ipsvd-instruct - format of the ipsvd(8) instructions directory
The internet protocol service daemons,
can be told to read and follow instructions from a directory on incoming
connections to the socket they listen on.
For mostly static instructions or for performance reasons, it is possible to
compile the instructions from a directory into a constant database (cdb) with
for faster lookup, and to tell
to read the instructions from there.
On each incoming connection, the
matches the client's IP address against files in the instructions directory.
For example, the IP address
which reverse resolves to
is matched against the following files in the instructions directory, in
this order, first match wins:
If the client's hostname has been successfully looked up in DNS:
And finally the catchall file ``0'' (zero):
After successfully matching a client's IP address or hostname against the
examines the file that matched the IP address or hostname, and acts
If neither the user's read permission, nor the user's execute permission is
set for the file, the connection is closed immediately.
If the file has the user's execute permission set,
reads the contents of the file and runs
/bin/sh -c '<contents>'
instead of the default program
given at the command line for this connection.
If the file has the user's read permission set,
reads the contents of the file and interprets each line as an instruction
for this connection (see below).
If the client's IP address or hostname doesn't match any file in the
instructions directory, the default action is taken (the program
is run to handle the connection).
is given instructions for an incoming connection, it reads the corresponding
file and interprets each line as follows.
The file may be empty, meaning that there is no special instruction.
Empty lines and lines starting with ``#'' are ignored.
If the line starts with a plus (``+''), and the string following the plus
contains a ``='',
puts the string following the plus into the environment before starting
to handle the connection.
If the string following the plus doesn't contain a ``='',
makes sure that the environment variable with the name string is not set.
If the line starts with a ``C'', and is followed by a number, the per host
concurrency limit for the IP address that initiated the connection is set to
is zero, per host concurrency limit is disabled.
is followed by
is written to this client if possible, if the per host concurrency limit is
may contain backslash-escaped characters as follows: ``\\'' is converted to
a single backslash, ``\n'' is converted to a new line character, and ``\r''
is converted to a carriage return.
On multiple concurrency instructions the last processed concurrency
instruction is considered.
support per host concurrency.
If the line starts with a ``='', and is followed by a hostname,
looks up the IP addresses for
in DNS and checks if the client's IP address matches one of these IP
stops processing the instructions here and runs
is followed a colon and
now examines the file
and acts accordingly, instead of running
All check hostname instructions in
does not exist, the connection is closed.
may be ``0'' (zero), matching any IP address.
Using check hostname instructions can cause significant delay while
responding to connection attempts, caused by DNS lookups.
cannot interpret a line, it prints a warning, discards the line, and
continues with the next instruction if any.
After processing all instructions,
If the file contains at least one check hostname instruction, and none was
successful, it closes the connection instead of running
This instruction causes the environment variable ``MEMORY'' with the value
``20000'' to be available to the program
that handles the connection.
This instruction adds the variable ``DEBUG'' with an empty value to the
This instructions makes sure that the environment variable ``LOGNAME'' is
unset when running
Set the per host concurrency to 16.
A connection will be closed silently if there are already 16 active
connections from this client's IP address.
Check IP address of the dynamic hostname
If one of the IP addresses
currently resolves to matches the client's IP address, handle the connection
through the file
in the instructions directory.