Thursday, October 2, 2008

All about inetd and xnetd

internet services daemon:

inetd deamon:
inetd is a daemon on many Linux and Unix like systems that manages Internet services such as ftp, pop3, telnet and many others.

Often called a super-server, inetd listens on all ports used by internet services such as FTP, POP3, and telnet. When a TCP packet or UDP packet comes in with a particular port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, as the specific servers run only when needed.

the inetd superdaemon is likely familiar with its configuration file, inetd.conf. This file contains a list of all of the services the daemon controls, along with commented out items that it could control if you wanted to activate those services.

That's pretty much all there is to inetd.

You can control these services using additional features of Linux itself, such as hosts.allow, hosts.deny, traffic filtering, and so on.

But for many people that's not enough most of the files discussed in this article are in the /etc directory on most Linux distributions, but

sometimes distributions like to utilize a different setup, so you might have to dig for them.

xinetd deamon:
xinetd has a collection of configuration files. The base file is xinetd.conf, which allows for general configuration. Along with the main configuration file is the subdirectory /etc/xinetd.d/, which contains a series of individual files pertaining to each services/applications with easy to use format.

Each of these files is loaded by the xinetd.conf when xinetd loads its configuration data into memory.

non-root users can start their own listeners

Within each of the xinetd configuration files you have a wide range of choices to control where people can access a service from, what local accounts they can use to access the service, what remote accounts they can use, and much more.

configuration files:
/etc/inetd.conf and /etc/services file

it's safe to restart the inetd daemon
# kill -HUP

start and stop
/etc/init.d/inetd start/stop

why inetd deamon?
In unix there are two kinds of deamons providing network services.
First kinds are the one which are takes lot of resources and little complex.
When you start the application/services it listens to a particular port and manages what needs to happen when you connect to that port. Examples are tomcat, jboss, apache etc.

Second kind are the one commonly used, which takes much less time to start and may not be need to running all the time. those deamon are defined in inetd.
Rather than running a seperate process for each services, inetd listens on all the ports associated with each service. When a remote system tries to connect to a service, inetd activates the service and transfer the connection to the application.

When to use or not to use inetd?
The decision to add or move a service into or out of inetd is usually based on server load. As an example, on most systems the telnet daemon does not require as many new connections as say a mail server.

A good example I have seen is mail services such as smtp and pop. I had setup a mail server in which pop3 was in inetd and exim was running in standalone, I mistakenly assumed it would run fine since there was a low amount of users, namely myself and a diagnostic account.

The server was also setup to act as a backup MX and relay in case another heavily used one went down.

When I ran some tests I discovered a huge time lag for pop connections remotely.

The reason for moving the service is actually quite interesting. When a particular service becomes heavily used, of course, it causes a load on the system.

In the case of a service that runs within the inetd meta daemon the effects of a heavily loaded service can also harm other services that use inetd. If the multiplexor is getting too many requests for one particular service, it will begin to affect the performance of other services that use inetd.

The fix, in a situation like that, is to make the offending service run outside of inetd so the response time of both the service and inetd will increase.

No comments: