I am using SUSE Linux Enterprise 9

Below is some excerpt from the manual of the Novell training service
--Begin--
The TCP wrapper acts as a filter, and is placed between inetd and the service daemons. Inetd starts the wrapper instead of directly starting the service.

The wrapper writes the name and address of the host requesting the connection to a log file, verifies if the request is permitted, then starts the corresponding daemon.

This is reflected in /etc/inetd.conf, which uses /usr/sbin/tcpd instead of the service daemon(such as /usr/sbin/tcpd instead of the service daemon (such as /usr/sbin/vsftpd for ftp) to start the service.

The following is the example

ftp stream tcp nowait root /usr/sbin/tcpd vsftpd
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
--End--

But what I see at the yast2 xinetd service is directly called the service

ftp stream tcp nowait root /usr/sbin/vsftpd
telnet stream tcp nowait root /usr/sbin/in.telnetd
finder stream tcp nowait nobody /usr/sbin/in.fingerd

TCP wrapper still function(I knew this as I change the /etc/hosts.allow and /etc/hosts.deny, and all changes worked as expected.)

but why there is a different between the manual and what I see? and why TCP wrapper still function as what I see is "direct calling" instead of called via TCP wrapper?