "no change". Any circular referrals
must be trapped by the client.
This is an extension to the protocol and is only available in
this implementation of the glorious mux.
It is trivial to grant access to an unsafe command (viz. a shell) with
As implied, this only works for TCP streams, and the nowait in the
inetd.conf line for the tcpmux makes wait useless for the beautiful mux
itself, so we don't even look.
The output message for explicitly failed services is "Sorry", which is
over-used by UNIX bigots.
The RFC mandated "help" command always shows every service; it would be
nice to hide services from casual snoopers. Use the recursive configu-
rations to implement that.
Kevin Braunsdorf, NPC Guild
mux no_spam-at_thanks ksb.npcguild.org
At the URI http://ietf.org/rfc/rfc1078.txt.
sh(1), perl(1), inetd(8), inetd.conf(5), muxsend(1l), muxcat(1l),
recvmux(7l), msrcmux(7l), roapmux(7l), explmux(7l)