Apache Awk Bash C cftp daemontools DHCP djbdns DNS Emacs Email ezmlm Fetchmail find GDB Hardware HTML HTTP Intro ISDN less Make Math mc mirrordir MySQL Peripherals Perl PHP3 pppd qmail Regexps Shell System Tables test To do Typical ucspi-tcp Versions Index TCP/IP slides

tcpserver

tcpserver
tcpserver accepts incoming TCP connections
opts host port prog
Runs prog, setting various environment variables
host Defines the IP address that is serviced
  • 0 : all of the host's IP ports are serviced
  • dotted decimal address : only that address is serviced
  • hostname : the first IP address for the given host is serviced
port Defines the port that is serviced
  • 0 : a free TCP port is selected (see -1 below)
  • number : that TCP port is serviced
  • name : the name is looked up in /etc/services to set the port
opts -q Quiet: do not print error messages -Q (Default) print error messages
-v Verbose: print error and status messages -c n Connections: do not handle more than n connections. Default is 40
-x cdb Follow the rules compiled into cdb by the tcprules program -X Used with -x, will make tcpserver accept connection even if the rules database is missing
-B banner Banner: writes the banner to the network immediately each connection is made, before applying any rules -g gid Group ID: switch to group gid after starting
-u uid User ID: switch to user uid after starting -U Sets the gid from the environment variable $GID and the uid from $UID
-1 Print the local port number to stdout after starting -b n Accept a backlog of around n TCP SYN packets
-o Accept blindly the incoming TCP options: if the client is sending packets along a IP route, use the same route to reply -O (Default): Ignore IP options, packets will be answered trough the default route
-d Delay: slow down sending when the destination host is responding slowly -D Do not delay, enable TCP_NODELAY
-h (Default): look up the remote host via DNS and set $TCPREMOTEHOST -H Do not lookup up the remote host in DNS and remove $TCPREMOTEHOST, must be used on servers specifying port 53 (domain)
-p Paranoid: also reverse lookup remote host IP address, remove $TCPREMOTEHOST if not matching -P (Default): not paranoid
-l localname Do not lookup the local host name in DNS, use localname to fill $TCPLOCALHOST, must be used on servers on port 53 (domain) -r (Default): try to obtain $TCPREMOTEINFO from the remote host, see below
-R Do not attempt to fill $TCPREMOTEINFO from the remote host, must be used on servers for port 53 (domain) and 113 (auth) -t n Give up on the $TCPREMOTEINFO connection after n seconds, default 26
Environment
variables
$PROTO The string "TCP" $TCPLOCALIP The IP address of the local host, in dotted decimal format
$TCPLOCALPORT The local TCP port number in decimal $TCPLOCALHOST The DNS name for the local host, not set if unavailable
(can contain arbitrary characters)
$TCPREMOTEIP The IP address of the remote host, in dotted decimal format $TCPREMOTEPORT The port on the remote host, in decimal
$TCPREMOTEHOST The DNS name for the remote host, not set if unavailable
(can contain arbitrary characters)
$TCPREMOTEINFO Connection specific string supplied by the remote host via the IDENT/TAP protocol, not set if unavailable
(can contain arbitrary characters)

tcprules

tcprules
tcprules compiles rules of access for tcpserver
tcprules cdb tmp < rulesfile
compiles the rules in rulesfile into the database cdb using tmp as a temporary filename

The rules files is made of lines containing either rules or comments. Lines starting with # are comments. Other lines are in the form
address:instructions
That is, there are two parts, address and instructions, colon separated. The instruction part in a rule is executed for the first match of the address part for a given connection. The rules are tested in the order they're input.
Address part format
Format Example Matches if... Flags required in tcpserver
$TCPREMOTEINFO@$TCPREMOTEIP alfa@192.168.1.1 The connection is coming from 192.168.1.1 and the IDENT server there responds with alfa -r
$TCPREMOTEINFO@=$TCPREMOTEHOST beta@=somehost.com The connection is coming from a machine whose IP address reverse resolves to the name somehost.com, and whose IDENT server responds with beta -r -h
$TCPREMOTEIP 192.168.1.1 The connection is coming from the IP 192.168.1.1
=$TCPREMOTEHOST =somemachine.com The connection is coming from a machine whose IP address reverse resolves to the name somemachine.com -h
xxx.yyy.zzz.www-ttt 192.168.1.16-31 The connection is coming from a machine whose IP address in the range 192.168.1.16 to 192.168.1.31, both included  
xxx.yyy.zzz. 192.168.1. The connection is coming from a machine whose IP address begins with 192.168.1., note the final dot  
xxx.yyy. 192.168. The connection is coming from a machine whose IP address begins with 192.168., note the final dot  
xxx.yyy-zzz. 192.168-170. The connection is coming from a machine whose IP address begins with 192.168., 192.169. or 192.170.  
xxx. 192. The connection is coming from a machine whose IP address begins with 192., note the final dot  
=.xxxxx =.ac.uk The connection is coming from a machine whose IP address reverse resolves to a machine with a name within the ac.uk domain, as for example doc.ic.ac.uk is -h
= = The connection is coming from a machine whose IP address reverse resolves to anything, that is, the matches if the $TCPREMOTEHOST environment variable is set to any value -h
    The empty address part always matches  
Instruction part format
Format Example Does...
deny deny The connection is dropped
allow allow The connection is accepted
allow,envexpr[,envexpr...] allow,RELAY="ok" The connection is accepted, and the RELAY environment variable is initialized to the value ok. Note that there can by multiple environment variable assignments, and that the values must be with quotes (or any other repeated character)

recordio

recordio
recordio prints lines to descriptor 2 (stderr) showing the input and output of a program
recordio prog
recordio output line format
  PID for prog
  < for input or > for output
  the text being input or output by the prog
One off... + : more data to come
space : a full new line was input or output
[EOF] : end of input or output

Last update: Wed, 2 Nov 2005 10:16:21 GMT