Index: pidentd-3.0.19.ds1/INSTALL
===================================================================
--- pidentd-3.0.19.ds1.orig/INSTALL
+++ pidentd-3.0.19.ds1/INSTALL
@@ -75,7 +75,7 @@ The libcrypto library included with his
 
 	ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.y.z.tar.gz
 
-The libcrypto library is actually the prefered one since it includes
+The libcrypto library is actually the preferred one since it includes
 a good random DES key generator which is used (if found) by the
 Ikeygen program.
 
Index: pidentd-3.0.19.ds1/etc/identd.conf
===================================================================
--- pidentd-3.0.19.ds1.orig/etc/identd.conf
+++ pidentd-3.0.19.ds1/etc/identd.conf
@@ -1,4 +1,4 @@
-# /usr/local/etc/identd.conf - an example configuration file
+# /etc/identd.conf - an example configuration file
 
 
 #-- The syslog facility for error messages
@@ -18,7 +18,7 @@ server:user = nobody
 # server:backlog = 256
 
 #-- Where to write the file containing our process id
-# server:pid-file = "/etc/identd.pid"
+# server:pid-file = "/var/run/identd/identd.pid"
 
 #-- Maximum number of concurrent requests allowed (0 = unlimited)
 # server:max-requests = 0
@@ -28,7 +28,7 @@ server:user = nobody
 #-- Enable some protocol extensions like "VERSION" or "QUIT"
 protocol:extensions = enabled
 
-#-- Allow multiple queries per connection. This slightly breaks RFC1413
+#-- Allow multiple queries per connection
 protocol:multiquery = enabled
 
 #-- Timeout in seconds since connection or last query. Zero = disable
Index: pidentd-3.0.19.ds1/doc/identd.8
===================================================================
--- pidentd-3.0.19.ds1.orig/doc/identd.8
+++ pidentd-3.0.19.ds1/doc/identd.8
@@ -2,11 +2,11 @@
 .\" Copyright (c) 1992-1999 Peter Eriksson, Lysator, Linkoping University.
 .\" This manual page is released into the public domain."
 .\"
-.TH identd 1 "8 Jan 1999"
+.TH identd 8 "8 Jan 1999"
 .SH NAME
-identd, in.identd \- TCP/IP IDENT protocol server
+identd \- TCP/IP IDENT protocol server
 .SH SYNOPSIS
-.B [in.]identd [options]
+.B identd [options]
 .SH DESCRIPTION
 .IX "identd daemon" "" \fLidentd\fP daemon"
 .B Identd
@@ -111,7 +111,7 @@ wish to keep the user names a secret).
 Directs
 .B identd
 to check for a file ".noident" in each home directory for the user which
-the daemon is about to return the user name for. It that file exists then
+the daemon is about to return the user name for. If that file exists then
 the daemon will give the error
 .B HIDDEN-USER
 instead of the normal USERID response.
@@ -134,7 +134,7 @@ processed per session. Each request is s
 the responses will be returned one per line. The connection will not
 be closed until the connecting part closes it's end of the line.
 .SH INSTALLATION
-The prefered way to start
+The preferred way to start
 .B identd
 depends on how it was built.
 .PP
@@ -193,7 +193,9 @@ The configuration file contains a list o
 pairs.
 .TP 10
 .B syslog:facility = FACILITY
-Set which facility to use when sending syslog messages.
+Set which facility to use when sending syslog messages.  See
+.BR syslog.conf (5)
+for more information.
 .TP 10
 .B server:user = USER
 Set what user (and group, from the passwd database) the daemon
@@ -254,8 +256,10 @@ Define the character set returned in rep
 Define the operating system returned in replies. Default: "UNIX"
 .TP 10
 .B result:syslog-level = LEVEL
-If set to anything other than "none", all request replies till
-be sent to the syslog service with the specificed severity level.
+If set to anything other than "none", all requested replies will
+be sent to the syslog service with the specified severity level.  See
+.BR syslog.conf (5)
+for more information.
 Default: none
 .TP 10
 .B result:encrypt = YES/NO
@@ -287,16 +291,16 @@ returns info for outgoing connections, n
 Contains the default configuration options for
 .B identd.
 .TP
-.B /etc/identd.pid
-Contains (if enabled) the process number of the
-.B identd
-daemon.
-.TP
 .B /etc/identd.key
 If compiled with
 .I DES
 encryption enabled, the 1024 first bytes of this file is used to specify
 the secret key for encrypting replies.
+.TP
+.B /var/run/identd/identd.pid
+Contains (if enabled) the process number of the
+.B identd
+daemon.
 .SH AVAILABILITY
 The daemon is free software. You can redistribute it and/or
 modify it as you wish - as long as you don't claim that you wrote
@@ -320,7 +324,5 @@ The author can be contacted at:
 ,
 .BR ikeygen (8)
 ,
-.BR authuser (3)
-,
 .BR inetd.conf (5)
 ,
Index: pidentd-3.0.19.ds1/src/request.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/request.c
+++ pidentd-3.0.19.ds1/src/request.c
@@ -98,6 +98,13 @@ handle_request(int fd,
 	
 	switch (kp->status)
 	{
+	  case 2:
+	    send_error(fd,
+		       local_port, remote_port,
+		       "HIDDEN-USER",
+		       remote_addr);
+	    break;
+
 	  case 1:
 	    send_result(fd, kp);
 	    break;
@@ -188,8 +195,9 @@ request_thread(void *vp)
 	got = s_read(rp->fd, buf+len, sizeof(buf)-len-1);
 	if (got < 0)
 	{
-	    syslog(LOG_ERR, "request_thread: read(%d, ..., %d) failed: %m",
-		   rp->fd, sizeof(buf)-len-1);
+	    if (debug)
+		fprintf(stderr, "request_thread: read(%d, ..., %d) failed: %s",
+			rp->fd, sizeof(buf)-len-1, strerror(errno));
 	    goto Exit;
 	}
 
Index: pidentd-3.0.19.ds1/src/safeio.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/safeio.c
+++ pidentd-3.0.19.ds1/src/safeio.c
@@ -327,3 +327,18 @@ s_snprintf(char *buf,
 
     return retcode;
 }
+
+
+
+int
+s_poll(struct pollfd *ufds,
+       unsigned int nfds,
+       int timeout)
+{
+    int code;
+
+    while ((code = poll(ufds, nfds, timeout)) == -1 && errno == EINTR)
+	;
+
+    return code;
+}
Index: pidentd-3.0.19.ds1/src/safeio.h
===================================================================
--- pidentd-3.0.19.ds1.orig/src/safeio.h
+++ pidentd-3.0.19.ds1/src/safeio.h
@@ -15,6 +15,8 @@
 #ifndef PIDENTD_SAFEIO_H
 #define PIDENTD_SAFEIO_H
 
+#include <sys/poll.h>
+
 extern void s_abort(void);
 
 extern int s_open(const char *path, int oflag, ...);
@@ -37,4 +39,5 @@ extern int s_snprintf(char *buf,
 		      size_t bufsize,
 		      const char *format, ...);
 
+extern int s_poll(struct pollfd *, unsigned int, int);
 #endif
Index: pidentd-3.0.19.ds1/src/main.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/main.c
+++ pidentd-3.0.19.ds1/src/main.c
@@ -377,7 +377,12 @@ main(int argc, char *argv[])
     {
 	if (!debug && pidfile_path != NULL)
 	    pidfile_create(pidfile_path);
-	
+
+	if (listen_sock < 0)
+	{
+	    request_timeout = 0;
+	}
+
 	if (server_init() < 0)
 	{
 	    if (debug)
Index: pidentd-3.0.19.ds1/src/server.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/server.c
+++ pidentd-3.0.19.ds1/src/server.c
@@ -15,11 +15,14 @@
 #include "config.h"
 
 #include <syslog.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
 
 #include "pidentd.h"
 
@@ -115,10 +118,29 @@ server_init(void)
 int
 server_run(void)
 {
+    struct pollfd ufds[1];
     int fd;
-    
+    int timeout = request_timeout <= 0 ? -1 : request_timeout * 1000;
+    int retval;
+
+    if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) == -1)
+    {
+	syslog(LOG_ERR, "fcntl() failed: %m");
+	return -1;
+    }
+
+    ufds[0].fd = listen_sock;
+    ufds[0].events = POLLIN;
     while (1)
     {
+	if ((retval = s_poll(ufds, 1, timeout)) == -1)
+	{
+	    syslog(LOG_ERR, "poll() failed: %m");
+	    return -1;
+	}
+	else if (retval == 0)
+	    break;
+
 	fd = s_accept(listen_sock, NULL, NULL);
 	if (fd < 0)
 	{
@@ -139,4 +161,8 @@ server_run(void)
 
 	request_run(fd, 0);
     }
+
+    if (debug)
+	fprintf(stderr, "accept() timed out\n");
+    exit(0);
 }
Index: pidentd-3.0.19.ds1/src/pidentd.h
===================================================================
--- pidentd-3.0.19.ds1.orig/src/pidentd.h
+++ pidentd-3.0.19.ds1/src/pidentd.h
@@ -42,7 +42,7 @@
 #endif
 
 #ifndef PATH_PIDFILE
-#define PATH_PIDFILE "/etc/identd.pid"
+#define PATH_PIDFILE "/var/run/identd/identd.pid"
 #endif
 
 #ifndef PATH_CFGFILE
Index: pidentd-3.0.19.ds1/src/k_linux.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/k_linux.c
+++ pidentd-3.0.19.ds1/src/k_linux.c
@@ -17,15 +17,28 @@
 #include <stdio.h>
 #include <syslog.h>
 #include <errno.h>
+#include <unistd.h>
 
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <netinet/tcp.h>
 #include <arpa/inet.h>
 
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/inet_diag.h>
+
 #include "pidentd.h"
 
+struct kainfo
+{
+    int nlfd;
+    __u32 seq;
+    FILE *proc_net_tcp;
+};
+
 /*
 ** Make sure we are running on a supported OS version
 */
@@ -39,23 +52,85 @@ ka_init(void)
 int
 ka_open(void **misc)
 {
-    FILE *fp;
+    struct kainfo *kp;
+
+    kp = s_malloc(sizeof(*kp));
 
+    kp->seq = 0;
+    kp->nlfd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG);
+    if (kp->nlfd >= 0)
+	goto out;
     
-    while ((fp = fopen("/proc/net/tcp", "r")) == NULL && errno == EINTR)
-	;
+    syslog(LOG_INFO, "netlink failed, fallback to /proc/net/tcp: %m");
+    kp->proc_net_tcp = fopen("/proc/net/tcp", "r");
     
-    if (fp == NULL)
+    if (kp->proc_net_tcp == NULL)
     {
 	syslog(LOG_ERR, "fopen(\"/proc/net/tcp\", \"r\"): %m");
 	return -1;
     }
 
-    *misc = (void *) fp;
+out:
+    *misc = (void *) kp;
     return 0;
 }
 
 
+static int
+netlink_lookup(struct kainfo *kip, struct kernel *kp)
+{
+    int status;
+    struct {
+	struct nlmsghdr nlh;
+	union {
+		struct inet_diag_req req;
+		struct inet_diag_msg rsp;
+	} u;
+    } buf;
+    struct sockaddr_nl addr;
+
+    memset(&buf, 0, sizeof(buf));
+    buf.nlh.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(buf.u.req)));
+    buf.nlh.nlmsg_type = TCPDIAG_GETSOCK;
+    buf.nlh.nlmsg_flags = NLM_F_REQUEST;
+    buf.nlh.nlmsg_seq = ++kip->seq;
+    buf.u.req.idiag_family = AF_INET;
+
+    buf.u.req.id.idiag_dport = kp->remote.sin_port;
+    buf.u.req.id.idiag_sport = kp->local.sin_port;
+    buf.u.req.id.idiag_dst[0] = kp->remote.sin_addr.s_addr;
+    buf.u.req.id.idiag_src[0] = kp->local.sin_addr.s_addr;
+    buf.u.req.id.idiag_cookie[0] = INET_DIAG_NOCOOKIE;
+    buf.u.req.id.idiag_cookie[1] = INET_DIAG_NOCOOKIE;
+
+    status = write(kip->nlfd, &buf, buf.nlh.nlmsg_len);
+    if (status < 0) {
+	syslog(LOG_ERR, "netlink_lookup: write failed: %m");
+	return 3;
+    }
+
+    do {
+	socklen_t alen = sizeof(addr);
+	status = recvfrom(kip->nlfd, &buf, sizeof(buf), 0,
+	 			(void *)&addr, &alen);
+	if (status < 0) {
+	    if (errno == ENOBUFS)
+		return -1;
+	    syslog(LOG_ERR, "netlink_lookup: recvfrom failed: %m");
+	    return 3;
+	}
+    } while (addr.nl_pid || buf.nlh.nlmsg_seq != kip->seq);
+
+    if (buf.nlh.nlmsg_type != TCPDIAG_GETSOCK)
+	return 0;
+    if (buf.u.rsp.idiag_state != TCP_ESTABLISHED)
+	return 0;
+
+    kp->euid = buf.u.rsp.idiag_uid;
+    return 1;
+}
+
+
 int 
 ka_lookup(void *vp, struct kernel *kp)
 {
@@ -66,6 +141,9 @@ ka_lookup(void *vp, struct kernel *kp)
     int r_lport, r_rport, mylport, myrport;
     int euid;
     int nra;
+    int status;
+    unsigned long ino;
+    struct kainfo *kip;
     
 /*
  * PSz 11 Dec 02
@@ -94,23 +172,28 @@ ka_lookup(void *vp, struct kernel *kp)
  * 
  * Should we skip lines with just ino, or both uid and ino, zero?
  */
-    unsigned long int ino;
 
-    
+
+    kip = (struct kainfo *)vp;
+    kp->ruid = NO_UID;
+
+    if (kip->nlfd >= 0)
+	return netlink_lookup(kip, kp);
+
     r_rport = ntohs(kp->remote.sin_port);
     r_lport = ntohs(kp->local.sin_port);
     r_raddr = kp->remote.sin_addr.s_addr;
     r_laddr = kp->local.sin_addr.s_addr;
 
-    fp = (FILE *) vp;
+    fp = kip->proc_net_tcp;
 
-    kp->ruid = NO_UID;
     rewind(fp);
 
     /* eat header */
     if (fgets(buf, sizeof(buf)-1,fp) == NULL)
 	return -1;
 
+    status = 0;
     while (fgets(buf, sizeof(buf)-1, fp) != NULL)
     {
 	nra = sscanf(buf, "%d: %lX:%x %lX:%x %x %lX:%lX %x:%lX %lx %d %ld %lu",
@@ -119,9 +202,10 @@ ka_lookup(void *vp, struct kernel *kp)
 		     &euid, &dummy, &ino);
 	if (nra >= 12)
 	{
-	    if (myladdr == r_laddr && mylport == r_lport &&
-		myraddr == r_raddr && myrport == r_rport)
+	    if (myladdr == r_laddr && mylport == r_lport)
 	    {
+		if (myraddr != r_raddr || myrport != r_rport || !ino)
+		    continue;
 		if (nra >= 14 && euid == 0 && ino == 0) {
 		  /*
 		   * Both uid and ino are zero: not even a socket?
@@ -131,11 +215,11 @@ ka_lookup(void *vp, struct kernel *kp)
 		  continue;
 		}
 		kp->euid = euid;
-		return 1;
+		status = 1;
 	    }
 	}
     }
 
-    return -1;
+    return status;
 }
 
Index: pidentd-3.0.19.ds1/src/kernel.c
===================================================================
--- pidentd-3.0.19.ds1.orig/src/kernel.c
+++ pidentd-3.0.19.ds1/src/kernel.c
@@ -107,7 +107,7 @@ kernel_thread(void *vp)
 	    if (debug)
 		fprintf(stderr, "ka_lookup(), attempt = %d, status = %d\n",
 			attempt, kp->status);
-	    if (kp->status > 0)
+	    if (kp->status >= 0)
 		break;
 
 	    if (attempt > 2 && (attempt & 1) == 1)