Ubuntu
socat package

Merge lp:~ubuntu-branches/ubuntu/quantal/socat/quantal-201207210015 into lp:ubuntu/quantal/socat

  1. Quantal (12.10)
  2. quantal-201207210015
  3. Merge into quantal
Proposed by Ubuntu Package Importer
Status: Rejected
Rejected by: James Westby
Proposed branch: lp:~ubuntu-branches/ubuntu/quantal/socat/quantal-201207210015
Merge into: lp:ubuntu/quantal/socat
Diff against target: 27502 lines (+27415/-0) (has conflicts)
15 files modified
.pc/fix-segfault-xio-gopen.patch/xio-gopen.c (+123/-0)
.pc/socat-opensslcompress.patch/sslcls.c (+320/-0)
.pc/socat-opensslcompress.patch/sslcls.h (+104/-0)
.pc/socat-opensslcompress.patch/xio-openssl.c (+1229/-0)
.pc/socat-opensslcompress2.patch/doc/socat.yo (+3501/-0)
.pc/socat-opensslcompress2.patch/doc/xio.help (+4959/-0)
.pc/socat-opensslcompress2.patch/test.sh (+10369/-0)
.pc/socat-opensslcompress2.patch/xio-openssl.c (+1157/-0)
.pc/socat-opensslcompress2.patch/xio-openssl.h (+52/-0)
.pc/socat-opensslcompress2.patch/xioopts.c (+4166/-0)
.pc/socat-opensslcompress2.patch/xioopts.h (+987/-0)
debian/patches/fix-segfault-xio-gopen.patch (+18/-0)
debian/patches/socat-opensslcompress.patch (+128/-0)
debian/patches/socat-opensslcompress2.patch (+291/-0)
xio-gopen.c.rej (+11/-0)
Conflict adding file .pc/fix-segfault-xio-gopen.patch.  Moved existing file to .pc/fix-segfault-xio-gopen.patch.moved.
Conflict adding file .pc/socat-opensslcompress.patch.  Moved existing file to .pc/socat-opensslcompress.patch.moved.
Conflict adding file .pc/socat-opensslcompress2.patch.  Moved existing file to .pc/socat-opensslcompress2.patch.moved.
Conflict adding file debian/patches/fix-segfault-xio-gopen.patch.  Moved existing file to debian/patches/fix-segfault-xio-gopen.patch.moved.
Conflict adding file debian/patches/socat-opensslcompress.patch.  Moved existing file to debian/patches/socat-opensslcompress.patch.moved.
Conflict adding file debian/patches/socat-opensslcompress2.patch.  Moved existing file to debian/patches/socat-opensslcompress2.patch.moved.
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/quantal/socat/quantal-201207210015
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+116100@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/quantal/socat reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/quantal/socat/quantal-201207210015. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

18. By Clint Byrum

releasing version 1.7.1.3-1.4ubuntu1

17. By Clint Byrum

d/patches/fix-segfault-xio-gopen.patch: Applying patch to prevent
segfaults. (LP: #481776) This is also included in socat 2.0.

16. By Clint Byrum

d/patches/socat-opensslcompress*.patch: Add OpenSSL compression
patches from upstream. (LP: #745603) These are included in 2.0 so
these patches can be dropped when it is synced from Debian.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added directory '.pc/fix-segfault-xio-gopen.patch'
=== renamed directory '.pc/fix-segfault-xio-gopen.patch' => '.pc/fix-segfault-xio-gopen.patch.moved'
=== added file '.pc/fix-segfault-xio-gopen.patch/.timestamp'
=== added file '.pc/fix-segfault-xio-gopen.patch/xio-gopen.c'
--- .pc/fix-segfault-xio-gopen.patch/xio-gopen.c 1970-01-01 00:00:00 +0000
+++ .pc/fix-segfault-xio-gopen.patch/xio-gopen.c 2012-07-21 00:23:19 +0000
@@ -0,0 +1,123 @@
1/* source: xio-gopen.c */
2/* Copyright Gerhard Rieger 2001-2008 */
3/* Published under the GNU General Public License V.2, see file COPYING */
4
5/* this file contains the source for opening addresses of generic open type */
6
7#include "xiosysincludes.h"
8#include "xioopen.h"
9
10#include "xio-named.h"
11#include "xio-unix.h"
12#include "xio-gopen.h"
13
14
15#if WITH_GOPEN
16
17static int xioopen_gopen(int argc, const char *argv[], struct opt *opts, int xioflags, xiofile_t *fd, unsigned groups, int dummy1, int dummy2, int dummy3);
18
19
20const struct addrdesc addr_gopen = { "gopen", 3, xioopen_gopen, GROUP_FD|GROUP_FIFO|GROUP_CHR|GROUP_BLK|GROUP_REG|GROUP_NAMED|GROUP_OPEN|GROUP_FILE|GROUP_TERMIOS|GROUP_SOCKET|GROUP_SOCK_UNIX, 0, 0, 0 HELP(":<filename>") };
21
22static int xioopen_gopen(int argc, const char *argv[], struct opt *opts, int xioflags, xiofile_t *fd, unsigned groups, int dummy1, int dummy2, int dummy3) {
23 const char *filename = argv[1];
24 flags_t openflags = (xioflags & XIO_ACCMODE);
25 mode_t st_mode;
26 bool exists;
27 bool opt_unlink_close = false;
28 int result;
29
30 if ((result =
31 _xioopen_named_early(argc, argv, fd, GROUP_NAMED|groups, &exists, opts)) < 0) {
32 return result;
33 }
34 st_mode = result;
35
36 if (exists) {
37 /* file (or at least named entry) exists */
38 if ((xioflags&XIO_ACCMODE) != XIO_RDONLY) {
39 openflags |= O_APPEND;
40 }
41 } else {
42 openflags |= O_CREAT;
43 }
44
45 /* note: when S_ISSOCK was undefined, it always gives 0 */
46 if (exists && S_ISSOCK(st_mode)) {
47#if WITH_UNIX
48 union sockaddr_union us;
49 socklen_t uslen;
50 char infobuff[256];
51
52 Info1("\"%s\" is a socket, connecting to it", filename);
53
54 result =
55 _xioopen_unix_client(&fd->stream, xioflags, groups, 0, opts, filename);
56 if (result < 0) {
57 return result;
58 }
59 applyopts_named(filename, opts, PH_PASTOPEN); /* unlink-late */
60
61 if (Getsockname(fd->stream.fd, (struct sockaddr *)&us, &uslen) < 0) {
62 Warn4("getsockname(%d, %p, {%d}): %s",
63 fd->stream.fd, &us, uslen, strerror(errno));
64 } else {
65 Notice1("successfully connected via %s",
66 sockaddr_unix_info(&us.un, uslen,
67 infobuff, sizeof(infobuff)));
68 }
69#else
70 Error("\"%s\" is a socket, but UNIX socket support is not compiled in");
71 return -1;
72#endif /* WITH_UNIX */
73
74 } else {
75 /* a file name */
76
77 Info1("\"%s\" is not a socket, open()'ing it", filename);
78
79 retropt_bool(opts, OPT_UNLINK_CLOSE, &opt_unlink_close);
80 if (opt_unlink_close) {
81 if ((fd->stream.unlink_close = strdup(filename)) == NULL) {
82 Error1("strdup(\"%s\"): out of memory", filename);
83 }
84 fd->stream.opt_unlink_close = true;
85 }
86
87 Notice3("opening %s \"%s\" for %s",
88 filetypenames[(st_mode&S_IFMT)>>12], filename, ddirection[(xioflags&XIO_ACCMODE)]);
89 if ((result = _xioopen_open(filename, openflags, opts)) < 0)
90 return result;
91#ifdef I_PUSH
92 if (S_ISCHR(st_mode)) {
93 Ioctl(result, I_PUSH, "ptem");
94 Ioctl(result, I_PUSH, "ldterm");
95 Ioctl(result, I_PUSH, "ttcompat");
96 }
97#endif
98 fd->stream.fd = result;
99
100#if WITH_TERMIOS
101 if (Isatty(fd->stream.fd)) {
102 if (Tcgetattr(fd->stream.fd, &fd->stream.savetty) < 0) {
103 Warn2("cannot query current terminal settings on fd %d: %s",
104 fd->stream.fd, strerror(errno));
105 } else {
106 fd->stream.ttyvalid = true;
107 }
108 }
109#endif /* WITH_TERMIOS */
110 applyopts_named(filename, opts, PH_FD);
111 applyopts(fd->stream.fd, opts, PH_FD);
112 applyopts_cloexec(fd->stream.fd, opts);
113 }
114
115 if ((result = applyopts2(fd->stream.fd, opts, PH_PASTSOCKET, PH_CONNECTED)) < 0)
116 return result;
117
118 if ((result = _xio_openlate(&fd->stream, opts)) < 0)
119 return result;
120 return 0;
121}
122
123#endif /* WITH_GOPEN */
0124
=== added directory '.pc/socat-opensslcompress.patch'
=== renamed directory '.pc/socat-opensslcompress.patch' => '.pc/socat-opensslcompress.patch.moved'
=== added file '.pc/socat-opensslcompress.patch/.timestamp'
=== added file '.pc/socat-opensslcompress.patch/sslcls.c'
--- .pc/socat-opensslcompress.patch/sslcls.c 1970-01-01 00:00:00 +0000
+++ .pc/socat-opensslcompress.patch/sslcls.c 2012-07-21 00:23:19 +0000
@@ -0,0 +1,320 @@
1/* source: sslcls.c */
2/* Copyright Gerhard Rieger 2001-2007 */
3/* Published under the GNU General Public License V.2, see file COPYING */
4
5/* explicit system call and C library trace function, for those who miss strace
6 */
7
8#include "config.h"
9#include "xioconfig.h" /* what features are enabled */
10
11#if WITH_SYCLS && WITH_OPENSSL
12
13#include "sysincludes.h"
14
15#include "mytypes.h"
16#include "compat.h"
17#include "errno.h"
18
19#include "error.h"
20#include "filan.h"
21#include "sysutils.h"
22#include "sycls.h"
23
24void sycSSL_load_error_strings(void) {
25 Debug("SSL_load_error_strings()");
26 SSL_load_error_strings();
27 Debug("SSL_load_error_strings() ->");
28}
29
30int sycSSL_library_init(void) {
31 int result;
32 Debug("SSL_library_init()");
33 result = SSL_library_init();
34 Debug1("SSL_library_init() -> %d", result);
35 return result;
36}
37
38#ifndef OPENSSL_NO_SSL2
39SSL_METHOD *sycSSLv2_client_method(void) {
40 SSL_METHOD *result;
41 Debug("SSLv2_client_method()");
42 result = SSLv2_client_method();
43 Debug1("SSLv2_client_method() -> %p", result);
44 return result;
45}
46
47SSL_METHOD *sycSSLv2_server_method(void) {
48 SSL_METHOD *result;
49 Debug("SSLv2_server_method()");
50 result = SSLv2_server_method();
51 Debug1("SSLv2_server_method() -> %p", result);
52 return result;
53}
54#endif
55
56SSL_METHOD *sycSSLv3_client_method(void) {
57 SSL_METHOD *result;
58 Debug("SSLv3_client_method()");
59 result = SSLv3_client_method();
60 Debug1("SSLv3_client_method() -> %p", result);
61 return result;
62}
63
64SSL_METHOD *sycSSLv3_server_method(void) {
65 SSL_METHOD *result;
66 Debug("SSLv3_server_method()");
67 result = SSLv3_server_method();
68 Debug1("SSLv3_server_method() -> %p", result);
69 return result;
70}
71
72SSL_METHOD *sycSSLv23_client_method(void) {
73 SSL_METHOD *result;
74 Debug("SSLv23_client_method()");
75 result = SSLv23_client_method();
76 Debug1("SSLv23_client_method() -> %p", result);
77 return result;
78}
79
80SSL_METHOD *sycSSLv23_server_method(void) {
81 SSL_METHOD *result;
82 Debug("SSLv23_server_method()");
83 result = SSLv23_server_method();
84 Debug1("SSLv23_server_method() -> %p", result);
85 return result;
86}
87
88SSL_METHOD *sycTLSv1_client_method(void) {
89 SSL_METHOD *result;
90 Debug("TLSv1_client_method()");
91 result = TLSv1_client_method();
92 Debug1("TLSv1_client_method() -> %p", result);
93 return result;
94}
95
96SSL_METHOD *sycTLSv1_server_method(void) {
97 SSL_METHOD *result;
98 Debug("TLSv1_server_method()");
99 result = TLSv1_server_method();
100 Debug1("TLSv1_server_method() -> %p", result);
101 return result;
102}
103
104SSL_CTX *sycSSL_CTX_new(SSL_METHOD *method) {
105 SSL_CTX *result;
106 Debug1("SSL_CTX_new(%p)", method);
107 result = SSL_CTX_new(method);
108 Debug1("SSL_CTX_new() -> %p", result);
109 return result;
110}
111
112SSL *sycSSL_new(SSL_CTX *ctx) {
113 SSL *result;
114 Debug1("SSL_new(%p)", ctx);
115 result = SSL_new(ctx);
116 Debug1("SSL_new() -> %p", result);
117 return result;
118}
119
120int sycSSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
121 const char *CApath) {
122 int result;
123 Debug7("SSL_CTX_load_verify_locations(%p, %s%s%s, %s%s%s)", ctx,
124 CAfile?"\"":"", CAfile?CAfile:NULL, CAfile?"\"":"",
125 CApath?"\"":"", CApath?CApath:NULL, CApath?"\"":"");
126 result = SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
127 Debug1("SSL_CTX_load_verify_locations() -> %d", result);
128 return result;
129}
130
131int sycSSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) {
132 int result;
133 Debug3("SSL_CTX_use_certificate_file(%p, \"%s\", %d)", ctx, file, type);
134 result = SSL_CTX_use_certificate_file(ctx, file, type);
135 Debug1("SSL_CTX_use_certificate_file() -> %d", result);
136 return result;
137}
138
139int sycSSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) {
140 int result;
141 Debug2("SSL_CTX_use_certificate_chain_file(%p, \"%s\")", ctx, file);
142 result = SSL_CTX_use_certificate_chain_file(ctx, file);
143 Debug1("SSL_CTX_use_certificate_chain_file() -> %d", result);
144 return result;
145}
146
147int sycSSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) {
148 int result;
149 Debug3("SSL_CTX_use_PrivateKey_file(%p, \"%s\", %d)", ctx, file, type);
150 result = SSL_CTX_use_PrivateKey_file(ctx, file, type);
151 Debug1("SSL_CTX_use_PrivateKey_file() -> %d", result);
152 return result;
153}
154
155void sycSSL_CTX_set_verify(SSL_CTX *ctx, int mode,
156 int (*verify_callback)(int, X509_STORE_CTX *)) {
157 Debug3("SSL_CTX_set_verify(%p, %u, %p)", ctx, mode, verify_callback);
158 SSL_CTX_set_verify(ctx, mode, verify_callback);
159 Debug("SSL_CTX_set_verify() -> ");
160}
161
162int sycSSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
163 int result;
164 Debug2("SSL_CTX_set_cipher_list(%p, \"%s\")", ctx, str);
165 result = SSL_CTX_set_cipher_list(ctx, str);
166 Debug1("SSL_CTX_set_cipher_list() -> %d", result);
167 return result;
168}
169
170int sycSSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) {
171 int result;
172 Debug2("SSL_CTX_set_tmp_dh(%p, %p)", ctx, dh);
173 result = SSL_CTX_set_tmp_dh(ctx, dh);
174 Debug1("SSL_CTX_set_tmp_dh() -> %d", result);
175 return result;
176}
177
178int sycSSL_set_cipher_list(SSL *ssl, const char *str) {
179 int result;
180 Debug2("SSL_set_cipher_list(%p, \"%s\")", ssl, str);
181 result = SSL_set_cipher_list(ssl, str);
182 Debug1("SSL_set_cipher_list() -> %d", result);
183 return result;
184}
185
186long sycSSL_get_verify_result(SSL *ssl) {
187 long result;
188 Debug1("SSL_get_verify_result(%p)", ssl);
189 result = SSL_get_verify_result(ssl);
190 Debug1("SSL_get_verify_result() -> %lx", result);
191 return result;
192}
193
194int sycSSL_set_fd(SSL *ssl, int fd) {
195 int result;
196 Debug2("SSL_set_fd(%p, %d)", ssl, fd);
197 result = SSL_set_fd(ssl, fd);
198 Debug1("SSL_set_fd() -> %d", result);
199 return result;
200}
201
202int sycSSL_connect(SSL *ssl) {
203 int result;
204 Debug1("SSL_connect(%p)", ssl);
205 result = SSL_connect(ssl);
206 Debug1("SSL_connect() -> %d", result);
207 return result;
208}
209
210int sycSSL_accept(SSL *ssl) {
211 int result;
212 Debug1("SSL_accept(%p)", ssl);
213 result = SSL_accept(ssl);
214 Debug1("SSL_accept() -> %d", result);
215 return result;
216}
217
218int sycSSL_read(SSL *ssl, void *buf, int num) {
219 int result;
220 Debug3("SSL_read(%p, %p, %d)", ssl, buf, num);
221 result = SSL_read(ssl, buf, num);
222 Debug1("SSL_read() -> %d", result);
223 return result;
224}
225
226int sycSSL_pending(SSL *ssl) {
227 int result;
228 Debug1("SSL_pending(%p)", ssl);
229 result = SSL_pending(ssl);
230 Debug1("SSL_pending() -> %d", result);
231 return result;
232}
233
234int sycSSL_write(SSL *ssl, const void *buf, int num) {
235 int result;
236 Debug3("SSL_write(%p, %p, %d)", ssl, buf, num);
237 result = SSL_write(ssl, buf, num);
238 Debug1("SSL_write() -> %d", result);
239 return result;
240}
241
242X509 *sycSSL_get_peer_certificate(SSL *ssl) {
243 X509 *result;
244 Debug1("SSL_get_peer_certificate(%p)", ssl);
245 result = SSL_get_peer_certificate(ssl);
246 if (result) {
247 Debug1("SSL_get_peer_certificate() -> %p", result);
248 } else {
249 Debug("SSL_get_peer_certificate() -> NULL");
250 }
251 return result;
252}
253
254int sycSSL_shutdown(SSL *ssl) {
255 int result;
256 Debug1("SSL_shutdown(%p)", ssl);
257 result = SSL_shutdown(ssl);
258 Debug1("SSL_shutdown() -> %d", result);
259 return result;
260}
261
262void sycSSL_CTX_free(SSL_CTX *ctx) {
263 Debug1("SSL_CTX_free(%p)", ctx);
264 SSL_CTX_free(ctx);
265 Debug("SSL_CTX_free() -> void");
266 return;
267}
268
269void sycSSL_free(SSL *ssl) {
270 Debug1("SSL_free(%p)", ssl);
271 SSL_free(ssl);
272 Debug("SSL_free() -> void");
273 return;
274}
275
276int sycRAND_egd(const char *path) {
277 int result;
278 Debug1("RAND_egd(\"%s\")", path);
279 result = RAND_egd(path);
280 Debug1("RAND_egd() -> %d", result);
281 return result;
282}
283
284DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
285 DH *result;
286 Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
287 bp, x, cb, u);
288 result = PEM_read_bio_DHparams(bp, x, cb, u);
289 if (result) {
290 /*Debug2("PEM_read_bio_DHparams(, {%p},,) -> %p", *x, result);*/
291 Debug1("PEM_read_bio_DHparams() -> %p", result);
292 } else {
293 Debug("PEM_read_bio_DHparams() -> NULL");
294 }
295 return result;
296}
297
298BIO *sycBIO_new_file(const char *filename, const char *mode) {
299 BIO *result;
300 Debug2("BIO_new_file(\"%s\", \"%s\")", filename, mode);
301 result = BIO_new_file(filename, mode);
302 if (result) {
303 Debug1("BIO_new_file() -> %p", result);
304 } else {
305 Debug("BIO_new_file() -> NULL");
306 }
307 return result;
308}
309
310#if WITH_FIPS
311int sycFIPS_mode_set(int onoff) {
312 int result;
313 Debug1("FIPS_mode_set(%d)", onoff);
314 result = FIPS_mode_set(onoff);
315 Debug1("FIPS_mode_set() -> %d", result);
316 return result;
317}
318#endif /* WITH_FIPS */
319
320#endif /* WITH_SYCLS && WITH_OPENSSL */
0321
=== added file '.pc/socat-opensslcompress.patch/sslcls.h'
--- .pc/socat-opensslcompress.patch/sslcls.h 1970-01-01 00:00:00 +0000
+++ .pc/socat-opensslcompress.patch/sslcls.h 2012-07-21 00:23:19 +0000
@@ -0,0 +1,104 @@
1/* source: sslcls.h */
2/* Copyright Gerhard Rieger 2001-2007 */
3/* Published under the GNU General Public License V.2, see file COPYING */
4
5#ifndef __sslcls_h_included
6#define __sslcls_h_included 1
7
8#if WITH_SYCLS
9#if WITH_OPENSSL
10
11void sycSSL_load_error_strings(void);
12int sycSSL_library_init(void);
13#ifndef OPENSSL_NO_SSL2
14SSL_METHOD *sycSSLv2_client_method(void);
15SSL_METHOD *sycSSLv2_server_method(void);
16#endif
17SSL_METHOD *sycSSLv3_client_method(void);
18SSL_METHOD *sycSSLv3_server_method(void);
19SSL_METHOD *sycSSLv23_client_method(void);
20SSL_METHOD *sycSSLv23_server_method(void);
21SSL_METHOD *sycTLSv1_client_method(void);
22SSL_METHOD *sycTLSv1_server_method(void);
23SSL_CTX *sycSSL_CTX_new(SSL_METHOD *method);
24SSL *sycSSL_new(SSL_CTX *ctx);
25int sycSSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
26 const char *CApath);
27int sycSSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
28int sycSSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
29int sycSSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
30void sycSSL_CTX_set_verify(SSL_CTX *ctx, int mode,
31 int (*verify_callback)(int, X509_STORE_CTX *));
32int sycSSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
33int sycSSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
34int sycSSL_set_cipher_list(SSL *ssl, const char *str);
35long sycSSL_get_verify_result(SSL *ssl);
36int sycSSL_set_fd(SSL *ssl, int fd);
37int sycSSL_connect(SSL *ssl);
38int sycSSL_accept(SSL *ssl);
39int sycSSL_read(SSL *ssl, void *buf, int num);
40int sycSSL_pending(SSL *ssl);
41int sycSSL_write(SSL *ssl, const void *buf, int num);
42X509 *sycSSL_get_peer_certificate(SSL *ssl);
43int sycSSL_shutdown(SSL *ssl);
44void sycSSL_CTX_free(SSL_CTX *ctx);
45void sycSSL_free(SSL *ssl);
46int sycRAND_egd(const char *path);
47
48DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
49
50BIO *sycBIO_new_file(const char *filename, const char *mode);
51
52int sycFIPS_mode_set(int onoff);
53
54#endif /* WITH_OPENSSL */
55
56#else /* !WITH_SYCLS */
57
58#if WITH_OPENSSL
59
60#define sycSSL_load_error_strings() SSL_load_error_strings()
61#define sycSSL_library_init() SSL_library_init()
62#define sycSSLv2_client_method() SSLv2_client_method()
63#define sycSSLv2_server_method() SSLv2_server_method()
64#define sycSSLv3_client_method() SSLv3_client_method()
65#define sycSSLv3_server_method() SSLv3_server_method()
66#define sycSSLv23_client_method() SSLv23_client_method()
67#define sycSSLv23_server_method() SSLv23_server_method()
68#define sycTLSv1_client_method() TLSv1_client_method()
69#define sycTLSv1_server_method() TLSv1_server_method()
70#define sycSSL_CTX_new(m) SSL_CTX_new(m)
71#define sycSSL_new(c) SSL_new(c)
72#define sycSSL_CTX_load_verify_locations(c,f,p) SSL_CTX_load_verify_locations(c,f,p)
73#define sycSSL_CTX_use_certificate_file(c,f,t) SSL_CTX_use_certificate_file(c,f,t)
74#define sycSSL_CTX_use_certificate_chain_file(c,f) SSL_CTX_use_certificate_chain_file(c,f)
75#define sycSSL_CTX_use_PrivateKey_file(c,f,t) SSL_CTX_use_PrivateKey_file(c,f,t)
76#define sycSSL_CTX_set_verify(c,m,v) SSL_CTX_set_verify(c,m,v)
77#define sycSSL_CTX_set_tmp_dh(c,d) SSL_CTX_set_tmp_dh(c,d)
78#define sycSSL_CTX_set_cipher_list(c,s) SSL_CTX_set_cipher_list(c,s)
79#define sycSSL_set_cipher_list(s,t) SSL_set_cipher_list(s,t)
80#define sycSSL_get_verify_result(s) SSL_get_verify_result(s)
81#define sycSSL_set_fd(s,f) SSL_set_fd(s,f)
82#define sycSSL_connect(s) SSL_connect(s)
83#define sycSSL_accept(s) SSL_accept(s)
84#define sycSSL_read(s,b,n) SSL_read(s,b,n)
85#define sycSSL_pending(s) SSL_pending(s)
86#define sycSSL_write(s,b,n) SSL_write(s,b,n)
87#define sycSSL_get_peer_certificate(s) SSL_get_peer_certificate(s)
88#define sycSSL_shutdown(s) SSL_shutdown(s)
89#define sycSSL_CTX_free(c) SSL_CTX_free(c)
90#define sycSSL_free(s) SSL_free(s)
91#define sycRAND_egd(p) RAND_egd(p)
92
93#define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
94
95#define sycBIO_new_file(f,m) BIO_new_file(f,m)
96
97#endif /* WITH_OPENSSL */
98
99#define sycFIPS_mode_set(o) FIPS_mode_set(o)
100
101#endif /* !WITH_SYCLS */
102
103#endif /* !defined(__sslcls_h_included) */
104
0105
=== added file '.pc/socat-opensslcompress.patch/xio-openssl.c'
--- .pc/socat-opensslcompress.patch/xio-openssl.c 1970-01-01 00:00:00 +0000
+++ .pc/socat-opensslcompress.patch/xio-openssl.c 2012-07-21 00:23:19 +0000
@@ -0,0 +1,1229 @@
1/* source: xio-openssl.c */
2/* Copyright Gerhard Rieger 2002-2009 */
3/* Published under the GNU General Public License V.2, see file COPYING */
4
5/* this file contains the implementation of the openssl addresses */
6
7#include "xiosysincludes.h"
8#if WITH_OPENSSL /* make this address configure dependend */
9#include "xioopen.h"
10
11#include "xio-fd.h"
12#include "xio-socket.h" /* _xioopen_connect() */
13#include "xio-listen.h"
14#include "xio-ipapp.h"
15#include "xio-openssl.h"
16
17/* the openssl library requires a file descriptor for external communications.
18 so our best effort is to provide any possible kind of un*x file descriptor
19 (not only tcp, but also pipes, stdin, files...)
20 for tcp we want to provide support for socks and proxy.
21 read and write functions must use the openssl crypt versions.
22 but currently only plain tcp4 is implemented.
23*/
24
25/* Linux: "man 3 ssl" */
26
27/* generate a simple openssl server for testing:
28 1) generate a private key
29 openssl genrsa -out server.key 1024
30 2) generate a self signed cert
31 openssl req -new -key server.key -x509 -days 3653 -out server.crt
32 enter fields...
33 3) generate the pem file
34 cat server.key server.crt >server.pem
35 openssl s_server (listens on 4433/tcp)
36 */
37
38/* static declaration of ssl's open function */
39static int xioopen_openssl_connect(int argc, const char *argv[], struct opt *opts,
40 int xioflags, xiofile_t *fd, unsigned groups,
41 int dummy1, int dummy2, int dummy3);
42
43/* static declaration of ssl's open function */
44static int xioopen_openssl_listen(int argc, const char *argv[], struct opt *opts,
45 int xioflags, xiofile_t *fd, unsigned groups,
46 int dummy1, int dummy2, int dummy3);
47static int openssl_SSL_ERROR_SSL(int level, const char *funcname);
48static int openssl_handle_peer_certificate(struct single *xfd, bool opt_ver,
49 int level);
50static int xioSSL_set_fd(struct single *xfd, int level);
51static int xioSSL_connect(struct single *xfd, bool opt_ver, int level);
52
53
54/* description record for ssl connect */
55const struct addrdesc addr_openssl = {
56 "openssl", /* keyword for selecting this address type in xioopen calls
57 (canonical or main name) */
58 3, /* data flow directions this address supports on API layer:
59 1..read, 2..write, 3..both */
60 xioopen_openssl_connect, /* a function pointer used to "open" these addresses.*/
61 GROUP_FD|GROUP_SOCKET|GROUP_SOCK_IP4|GROUP_SOCK_IP6|GROUP_IP_TCP|GROUP_CHILD|GROUP_OPENSSL|GROUP_RETRY, /* bitwise OR of address groups this address belongs to.
62 You might have to specify a new group in xioopts.h */
63 0, /* an integer passed to xioopen_openssl; makes it possible to
64 use the same xioopen_openssl function for slightly different
65 address types. */
66 0, /* like previous argument */
67 0 /* like previous arguments, but pointer type.
68 No trailing comma or semicolon! */
69 HELP(":<host>:<port>") /* a text displayed from xio help function.
70 No trailing comma or semicolon!
71 only generates this text if WITH_HELP is != 0 */
72} ;
73
74#if WITH_LISTEN
75/* description record for ssl listen */
76const struct addrdesc addr_openssl_listen = {
77 "openssl-listen", /* keyword for selecting this address type in xioopen calls
78 (canonical or main name) */
79 3, /* data flow directions this address supports on API layer:
80 1..read, 2..write, 3..both */
81 xioopen_openssl_listen, /* a function pointer used to "open" these addresses.*/
82 GROUP_FD|GROUP_SOCKET|GROUP_SOCK_IP4|GROUP_SOCK_IP6|GROUP_IP_TCP|GROUP_LISTEN|GROUP_CHILD|GROUP_RANGE|GROUP_OPENSSL|GROUP_RETRY, /* bitwise OR of address groups this address belongs to.
83 You might have to specify a new group in xioopts.h */
84 0, /* an integer passed to xioopen_openssl_listen; makes it possible to
85 use the same xioopen_openssl_listen function for slightly different
86 address types. */
87 0, /* like previous argument */
88 0 /* like previous arguments, but pointer type.
89 No trailing comma or semicolon! */
90 HELP(":<port>") /* a text displayed from xio help function.
91 No trailing comma or semicolon!
92 only generates this text if WITH_HELP is != 0 */
93} ;
94#endif /* WITH_LISTEN */
95
96/* both client and server */
97const struct optdesc opt_openssl_cipherlist = { "openssl-cipherlist", "ciphers", OPT_OPENSSL_CIPHERLIST, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
98const struct optdesc opt_openssl_method = { "openssl-method", "method", OPT_OPENSSL_METHOD, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
99const struct optdesc opt_openssl_verify = { "openssl-verify", "verify", OPT_OPENSSL_VERIFY, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
100const struct optdesc opt_openssl_certificate = { "openssl-certificate", "cert", OPT_OPENSSL_CERTIFICATE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
101const struct optdesc opt_openssl_key = { "openssl-key", "key", OPT_OPENSSL_KEY, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
102const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
103const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
104const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
105const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
106const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
107#if OPENSSL_VERSION_NUMBER >= 0x00908000L
108const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
109#endif
110#if WITH_FIPS
111const struct optdesc opt_openssl_fips = { "openssl-fips", "fips", OPT_OPENSSL_FIPS, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
112#endif
113
114
115/* If FIPS is compiled in, we need to track if the user asked for FIPS mode.
116 * On forks, the FIPS mode must be reset by a disable, then enable since
117 * FIPS tracks the process ID that initializes things.
118 * If FIPS is not compiled in, no tracking variable is needed
119 * and we make the reset code compile out. This keeps the
120 * rest of the code below free of FIPS related #ifs
121 */
122#if WITH_FIPS
123static bool xio_openssl_fips = false;
124int xio_reset_fips_mode(void) {
125 if (xio_openssl_fips) {
126 if(!sycFIPS_mode_set(0) || !sycFIPS_mode_set(1)) {
127 ERR_load_crypto_strings();
128 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
129 Error("Failed to reset OpenSSL FIPS mode");
130 xio_openssl_fips = false;
131 return -1;
132 }
133 }
134 return 0;
135}
136#else
137#define xio_reset_fips_mode() 0
138#endif
139
140/* the open function for OpenSSL client */
141static int
142 xioopen_openssl_connect(int argc,
143 const char *argv[], /* the arguments in the address string */
144 struct opt *opts,
145 int xioflags, /* is the open meant for reading (0),
146 writing (1), or both (2) ? */
147 xiofile_t *xxfd, /* a xio file descriptor structure,
148 already allocated */
149 unsigned groups, /* the matching address groups... */
150 int dummy1, /* first transparent integer value from
151 addr_openssl */
152 int dummy2, /* second transparent integer value from
153 addr_openssl */
154 int dummy3) /* transparent pointer value from
155 addr_openssl */
156{
157 struct single *xfd = &xxfd->stream;
158 struct opt *opts0 = NULL;
159 const char *hostname, *portname;
160 int pf = PF_UNSPEC;
161 int ipproto = IPPROTO_TCP;
162 int socktype = SOCK_STREAM;
163 bool dofork = false;
164 union sockaddr_union us_sa, *us = &us_sa;
165 union sockaddr_union them_sa, *them = &them_sa;
166 socklen_t uslen = sizeof(us_sa);
167 socklen_t themlen = sizeof(them_sa);
168 bool needbind = false;
169 bool lowport = false;
170 int level;
171 SSL_CTX* ctx;
172 bool opt_ver = true; /* verify peer certificate */
173 char *opt_cert = NULL; /* file name of client certificate */
174 int result;
175
176 if (!(xioflags & XIO_MAYCONVERT)) {
177 Error("address with data processing not allowed here");
178 return STAT_NORETRY;
179 }
180 xfd->flags |= XIO_DOESCONVERT;
181
182 if (argc != 3) {
183 Error1("%s: 2 parameters required", argv[0]);
184 return STAT_NORETRY;
185 }
186 hostname = argv[1];
187 portname = argv[2];
188
189 xfd->howtoend = END_SHUTDOWN;
190 if (applyopts_single(xfd, opts, PH_INIT) < 0) return -1;
191 applyopts(-1, opts, PH_INIT);
192
193 retropt_bool(opts, OPT_FORK, &dofork);
194
195 retropt_string(opts, OPT_OPENSSL_CERTIFICATE, &opt_cert);
196
197 result =
198 _xioopen_openssl_prepare(opts, xfd, false, &opt_ver, opt_cert, &ctx);
199 if (result != STAT_OK) return STAT_NORETRY;
200
201 result =
202 _xioopen_ipapp_prepare(opts, &opts0, hostname, portname, &pf, ipproto,
203 xfd->para.socket.ip.res_opts[1],
204 xfd->para.socket.ip.res_opts[0],
205 them, &themlen, us, &uslen,
206 &needbind, &lowport, socktype);
207 if (result != STAT_OK) return STAT_NORETRY;
208
209 if (xioopts.logopt == 'm') {
210 Info("starting connect loop, switching to syslog");
211 diag_set('y', xioopts.syslogfac); xioopts.logopt = 'y';
212 } else {
213 Info("starting connect loop");
214 }
215
216 do { /* loop over failed connect and SSL handshake attempts */
217
218#if WITH_RETRY
219 if (xfd->forever || xfd->retry) {
220 level = E_INFO;
221 } else
222#endif /* WITH_RETRY */
223 level = E_ERROR;
224
225 /* this cannot fork because we retrieved fork option above */
226 result =
227 _xioopen_connect(xfd,
228 needbind?(struct sockaddr *)us:NULL, sizeof(*us),
229 (struct sockaddr *)them, themlen,
230 opts, pf, socktype, ipproto, lowport, level);
231 switch (result) {
232 case STAT_OK: break;
233#if WITH_RETRY
234 case STAT_RETRYLATER:
235 case STAT_RETRYNOW:
236 if (xfd->forever || xfd->retry) {
237 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
238 if (result == STAT_RETRYLATER) {
239 Nanosleep(&xfd->intervall, NULL);
240 }
241 --xfd->retry;
242 continue;
243 }
244 return STAT_NORETRY;
245#endif /* WITH_RETRY */
246 default:
247 return result;
248 }
249
250 /*! isn't this too early? */
251 if ((result = _xio_openlate(xfd, opts)) < 0) {
252 return result;
253 }
254
255 result = _xioopen_openssl_connect(xfd, opt_ver, ctx, level);
256 switch (result) {
257 case STAT_OK: break;
258#if WITH_RETRY
259 case STAT_RETRYLATER:
260 case STAT_RETRYNOW:
261 if (xfd->forever || xfd->retry) {
262 Close(xfd->fd);
263 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
264 if (result == STAT_RETRYLATER) {
265 Nanosleep(&xfd->intervall, NULL);
266 }
267 --xfd->retry;
268 continue;
269 }
270#endif /* WITH_RETRY */
271 default: return STAT_NORETRY;
272 }
273
274 if (dofork) {
275 xiosetchilddied(); /* set SIGCHLD handler */
276 }
277
278#if WITH_RETRY
279 if (dofork) {
280 pid_t pid;
281 int level = E_ERROR;
282 if (xfd->forever || xfd->retry) {
283 level = E_WARN;
284 }
285 while ((pid = xio_fork(false, level)) < 0) {
286 if (xfd->forever || --xfd->retry) {
287 Nanosleep(&xfd->intervall, NULL); continue;
288 }
289 return STAT_RETRYLATER;
290 }
291
292 if (pid == 0) { /* child process */
293 xfd->forever = false; xfd->retry = 0;
294 break;
295 }
296
297 /* parent process */
298 Close(xfd->fd);
299 sycSSL_free(xfd->para.openssl.ssl);
300 xfd->para.openssl.ssl = NULL;
301 /* with and without retry */
302 Nanosleep(&xfd->intervall, NULL);
303 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
304 continue; /* with next socket() bind() connect() */
305 }
306#endif /* WITH_RETRY */
307 break;
308 } while (true); /* drop out on success */
309
310 Notice1("SSL connection using %s", SSL_get_cipher(xfd->para.openssl.ssl));
311
312 /* fill in the fd structure */
313 return STAT_OK;
314}
315
316
317/* this function is typically called within the OpenSSL client fork/retry loop.
318 xfd must be of type DATA_OPENSSL, and its fd must be set with a valid file
319 descriptor. this function then performs all SSL related step to make a valid
320 SSL connection from an FD and a CTX. */
321int _xioopen_openssl_connect(struct single *xfd,
322 bool opt_ver,
323 SSL_CTX *ctx,
324 int level) {
325 SSL *ssl;
326 unsigned long err;
327 int result;
328
329 /* create a SSL object */
330 if ((ssl = sycSSL_new(ctx)) == NULL) {
331 if (ERR_peek_error() == 0) Msg(level, "SSL_new() failed");
332 while (err = ERR_get_error()) {
333 Msg1(level, "SSL_new(): %s", ERR_error_string(err, NULL));
334 }
335 /*Error("SSL_new()");*/
336 return STAT_RETRYLATER;
337 }
338 xfd->para.openssl.ssl = ssl;
339
340 result = xioSSL_set_fd(xfd, level);
341 if (result != STAT_OK) {
342 sycSSL_free(xfd->para.openssl.ssl);
343 xfd->para.openssl.ssl = NULL;
344 return result;
345 }
346
347 result = xioSSL_connect(xfd, opt_ver, level);
348 if (result != STAT_OK) {
349 sycSSL_free(xfd->para.openssl.ssl);
350 xfd->para.openssl.ssl = NULL;
351 return result;
352 }
353
354 result = openssl_handle_peer_certificate(xfd, opt_ver, level);
355 if (result != STAT_OK) {
356 sycSSL_free(xfd->para.openssl.ssl);
357 xfd->para.openssl.ssl = NULL;
358 return result;
359 }
360
361 return STAT_OK;
362}
363
364
365#if WITH_LISTEN
366
367static int
368 xioopen_openssl_listen(int argc,
369 const char *argv[], /* the arguments in the address string */
370 struct opt *opts,
371 int xioflags, /* is the open meant for reading (0),
372 writing (1), or both (2) ? */
373 xiofile_t *xxfd, /* a xio file descriptor structure,
374 already allocated */
375 unsigned groups, /* the matching address groups... */
376 int dummy1, /* first transparent integer value from
377 addr_openssl */
378 int dummy2, /* second transparent integer value from
379 addr_openssl */
380 int dummy3) /* transparent pointer value from
381 addr_openssl */
382{
383 struct single *xfd = &xxfd->stream;
384 const char *portname;
385 struct opt *opts0 = NULL;
386 union sockaddr_union us_sa, *us = &us_sa;
387 socklen_t uslen = sizeof(us_sa);
388 int pf;
389 int socktype = SOCK_STREAM;
390 int ipproto = IPPROTO_TCP;
391 /*! lowport? */
392 int level;
393 SSL_CTX* ctx;
394 bool opt_ver = true; /* verify peer certificate - changed with 1.6.0 */
395 char *opt_cert = NULL; /* file name of server certificate */
396 int result;
397
398 if (!(xioflags & XIO_MAYCONVERT)) {
399 Error("address with data processing not allowed here");
400 return STAT_NORETRY;
401 }
402 xfd->flags |= XIO_DOESCONVERT;
403
404 if (argc != 2) {
405 Error1("%s: 1 parameter required", argv[0]);
406 return STAT_NORETRY;
407 }
408
409#if WITH_IP4 && WITH_IP6
410 pf = xioopts.default_ip=='6'?PF_INET6:PF_INET;
411#elif WITH_IP6
412 pf = PF_INET6;
413#else
414 pf = PF_INET;
415#endif
416
417 portname = argv[1];
418
419 xfd->howtoend = END_SHUTDOWN;
420 if (applyopts_single(xfd, opts, PH_INIT) < 0) return -1;
421 applyopts(-1, opts, PH_INIT);
422
423 retropt_string(opts, OPT_OPENSSL_CERTIFICATE, &opt_cert);
424 if (opt_cert == NULL) {
425 Warn("no certificate given; consider option \"cert\"");
426 }
427
428 applyopts(-1, opts, PH_EARLY);
429
430 result =
431 _xioopen_openssl_prepare(opts, xfd, true, &opt_ver, opt_cert, &ctx);
432 if (result != STAT_OK) return STAT_NORETRY;
433
434 if (_xioopen_ipapp_listen_prepare(opts, &opts0, portname, &pf, ipproto,
435 xfd->para.socket.ip.res_opts[1],
436 xfd->para.socket.ip.res_opts[0],
437 us, &uslen, socktype)
438 != STAT_OK) {
439 return STAT_NORETRY;
440 }
441
442 xfd->addr = &addr_openssl_listen;
443 xfd->dtype = XIODATA_OPENSSL;
444
445 while (true) { /* loop over failed attempts */
446
447#if WITH_RETRY
448 if (xfd->forever || xfd->retry) {
449 level = E_INFO;
450 } else
451#endif /* WITH_RETRY */
452 level = E_ERROR;
453
454 /* tcp listen; this can fork() for us; it only returns on error or on
455 successful establishment of tcp connection */
456 result = _xioopen_listen(xfd, xioflags,
457 (struct sockaddr *)us, uslen,
458 opts, pf, socktype, IPPROTO_TCP,
459#if WITH_RETRY
460 (xfd->retry||xfd->forever)?E_INFO:E_ERROR
461#else
462 E_ERROR
463#endif /* WITH_RETRY */
464 );
465 /*! not sure if we should try again on retry/forever */
466 switch (result) {
467 case STAT_OK: break;
468#if WITH_RETRY
469 case STAT_RETRYLATER:
470 case STAT_RETRYNOW:
471 if (xfd->forever || xfd->retry) {
472 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
473 if (result == STAT_RETRYLATER) {
474 Nanosleep(&xfd->intervall, NULL);
475 }
476 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
477 --xfd->retry;
478 continue;
479 }
480 return STAT_NORETRY;
481#endif /* WITH_RETRY */
482 default:
483 return result;
484 }
485
486 result = _xioopen_openssl_listen(xfd, opt_ver, ctx, level);
487 switch (result) {
488 case STAT_OK: break;
489#if WITH_RETRY
490 case STAT_RETRYLATER:
491 case STAT_RETRYNOW:
492 if (xfd->forever || xfd->retry) {
493 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
494 if (result == STAT_RETRYLATER) {
495 Nanosleep(&xfd->intervall, NULL);
496 }
497 dropopts(opts, PH_ALL); opts = copyopts(opts0, GROUP_ALL);
498 --xfd->retry;
499 continue;
500 }
501 return STAT_NORETRY;
502#endif /* WITH_RETRY */
503 default:
504 return result;
505 }
506
507 Notice1("SSL connection using %s",
508 SSL_get_cipher(xfd->para.openssl.ssl));
509 break;
510
511 } /* drop out on success */
512
513 /* fill in the fd structure */
514
515 return STAT_OK;
516}
517
518
519int _xioopen_openssl_listen(struct single *xfd,
520 bool opt_ver,
521 SSL_CTX *ctx,
522 int level) {
523 char error_string[120];
524 unsigned long err;
525 int errint, ret;
526
527 /* create an SSL object */
528 if ((xfd->para.openssl.ssl = sycSSL_new(ctx)) == NULL) {
529 if (ERR_peek_error() == 0) Msg(level, "SSL_new() failed");
530 while (err = ERR_get_error()) {
531 Msg1(level, "SSL_new(): %s", ERR_error_string(err, NULL));
532 }
533 /*Error("SSL_new()");*/
534 return STAT_NORETRY;
535 }
536
537 /* assign the network connection to the SSL object */
538 if (sycSSL_set_fd(xfd->para.openssl.ssl, xfd->fd) <= 0) {
539 if (ERR_peek_error() == 0) Msg(level, "SSL_set_fd() failed");
540 while (err = ERR_get_error()) {
541 Msg2(level, "SSL_set_fd(, %d): %s",
542 xfd->fd, ERR_error_string(err, NULL));
543 }
544 }
545
546#if WITH_DEBUG
547 {
548 int i = 0;
549 const char *ciphers = NULL;
550 Debug("available ciphers:");
551 do {
552 ciphers = SSL_get_cipher_list(xfd->para.openssl.ssl, i);
553 if (ciphers == NULL) break;
554 Debug2("CIPHERS pri=%d: %s", i, ciphers);
555 ++i;
556 } while (1);
557 }
558#endif /* WITH_DEBUG */
559
560 /* connect via SSL by performing handshake */
561 if ((ret = sycSSL_accept(xfd->para.openssl.ssl)) <= 0) {
562 /*if (ERR_peek_error() == 0) Msg(level, "SSL_accept() failed");*/
563 errint = SSL_get_error(xfd->para.openssl.ssl, ret);
564 switch (errint) {
565 case SSL_ERROR_NONE:
566 Msg(level, "ok"); break;
567 case SSL_ERROR_ZERO_RETURN:
568 Msg(level, "connection closed (wrong version number?)"); break;
569 case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE:
570 case SSL_ERROR_WANT_CONNECT:
571 case SSL_ERROR_WANT_X509_LOOKUP:
572 Msg(level, "nonblocking operation did not complete"); break; /*!*/
573 case SSL_ERROR_SYSCALL:
574 if (ERR_peek_error() == 0) {
575 if (ret == 0) {
576 Msg(level, "SSL_accept(): socket closed by peer");
577 } else if (ret == -1) {
578 Msg1(level, "SSL_accept(): %s", strerror(errno));
579 }
580 } else {
581 Msg(level, "I/O error"); /*!*/
582 while (err = ERR_get_error()) {
583 ERR_error_string_n(err, error_string, sizeof(error_string));
584 Msg4(level, "SSL_accept(): %s / %s / %s / %s", error_string,
585 ERR_lib_error_string(err), ERR_func_error_string(err),
586 ERR_reason_error_string(err));
587 }
588 /* Msg1(level, "SSL_connect(): %s", ERR_error_string(e, buf));*/
589 }
590 break;
591 case SSL_ERROR_SSL:
592 /*ERR_print_errors_fp(stderr);*/
593 openssl_SSL_ERROR_SSL(level, "SSL_accept");
594 break;
595 default:
596 Msg(level, "unknown error");
597 }
598
599 return STAT_RETRYLATER;
600 }
601
602 if (openssl_handle_peer_certificate(xfd, opt_ver, E_ERROR/*!*/) < 0) {
603 return STAT_NORETRY;
604 }
605
606 return STAT_OK;
607}
608
609#endif /* WITH_LISTEN */
610
611
612#if OPENSSL_VERSION_NUMBER >= 0x00908000L
613/* In OpenSSL 0.9.7 compression methods could be added using
614 * SSL_COMP_add_compression_method(3), but the implemntation is not compatible
615 * with the standard (RFC3749).
616 */
617static int openssl_setup_compression(SSL_CTX *ctx, char *method)
618{
619 STACK_OF(SSL_COMP)* comp_methods;
620
621 assert(method);
622
623 /* Getting the stack of compression methods has the intended side-effect of
624 * initializing the SSL library's compression part.
625 */
626 comp_methods = SSL_COMP_get_compression_methods();
627 if (!comp_methods) {
628 Info("OpenSSL built without compression support");
629 return STAT_OK;
630 }
631
632 if (strcasecmp(method, "auto") == 0) {
633 Info("Using default OpenSSL compression");
634 return STAT_OK;
635 }
636
637 if (strcasecmp(method, "none") == 0) {
638 /* Disable compression */
639#ifdef SSL_OP_NO_COMPRESSION
640 Info("Disabling OpenSSL compression");
641 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
642#else
643 /* SSL_OP_NO_COMPRESSION was only introduced in OpenSSL 0.9.9 (released
644 * as 1.0.0). Removing all compression methods is a work-around for
645 * earlier versions of OpenSSL, but it affects all SSL connections.
646 */
647 Info("Disabling OpenSSL compression globally");
648 sk_SSL_COMP_zero(comp_methods);
649#endif
650 return STAT_OK;
651 }
652
653 /* zlib compression in OpenSSL before version 0.9.8e-beta1 uses the libc's
654 * default malloc/free instead of the ones passed to OpenSSL. Should socat
655 * ever use custom malloc/free functions for OpenSSL, this must be taken
656 * into consideration. See OpenSSL bug #1468.
657 */
658
659 Error1("openssl-compress=\"%s\": unknown compression method", method);
660 return STAT_NORETRY;
661}
662#endif
663
664
665int
666 _xioopen_openssl_prepare(struct opt *opts,
667 struct single *xfd,/* a xio file descriptor
668 structure, already allocated
669 */
670 bool server, /* SSL client: false */
671 bool *opt_ver,
672 const char *opt_cert,
673 SSL_CTX **ctx)
674{
675 bool opt_fips = false;
676 SSL_METHOD *method;
677 char *me_str = NULL; /* method string */
678 char *ci_str = NULL; /* cipher string */
679 char *opt_key = NULL; /* file name of client private key */
680 char *opt_dhparam = NULL; /* file name of DH params */
681 char *opt_cafile = NULL; /* certificate authority file */
682 char *opt_capath = NULL; /* certificate authority directory */
683 char *opt_egd = NULL; /* entropy gathering daemon socket path */
684#if OPENSSL_VERSION_NUMBER >= 0x00908000L
685 char *opt_compress = NULL; /* compression method */
686#endif
687 bool opt_pseudo = false; /* use pseudo entropy if nothing else */
688 unsigned long err;
689 int result;
690
691 xfd->addr = &addr_openssl;
692 xfd->dtype = XIODATA_OPENSSL;
693
694 retropt_bool(opts, OPT_OPENSSL_FIPS, &opt_fips);
695 retropt_string(opts, OPT_OPENSSL_METHOD, &me_str);
696 retropt_string(opts, OPT_OPENSSL_CIPHERLIST, &ci_str);
697 retropt_bool(opts, OPT_OPENSSL_VERIFY, opt_ver);
698 retropt_string(opts, OPT_OPENSSL_CAFILE, &opt_cafile);
699 retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
700 retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
701 retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
702 retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
703 retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
704#if OPENSSL_VERSION_NUMBER >= 0x00908000L
705 retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
706#endif
707
708#if WITH_FIPS
709 if (opt_fips) {
710 if (!sycFIPS_mode_set(1)) {
711 ERR_load_crypto_strings();
712 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
713 Error("Failed to set FIPS mode");
714 } else {
715 xio_openssl_fips = true;
716 }
717 }
718#endif
719
720 OpenSSL_add_all_algorithms();
721 OpenSSL_add_all_ciphers();
722 OpenSSL_add_all_digests();
723 sycSSL_load_error_strings();
724
725 /* OpenSSL preparation */
726 sycSSL_library_init();
727
728 /*! actions_to_seed_PRNG();*/
729
730 if (!server) {
731 if (me_str != 0) {
732#ifndef OPENSSL_NO_SSL2
733 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
734 method = sycSSLv2_client_method();
735 } else
736#endif
737 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
738 method = sycSSLv3_client_method();
739 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
740 !strcasecmp(me_str, "SSL")) {
741 method = sycSSLv23_client_method();
742 } else if (!strcasecmp(me_str, "TLSv1") || !strcasecmp(me_str, "TLS1") ||
743 !strcasecmp(me_str, "TLS")) {
744 method = sycTLSv1_client_method();
745 } else {
746 Error1("openssl-method=\"%s\": unknown method", me_str);
747 method = sycSSLv23_client_method()/*!*/;
748 }
749 } else {
750 method = sycSSLv23_client_method()/*!*/;
751 }
752 } else /* server */ {
753 if (me_str != 0) {
754#ifndef OPENSSL_NO_SSL2
755 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
756 method = sycSSLv2_server_method();
757 } else
758#endif
759 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
760 method = sycSSLv3_server_method();
761 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
762 !strcasecmp(me_str, "SSL")) {
763 method = sycSSLv23_server_method();
764 } else if (!strcasecmp(me_str, "TLSv1") || !strcasecmp(me_str, "TLS1") ||
765 !strcasecmp(me_str, "TLS")) {
766 method = sycTLSv1_server_method();
767 } else {
768 Error1("openssl-method=\"%s\": unknown method", me_str);
769 method = sycSSLv23_server_method()/*!*/;
770 }
771 } else {
772 method = sycSSLv23_server_method()/*!*/;
773 }
774 }
775
776 if (opt_egd) {
777 sycRAND_egd(opt_egd);
778 }
779
780 if (opt_pseudo) {
781 long int randdata;
782 /* initialize libc random from actual microseconds */
783 struct timeval tv;
784 struct timezone tz;
785 tz.tz_minuteswest = 0;
786 tz.tz_dsttime = 0;
787 if ((result = Gettimeofday(&tv, &tz)) < 0) {
788 Warn2("gettimeofday(%p, {0,0}): %s", &tv, strerror(errno));
789 }
790 srandom(tv.tv_sec*1000000+tv.tv_usec);
791
792 while (!RAND_status()) {
793 randdata = random();
794 Debug2("RAND_seed(0x{%lx}, "F_Zu")",
795 randdata, sizeof(randdata));
796 RAND_seed(&randdata, sizeof(randdata));
797 }
798 }
799
800 if ((*ctx = sycSSL_CTX_new(method)) == NULL) {
801 if (ERR_peek_error() == 0) Error("SSL_CTX_new()");
802 while (err = ERR_get_error()) {
803 Error1("SSL_CTX_new(): %s", ERR_error_string(err, NULL));
804 }
805
806 /*ERR_clear_error;*/
807 return STAT_RETRYLATER;
808 }
809
810#if OPENSSL_VERSION_NUMBER >= 0x00908000L
811 if (opt_compress) {
812 int result;
813 result = openssl_setup_compression(*ctx, opt_compress);
814 if (result != STAT_OK) {
815 return result;
816 }
817 }
818#endif
819
820 if (opt_cafile != NULL || opt_capath != NULL) {
821 if (sycSSL_CTX_load_verify_locations(*ctx, opt_cafile, opt_capath) != 1) {
822 int result;
823
824 if ((result =
825 openssl_SSL_ERROR_SSL(E_ERROR, "SSL_CTX_load_verify_locations"))
826 != STAT_OK) {
827 /*! free ctx */
828 return STAT_RETRYLATER;
829 }
830 }
831 }
832
833 if (opt_cert) {
834 BIO *bio;
835 DH *dh;
836
837 if (sycSSL_CTX_use_certificate_chain_file(*ctx, opt_cert) <= 0) {
838 /*! trace functions */
839 /*0 ERR_print_errors_fp(stderr);*/
840 if (ERR_peek_error() == 0)
841 Error2("SSL_CTX_use_certificate_file(%p, \"%s\", SSL_FILETYPE_PEM) failed",
842 *ctx, opt_cert);
843 while (err = ERR_get_error()) {
844 Error1("SSL_CTX_use_certificate_file(): %s",
845 ERR_error_string(err, NULL));
846 }
847 return STAT_RETRYLATER;
848 }
849
850 if (sycSSL_CTX_use_PrivateKey_file(*ctx, opt_key?opt_key:opt_cert, SSL_FILETYPE_PEM) <= 0) {
851 /*ERR_print_errors_fp(stderr);*/
852 openssl_SSL_ERROR_SSL(E_ERROR/*!*/, "SSL_CTX_use_PrivateKey_file");
853 return STAT_RETRYLATER;
854 }
855
856 if (opt_dhparam == NULL) {
857 opt_dhparam = (char *)opt_cert;
858 }
859 if ((bio = sycBIO_new_file(opt_dhparam, "r")) == NULL) {
860 Warn2("BIO_new_file(\"%s\", \"r\"): %s",
861 opt_dhparam, strerror(errno));
862 } else {
863 if ((dh = sycPEM_read_bio_DHparams(bio, NULL, NULL, NULL)) == NULL) {
864 Info1("PEM_read_bio_DHparams(%p, NULL, NULL, NULL): error", bio);
865 } else {
866 BIO_free(bio);
867 if (sycSSL_CTX_set_tmp_dh(*ctx, dh) == 0) {
868 Error2("SSL_CTX_set_tmp_dh(%p, %p): error", ctx, dh);
869 }
870 }
871 }
872 }
873
874 /* set pre ssl-connect options */
875 /* SSL_CIPHERS */
876 if (ci_str != NULL) {
877 if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {
878 if (ERR_peek_error() == 0)
879 Error1("SSL_set_cipher_list(, \"%s\") failed", ci_str);
880 while (err = ERR_get_error()) {
881 Error2("SSL_set_cipher_list(, \"%s\"): %s",
882 ci_str, ERR_error_string(err, NULL));
883 }
884 /*Error("SSL_new()");*/
885 return STAT_RETRYLATER;
886 }
887 }
888
889 if (*opt_ver) {
890 sycSSL_CTX_set_verify(*ctx,
891 SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
892 NULL);
893 } else {
894 sycSSL_CTX_set_verify(*ctx,
895 SSL_VERIFY_NONE,
896 NULL);
897 }
898
899 return STAT_OK;
900}
901
902
903/* analyses an OpenSSL error condition, prints the appropriate messages with
904 severity 'level' and returns one of STAT_OK, STAT_RETRYLATER, or
905 STAT_NORETRY */
906static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
907 unsigned long e;
908 char buf[120]; /* this value demanded by "man ERR_error_string" */
909
910 e = ERR_get_error();
911 Debug1("ERR_get_error(): %lx", e);
912 if (e == ((ERR_LIB_RAND<<24)|
913 (RAND_F_SSLEAY_RAND_BYTES<<12)|
914 (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
915 Error("too few entropy; use options \"egd\" or \"pseudo\"");
916 return STAT_NORETRY;
917 } else {
918 Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
919 return level==E_ERROR ? STAT_NORETRY : STAT_RETRYLATER;
920 }
921 return STAT_OK;
922}
923
924static const char *openssl_verify_messages[] = {
925 /* 0 */ "ok",
926 /* 1 */ NULL,
927 /* 2 */ "unable to get issuer certificate",
928 /* 3 */ "unable to get certificate CRL",
929 /* 4 */ "unable to decrypt certificate's signature",
930 /* 5 */ "unable to decrypt CRL's signature",
931 /* 6 */ "unable to decode issuer public key",
932 /* 7 */ "certificate signature failure",
933 /* 8 */ "CRL signature failure",
934 /* 9 */ "certificate is not yet valid",
935 /* 10 */ "certificate has expired",
936 /* 11 */ "CRL is not yet valid",
937 /* 12 */ "CRL has expired",
938 /* 13 */ "format error in certificate's notBefore field",
939 /* 14 */ "format error in certificate's notAfter field",
940 /* 15 */ "format error in CRL's lastUpdate field",
941 /* 16 */ "format error in CRL's nextUpdate field",
942 /* 17 */ "out of memory",
943 /* 18 */ "self signed certificate",
944 /* 19 */ "self signed certificate in certificate chain",
945 /* 20 */ "unable to get local issuer certificate",
946 /* 21 */ "unable to verify the first certificate",
947 /* 22 */ "certificate chain too long",
948 /* 23 */ "certificate revoked",
949 /* 24 */ "invalid CA certificate",
950 /* 25 */ "path length constraint exceeded",
951 /* 26 */ "unsupported certificate purpose",
952 /* 27 */ "certificate not trusted",
953 /* 28 */ "certificate rejected",
954 /* 29 */ "subject issuer mismatch",
955 /* 30 */ "authority and subject key identifier mismatch",
956 /* 31 */ "authority and issuer serial number mismatch",
957 /* 32 */ "key usage does not include certificate signing",
958 /* 33 */ NULL,
959 /* 34 */ NULL,
960 /* 35 */ NULL,
961 /* 36 */ NULL,
962 /* 37 */ NULL,
963 /* 38 */ NULL,
964 /* 39 */ NULL,
965 /* 40 */ NULL,
966 /* 41 */ NULL,
967 /* 42 */ NULL,
968 /* 43 */ NULL,
969 /* 44 */ NULL,
970 /* 45 */ NULL,
971 /* 46 */ NULL,
972 /* 47 */ NULL,
973 /* 48 */ NULL,
974 /* 49 */ NULL,
975 /* 50 */ "application verification failure",
976} ;
977
978static int openssl_handle_peer_certificate(struct single *xfd,
979 bool opt_ver, int level) {
980 X509 *peer_cert;
981 char *str;
982 char buff[2048]; /* hold peer certificate */
983 int status;
984
985 /* SSL_CTX_add_extra_chain_cert
986 SSL_get_verify_result
987 */
988 if ((peer_cert = SSL_get_peer_certificate(xfd->para.openssl.ssl)) != NULL) {
989 Debug("peer certificate:");
990 if ((str = X509_NAME_oneline(X509_get_subject_name(peer_cert), buff, sizeof(buff))) != NULL)
991 Debug1("\tsubject: %s", str); /*free (str); SIGSEGV*/
992 if ((str = X509_NAME_oneline(X509_get_issuer_name(peer_cert), buff, sizeof(buff))) != NULL)
993 Debug1("\tissuer: %s", str); /*free (str); SIGSEGV*/
994 }
995
996 if (peer_cert) {
997 if (opt_ver) {
998 long verify_result;
999 if ((verify_result = sycSSL_get_verify_result(xfd->para.openssl.ssl)) == X509_V_OK) {
1000 Info("accepted peer certificate");
1001 status = STAT_OK;
1002 } else {
1003 const char *message = NULL;
1004 if (verify_result >= 0 &&
1005 (size_t)verify_result <
1006 sizeof(openssl_verify_messages)/sizeof(char*))
1007 {
1008 message = openssl_verify_messages[verify_result];
1009 }
1010 if (message) {
1011 Msg1(level, "%s", message);
1012 } else {
1013 Msg1(level, "rejected peer certificate with error %ld", verify_result);
1014 }
1015 status = STAT_RETRYLATER;
1016 }
1017 } else {
1018 Notice("no check of certificate");
1019 status = STAT_OK;
1020 }
1021 } else {
1022 if (opt_ver) {
1023 Msg(level, "no peer certificate");
1024 status = STAT_RETRYLATER;
1025 } else {
1026 Notice("no peer certificate and no check");
1027 status = STAT_OK;
1028 }
1029 }
1030
1031 X509_free(peer_cert);
1032 return status;
1033}
1034
1035static int xioSSL_set_fd(struct single *xfd, int level) {
1036 unsigned long err;
1037
1038 /* assign a network connection to the SSL object */
1039 if (sycSSL_set_fd(xfd->para.openssl.ssl, xfd->fd) <= 0) {
1040 Msg(level, "SSL_set_fd() failed");
1041 while (err = ERR_get_error()) {
1042 Msg2(level, "SSL_set_fd(, %d): %s",
1043 xfd->fd, ERR_error_string(err, NULL));
1044 }
1045 return STAT_RETRYLATER;
1046 }
1047 return STAT_OK;
1048}
1049
1050
1051/* ...
1052 in case of an error condition, this function check forever and retry
1053 options and ev. sleeps an interval. It returns NORETRY when the caller
1054 should not retry for any reason. */
1055static int xioSSL_connect(struct single *xfd, bool opt_ver, int level) {
1056 char error_string[120];
1057 int errint, status, ret;
1058 unsigned long err;
1059
1060 /* connect via SSL by performing handshake */
1061 if ((ret = sycSSL_connect(xfd->para.openssl.ssl)) <= 0) {
1062 /*if (ERR_peek_error() == 0) Msg(level, "SSL_connect() failed");*/
1063 errint = SSL_get_error(xfd->para.openssl.ssl, ret);
1064 switch (errint) {
1065 case SSL_ERROR_NONE:
1066 /* this is not an error, but I dare not continue for security reasons*/
1067 Msg(level, "ok");
1068 status = STAT_RETRYLATER;
1069 case SSL_ERROR_ZERO_RETURN:
1070 Msg(level, "connection closed (wrong version number?)");
1071 status = STAT_RETRYLATER;
1072 break;
1073 case SSL_ERROR_WANT_READ:
1074 case SSL_ERROR_WANT_WRITE:
1075 case SSL_ERROR_WANT_CONNECT:
1076 case SSL_ERROR_WANT_X509_LOOKUP:
1077 Msg(level, "nonblocking operation did not complete");
1078 status = STAT_RETRYLATER;
1079 break; /*!*/
1080 case SSL_ERROR_SYSCALL:
1081 if (ERR_peek_error() == 0) {
1082 if (ret == 0) {
1083 Msg(level, "SSL_connect(): socket closed by peer");
1084 } else if (ret == -1) {
1085 Msg1(level, "SSL_connect(): %s", strerror(errno));
1086 }
1087 } else {
1088 Msg(level, "I/O error"); /*!*/
1089 while (err = ERR_get_error()) {
1090 ERR_error_string_n(err, error_string, sizeof(error_string));
1091 Msg4(level, "SSL_connect(): %s / %s / %s / %s", error_string,
1092 ERR_lib_error_string(err), ERR_func_error_string(err),
1093 ERR_reason_error_string(err));
1094 }
1095 }
1096 status = STAT_RETRYLATER;
1097 break;
1098 case SSL_ERROR_SSL:
1099 status = openssl_SSL_ERROR_SSL(level, "SSL_connect");
1100 if (openssl_handle_peer_certificate(xfd, opt_ver, level/*!*/) < 0) {
1101 return STAT_RETRYLATER;
1102 }
1103 break;
1104 default:
1105 Msg(level, "unknown error");
1106 status = STAT_RETRYLATER;
1107 break;
1108 }
1109 return status;
1110 }
1111 return STAT_OK;
1112}
1113
1114/* on result < 0: errno is set (at least to EIO) */
1115ssize_t xioread_openssl(struct single *pipe, void *buff, size_t bufsiz) {
1116 unsigned long err;
1117 char error_string[120];
1118 int _errno = EIO; /* if we have no better idea about nature of error */
1119 int errint, ret;
1120
1121 ret = sycSSL_read(pipe->para.openssl.ssl, buff, bufsiz);
1122 if (ret < 0) {
1123 errint = SSL_get_error(pipe->para.openssl.ssl, ret);
1124 switch (errint) {
1125 case SSL_ERROR_NONE:
1126 /* this is not an error, but I dare not continue for security reasons*/
1127 Error("ok");
1128 case SSL_ERROR_ZERO_RETURN:
1129 Error("connection closed by peer");
1130 break;
1131 case SSL_ERROR_WANT_READ:
1132 case SSL_ERROR_WANT_WRITE:
1133 case SSL_ERROR_WANT_CONNECT:
1134 case SSL_ERROR_WANT_X509_LOOKUP:
1135 Info("nonblocking operation did not complete");
1136 errno = EAGAIN;
1137 return -1;
1138 case SSL_ERROR_SYSCALL:
1139 if (ERR_peek_error() == 0) {
1140 if (ret == 0) {
1141 Error("SSL_read(): socket closed by peer");
1142 } else if (ret == -1) {
1143 _errno = errno;
1144 Error1("SSL_read(): %s", strerror(errno));
1145 }
1146 } else {
1147 Error("I/O error"); /*!*/
1148 while (err = ERR_get_error()) {
1149 ERR_error_string_n(err, error_string, sizeof(error_string));
1150 Error4("SSL_read(): %s / %s / %s / %s", error_string,
1151 ERR_lib_error_string(err), ERR_func_error_string(err),
1152 ERR_reason_error_string(err));
1153 }
1154 }
1155 break;
1156 case SSL_ERROR_SSL:
1157 openssl_SSL_ERROR_SSL(E_ERROR, "SSL_connect");
1158 break;
1159 default:
1160 Error("unknown error");
1161 break;
1162 }
1163 errno = _errno;
1164 return -1;
1165 }
1166 return ret;
1167}
1168
1169ssize_t xiopending_openssl(struct single *pipe) {
1170 int bytes = sycSSL_pending(pipe->para.openssl.ssl);
1171 return bytes;
1172}
1173
1174/* on result < 0: errno is set (at least to EIO) */
1175ssize_t xiowrite_openssl(struct single *pipe, const void *buff, size_t bufsiz) {
1176 unsigned long err;
1177 char error_string[120];
1178 int _errno = EIO; /* if we have no better idea about nature of error */
1179 int errint, ret;
1180
1181 ret = sycSSL_write(pipe->para.openssl.ssl, buff, bufsiz);
1182 if (ret < 0) {
1183 errint = SSL_get_error(pipe->para.openssl.ssl, ret);
1184 switch (errint) {
1185 case SSL_ERROR_NONE:
1186 /* this is not an error, but I dare not continue for security reasons*/
1187 Error("ok");
1188 case SSL_ERROR_ZERO_RETURN:
1189 Error("connection closed by peer");
1190 break;
1191 case SSL_ERROR_WANT_READ:
1192 case SSL_ERROR_WANT_WRITE:
1193 case SSL_ERROR_WANT_CONNECT:
1194 case SSL_ERROR_WANT_X509_LOOKUP:
1195 Error("nonblocking operation did not complete");
1196 break; /*!*/
1197 case SSL_ERROR_SYSCALL:
1198 if (ERR_peek_error() == 0) {
1199 if (ret == 0) {
1200 Error("SSL_write(): socket closed by peer");
1201 } else if (ret == -1) {
1202 _errno = errno;
1203 Error1("SSL_write(): %s", strerror(errno));
1204 }
1205 } else {
1206 Error("I/O error"); /*!*/
1207 while (err = ERR_get_error()) {
1208 ERR_error_string_n(err, error_string, sizeof(error_string));
1209 Error4("SSL_write(): %s / %s / %s / %s", error_string,
1210 ERR_lib_error_string(err), ERR_func_error_string(err),
1211 ERR_reason_error_string(err));
1212 }
1213 }
1214 break;
1215 case SSL_ERROR_SSL:
1216 openssl_SSL_ERROR_SSL(E_ERROR, "SSL_connect");
1217 break;
1218 default:
1219 Error("unknown error");
1220 break;
1221 }
1222 errno = _errno;
1223 return -1;
1224 }
1225 return ret;
1226}
1227
1228
1229#endif /* WITH_OPENSSL */
01230
=== added directory '.pc/socat-opensslcompress2.patch'
=== renamed directory '.pc/socat-opensslcompress2.patch' => '.pc/socat-opensslcompress2.patch.moved'
=== added file '.pc/socat-opensslcompress2.patch/.timestamp'
=== added directory '.pc/socat-opensslcompress2.patch/doc'
=== added file '.pc/socat-opensslcompress2.patch/doc/socat.yo'
--- .pc/socat-opensslcompress2.patch/doc/socat.yo 1970-01-01 00:00:00 +0000
+++ .pc/socat-opensslcompress2.patch/doc/socat.yo 2012-07-21 00:23:19 +0000
@@ -0,0 +1,3501 @@
1COMMENT(source: socat.yo)
2mailto(socat@dest-unreach.org)
3
4def(unix)(0)(UN*X)
5def(unixdomain)(0)(UNIX domain)
6def(socat)(0)(bf(socat))
7def(Socat)(0)(bf(Socat))
8def(filan)(0)(bf(filan))
9def(Filan)(0)(bf(Filan))
10def(procan)(0)(bf(procan))
11def(Procan)(0)(bf(Procan))
12
13manpage(socat)(1)(Jan 2010)()()
14
15whenhtml(
16label(CONTENTS)
17manpagesection(CONTENTS)
18link(NAME)(NAME)nl()
19link(SYNOPSIS)(SYNOPSIS)nl()
20link(DESCRIPTION)(DESCRIPTION)nl()
21link(OPTIONS)(OPTIONS)nl()
22link(ADDRESS SPECIFICATIONS)(ADDRESS_SPECIFICATIONS)nl()
23link(ADDRESS TYPES)(ADDRESS_TYPES)nl()
24link(ADDRESS OPTIONS)(ADDRESS_OPTIONS)nl()
25link(DATA VALUES)(VALUES)nl()
26link(EXAMPLES)(EXAMPLES)nl()
27link(DIAGNOSTICS)(DIAGNOSTICS)nl()
28link(FILES)(FILES)nl()
29link(ENVIRONMENT VARIABLES)(ENVIRONMENT_VARIABLES)nl()
30link(CREDITS)(CREDITS)nl()
31link(VERSION)(VERSION)nl()
32link(BUGS)(BUGS)nl()
33link(SEE ALSO)(SEEALSO)nl()
34)
35
36label(NAME)
37manpagename(socat) (Multipurpose relay (SOcket CAT))
38
39label(SYNOPSIS)
40manpagesynopsis()
41tt(socat [options] <address> <address>)nl()
42tt(socat -V)nl()
43tt(socat -h[h[h]] | -?[?[?]])nl()
44tt(filan)nl()
45tt(procan)
46
47label(DESCRIPTION)
48manpagedescription()
49
50Socat() is a command line based utility that establishes two bidirectional byte
51streams and transfers data between them. Because the streams can be constructed
52from a large set of different types of data sinks and sources
53(see link(address types)(ADDRESS_TYPES)), and because lots of
54link(address options)(ADDRESS_OPTIONS) may be applied to the streams, socat can
55be used for many different purposes.
56
57Filan() is a utility that prints information about its active file
58descriptors to stdout. It has been written for debugging socat(), but might be
59useful for other purposes too. Use the -h option to find more infos.
60
61Procan() is a utility that prints information about process parameters to
62stdout. It has been written to better understand
63some UNIX process properties and for debugging socat(), but might be
64useful for other purposes too.
65
66The life cycle of a socat() instance typically consists of four phases.
67
68In the em(init) phase, the command line options are parsed and logging is
69initialized.
70
71During the em(open) phase, socat() opens the first address and afterwards the
72second address. These steps are usually blocking; thus, especially for complex address types like socks,
73connection requests or authentication dialogs must be completed before the next
74step is started.
75
76In the em(transfer) phase, socat() watches both streams' read and write file
77descriptors via code(select()), and, when data is available on one side em(and)
78can be written to the other side, socat reads it, performs newline
79character conversions if required, and writes the data to the write file
80descriptor of the other stream, then continues waiting for more data in both
81directions.
82
83When one of the streams effectively reaches EOF, the em(closing) phase
84begins. Socat() transfers the EOF condition to the other stream,
85i.e. tries to shutdown only its write stream, giving it a chance to
86terminate gracefully. For a defined time socat() continues to transfer data in
87the other direction, but then closes all remaining channels and terminates.
88
89
90label(OPTIONS)
91manpageoptions()
92
93Socat() provides some command line options that modify the behaviour of the
94program. They have nothing to do with so called
95link(address options)(ADDRESS_OPTIONS) that are used as parts of link(address specifications)(ADDRESS_SPECIFICATIONS).
96
97startdit()
98dit(bf(tt(-V)))
99 Print version and available feature information to stdout, and exit.
100dit(bf(tt(-h | -?)))
101 Print a help text to stdout describing command line options and available address
102 types, and exit.
103dit(bf(tt(-hh | -??)))
104 Like -h, plus a list of the short names of all available address options. Some options are
105 platform dependend, so this output is helpful for checking the particular
106 implementation.
107dit(bf(tt(-hhh | -???)))
108 Like -hh, plus a list of all available address option names.
109label(option_d)dit(bf(tt(-d)))
110 Without this option, only fatal and error messages are generated; applying
111 this option also prints warning messages. See link(DIAGNOSTICS)(DIAGNOSTICS)
112 for more information.
113label(option_d_d)dit(bf(tt(-d -d))) Prints fatal, error, warning, and notice messages.
114dit(bf(tt(-d -d -d))) Prints fatal, error, warning, notice, and info messages.
115dit(bf(tt(-d -d -d -d))) Prints fatal, error, warning, notice, info, and debug
116 messages.
117dit(bf(tt(-D)))
118 Logs information about file descriptors before starting the transfer phase.
119dit(bf(tt(-ly[<facility>])))
120 Writes messages to syslog instead of stderr; severity as defined with -d
121 option. With optional link(<facility>)(TYPE_FACILITY), the syslog type can
122 be selected, default is "daemon".
123dit(bf(tt(-lf))tt( <logfile>))
124 Writes messages to <logfile> [link(filename)(TYPE_FILENAME)] instead of
125 stderr.
126dit(bf(tt(-ls)))
127 Writes messages to stderr (this is the default).
128label(option_lp)dit(bf(tt(-lp))tt(<progname>))
129 Overrides the program name printed in error messages and used for
130 constructing environment variable names.
131dit(bf(tt(-lu)))
132 Extends the timestamp of error messages to microsecond resolution. Does not
133 work when logging to syslog.
134label(option_lm)dit(bf(tt(-lm[<facility>])))
135 Mixed log mode. During startup messages are printed to stderr; when socat()
136 starts the transfer phase loop or daemon mode (i.e. after opening all
137 streams and before starting data transfer, or, with listening sockets with
138 fork option, before the first accept call), it switches logging to syslog.
139 With optional link(<facility>)(TYPE_FACILITY), the syslog type can be
140 selected, default is "daemon".
141label(option_lh)dit(bf(tt(-lh)))
142 Adds hostname to log messages. Uses the value from environment variable
143 HOSTNAME or the value retrieved with tt(uname()) if HOSTNAME is not set.
144dit(bf(tt(-v)))
145 Writes the transferred data not only to their target streams, but also to
146 stderr. The output format is text with some conversions for readability, and
147 prefixed with "> " or "< " indicating flow directions.
148dit(bf(tt(-x)))
149 Writes the transferred data not only to their target streams, but also to
150 stderr. The output format is hexadecimal, prefixed with "> " or "< "
151 indicating flow directions. Can be combined with code(-v).
152label(option_b)dit(bf(tt(-b))tt(<size>))
153 Sets the data transfer block <size> [link(size_t)(TYPE_SIZE_T)].
154 At most <size> bytes are transferred per step. Default is 8192 bytes.
155label(option_s)dit(bf(tt(-s)))
156 By default, socat() terminates when an error occurred to prevent the process
157 from running when some option could not be applied. With this
158 option, socat() is sloppy with errors and tries to continue. Even with this
159 option, socat will exit on fatals, and will abort connection attempts when
160 security checks failed.
161label(option_t)dit(bf(tt(-t))tt(<timeout>))
162 When one channel has reached EOF, the write part of the other channel is shut
163 down. Then, socat() waits <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds
164 before terminating. Default is 0.5 seconds. This timeout only applies to
165 addresses where write and read part can be closed independently. When during
166 the timeout interval the read part gives EOF, socat terminates without
167 awaiting the timeout.
168label(option_T)dit(bf(tt(-T))tt(<timeout>))
169 Total inactivity timeout: when socat is already in the transfer loop and
170 nothing has happened for <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds
171 (no data arrived, no interrupt occurred...) then it terminates.
172 Useful with protocols like UDP that cannot transfer EOF.
173label(option_u)dit(bf(tt(-u)))
174 Uses unidirectional mode. The first address is only used for reading, and the
175 second address is only used for writing (link(example)(EXAMPLE_option_u)).
176label(option_U)dit(bf(tt(-U)))
177 Uses unidirectional mode in reverse direction. The first address is only
178 used for writing, and the second address is only used for reading.
179label(option_g)dit(bf(tt(-g)))
180 During address option parsing, don't check if the option is considered
181 useful in the given address environment. Use it if you want to force, e.g.,
182 appliance of a socket option to a serial device.
183label(option_L)dit(bf(tt(-L))tt(<lockfile>))
184 If lockfile exists, exits with error. If lockfile does not exist, creates it
185 and continues, unlinks lockfile on exit.
186label(option_W)dit(bf(tt(-W))tt(<lockfile>))
187 If lockfile exists, waits until it disappears. When lockfile does not exist,
188 creates it and continues, unlinks lockfile on exit.
189label(option_4)dit(bf(tt(-4)))
190 Use IP version 4 in case that the addresses do not implicitly or explicitly
191 specify a version; this is the default.
192label(option_6)dit(bf(tt(-6)))
193 Use IP version 6 in case that the addresses do not implicitly or explicitly
194 specify a version.
195enddit()
196
197
198label(ADDRESS_SPECIFICATIONS)
199manpagesection(ADDRESS SPECIFICATIONS)
200
201With the address command line arguments, the user gives socat() instructions and
202the necessary information for establishing the byte streams.
203
204An address specification usually consists of an address type
205keyword, zero or more required address parameters separated by ':' from the keyword and
206from each
207other, and zero or more address options separated by ','.
208
209The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For some
210keywords there exist synonyms ('-' for STDIO, TCP for TCP4). Keywords are case
211insensitive.
212For a few special address types, the keyword may be omitted:
213Address specifications starting with a number are assumed to be FD (raw file
214descriptor) addresses;
215if a '/' is found before the first ':' or ',', GOPEN (generic file open) is
216assumed.
217
218The required number and type of address parameters depend on the address
219type. E.g., TCP4 requires a server specification (name or address), and a port
220specification (number or service name).
221
222Zero or more address options may be given with each address. They influence the
223address in some ways.
224Options consist of an option keyword or an option keyword and a value,
225separated by '='. Option keywords are case insensitive.
226For filtering the options that are useful with an address
227type, each option is member of one option group. For
228each address type there is a set of option groups allowed. Only options
229belonging to one of these address groups may be used (except with link(option -g)(option_g)).
230
231label(ADDRESS_DUAL)
232Address specifications following the above schema are also called em(single)
233address specifications.
234Two single addresses can be combined with "!!" to form a em(dual) type
235address for one channel. Here, the first address is used by socat() for reading
236data, and the
237second address for writing data. There is no way to specify an option only once
238for being applied to both single addresses.
239
240Usually, addresses are opened in read/write
241mode. When an address is part of a dual address specification, or when
242link(option -u)(option_u) or link(-U)(option_U) is used, an address might be
243used only for reading or for writing. Considering this is important with some
244address types.
245
246With socat version 1.5.0 and higher, the lexical analysis tries to handle
247quotes and parenthesis meaningfully and allows escaping of special characters.
248If one of the characters ( { [ ' is found, the corresponding closing
249character - ) } ] ' - is looked for; they may also be nested. Within these
250constructs, socats special characters and strings : , !! are not handled
251specially. All those characters and strings can be escaped with \ or within ""
252
253label(ADDRESS_TYPES)
254manpagesection(ADDRESS TYPES)
255
256This section describes the available address types with their keywords,
257parameters, and semantics.
258
259startdit()
260label(ADDRESS_CREAT)dit(bf(tt(CREATE:<filename>)))
261 Opens link(<filename>)(TYPE_FILENAME) with code(creat()) and uses the file
262 descriptor for writing.
263 This address type requires write-only context, because a file opened with
264 code(creat) cannot be read from.
265 <filename> must be a valid existing or not existing path.
266 If <filename> is a named pipe, code(creat()) might block;
267 if <filename> refers to a socket, this is an error.nl()
268 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED) nl()
269 Useful options:
270 link(mode)(OPTION_MODE),
271 link(user)(OPTION_USER),
272 link(group)(OPTION_GROUP),
273 link(unlink-early)(OPTION_UNLINK_EARLY),
274 link(unlink-late)(OPTION_UNLINK_LATE),
275 link(append)(OPTION_APPEND)nl()
276 See also: link(OPEN)(ADDRESS_OPEN), link(GOPEN)(ADDRESS_GOPEN)
277label(ADDRESS_EXEC)dit(bf(tt(EXEC:<command-line>)))
278 Forks a sub process that establishes communication with its parent process
279 and invokes the specified program with code(execvp()).
280 link(<command-line>)(TYPE_COMMAND_LINE) is a simple command
281 with arguments separated by single spaces. If the program name
282 contains a '/', the part after the last '/' is taken as ARGV[0]. If the
283 program name is a relative
284 path, the code(execvp()) semantics for finding the program via
285 code($PATH)
286 apply. After successful program start, socat() writes data to stdin of the
287 process and reads from its stdout using a unixdomain() socket generated by
288 code(socketpair()) per default. (link(example)(EXAMPLE_ADDRESS_EXEC)) nl()
289 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl()
290 Useful options:
291 link(path)(OPTION_PATH),
292 link(fdin)(OPTION_FDIN),
293 link(fdout)(OPTION_FDOUT),
294 link(chroot)(OPTION_CHROOT),
295 link(su)(OPTION_SUBSTUSER),
296 link(su-d)(OPTION_SUBSTUSER_DELAYED),
297 link(nofork)(OPTION_NOFORK),
298 link(pty)(OPTION_PTY),
299 link(stderr)(OPTION_STDERR),
300 link(ctty)(OPTION_CTTY),
301 link(setsid)(OPTION_SETSID),
302 link(pipes)(OPTION_PIPES),
303 link(login)(OPTION_LOGIN),
304 link(sigint)(OPTION_SIGINT),
305 link(sigquit)(OPTION_SIGQUIT)nl()
306 See also: link(SYSTEM)(ADDRESS_SYSTEM)
307label(ADDRESS_FD)dit(bf(tt(FD:<fdnum>)))
308 Uses the file descriptor link(<fdnum>)(TYPE_FDNUM). It must already exist as
309 valid unix() file descriptor.nl()
310 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
311 See also:
312 link(STDIO)(ADDRESS_STDIO),
313 link(STDIN)(ADDRESS_STDIN),
314 link(STDOUT)(ADDRESS_STDOUT),
315 link(STDERR)(ADDRESS_STDERR)
316label(ADDRESS_GOPEN)dit(bf(tt(GOPEN:<filename>)))
317 (Generic open) This address type tries to handle any file system entry
318 except directories usefully. link(<filename>)(TYPE_FILENAME) may be a
319 relative or absolute path. If it already exists, its type is checked.
320 In case of a unixdomain() socket, socat() connects; if connecting fails,
321 socat() assumes a datagram socket and uses code(sendto()) calls.
322 If the entry is not a socket, socat() opens it applying the code(O_APPEND)
323 flag.
324 If it does not exist, it is opened with flag
325 code(O_CREAT) as a regular file (link(example)(EXAMPLE_ADDRESS_GOPEN)).nl()
326 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
327 See also:
328 link(OPEN)(ADDRESS_OPEN),
329 link(CREATE)(ADDRESS_CREAT),
330 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
331
332label(ADDRESS_IP_SENDTO)dit(bf(tt(IP-SENDTO:<host>:<protocol>)))
333 Opens a raw IP socket. Depending on host specification or option link(pf)(OPTION_PROTOCOL_FAMILY), IP procotol version
334 4 or 6 is used. It uses link(<protocol>)(TYPE_PROTOCOL) to send packets
335 to <host> [link(IP address)(TYPE_IP_ADDRESS)] and receives packets from
336 host, ignores packets from other hosts.
337 Protocol 255 uses the raw socket with the IP header being part of the
338 data.nl()
339 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
340 Useful options:
341 link(pf)(OPTION_PROTOCOL_FAMILY),
342 link(ttl)(OPTION_TTL) nl()
343 See also:
344 link(IP4-SENDTO)(ADDRESS_IP4_SENDTO),
345 link(IP6-SENDTO)(ADDRESS_IP6_SENDTO),
346 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
347 link(IP-RECV)(ADDRESS_IP_RECV),
348 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
349 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO)
350label(ADDRESS_INTERFACE)dit(bf(tt(INTERFACE:<interface>)))
351 Communicates with a network connected on an interface using raw packets
352 including link level data. link(<interface>)(TYPE_INTERFACE) is the name of
353 the network interface. Currently only available on Linux.
354 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET) nl()
355 Useful options:
356 link(pf)(OPTION_PROTOCOL_FAMILY),
357 link(type)(OPTION_SO_TYPE)nl()
358 See also: link(ip-recv)(ADDRESS_IP_RECV)
359label(ADDRESS_IP4_SENDTO)dit(bf(tt(IP4-SENDTO:<host>:<protocol>)))
360 Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv4.nl()
361 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl()
362label(ADDRESS_IP6_SENDTO)dit(bf(tt(IP6-SENDTO:<host>:<protocol>)))
363 Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv6.nl()
364 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl()
365
366label(ADDRESS_IP_DATAGRAM)dit(bf(tt(IP-DATAGRAM:<address>:<protocol>)))
367 Sends outgoing data to the specified address which may in particular be a
368 broadcast or multicast address. Packets arriving on the local socket are
369 checked if their source addresses match
370 link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
371 options. This address type can for example be used for implementing
372 symmetric or asymmetric broadcast or multicast communications.nl()
373 Option groups: link(FD)(GROUP_FD), link(SOCKET)(GROUP_SOCKET),
374 link(IP4)(GROUP_IP4), link(IP6)(GROUP_IP6), link(RANGE)(GROUP_RANGE) nl()
375 Useful options:
376 link(bind)(OPTION_BIND),
377 link(range)(OPTION_RANGE),
378 link(tcpwrap)(OPTION_TCPWRAPPERS),
379 link(broadcast)(OPTION_SO_BROADCAST),
380 link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP),
381 link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL),
382 link(ip-multicast-if)(OPTION_IP_MULTICAST_IF),
383 link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP),
384 link(ttl)(OPTION_TTL),
385 link(tos)(OPTION_TOS),
386 link(pf)(OPTION_PROTOCOL_FAMILY)nl()
387 See also:
388 link(IP4-DATAGRAM)(ADDRESS_IP4_DATAGRAM),
389 link(IP6-DATAGRAM)(ADDRESS_IP6_DATAGRAM),
390 link(IP-SENDTO)(ADDRESS_IP_SENDTO),
391 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
392 link(IP-RECV)(ADDRESS_IP_RECV),
393 link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM)
394label(ADDRESS_IP4_DATAGRAM)dit(bf(tt(IP4-DATAGRAM:<host>:<protocol>)))
395 Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv4.
396 (link(example)(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT))nl()
397 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl()
398label(ADDRESS_IP6_DATAGRAM)dit(bf(tt(IP6-DATAGRAM:<host>:<protocol>)))
399 Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv6. Please
400 note that IPv6 does not know broadcasts.nl()
401 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
402
403label(ADDRESS_IP_RECVFROM)dit(bf(tt(IP-RECVFROM:<protocol>)))
404 Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP procotol version
405 4 or 6 is used. It receives one packet from an unspecified peer and may send one or more answer packets to that peer.
406 This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.
407 This allows a behaviour similar to typical UDP based servers like ntpd or
408 named.nl()
409 Please note that the reply packets might be fetched as incoming traffic when
410 sender and receiver IP address are identical because there is no port number
411 to distinguish the sockets.nl()
412 This address works well with IP-SENDTO address peers (see above).
413 Protocol 255 uses the raw socket with the IP header being part of the
414 data.nl()
415 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
416 Useful options:
417 link(pf)(OPTION_PROTOCOL_FAMILY),
418 link(fork)(OPTION_FORK),
419 link(range)(OPTION_RANGE),
420 link(ttl)(OPTION_TTL),
421 link(broadcast)(OPTION_SO_BROADCAST)nl()
422 See also:
423 link(IP4-RECVFROM)(ADDRESS_IP4_RECVFROM),
424 link(IP6-RECVFROM)(ADDRESS_IP6_RECVFROM),
425 link(IP-SENDTO)(ADDRESS_IP_SENDTO),
426 link(IP-RECV)(ADDRESS_IP_RECV),
427 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
428 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM)
429label(ADDRESS_IP4_RECVFROM)dit(bf(tt(IP4-RECVFROM:<protocol>)))
430 Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv4.nl()
431 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
432label(ADDRESS_IP6_RECVFROM)dit(bf(tt(IP6-RECVFROM:<protocol>)))
433 Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv6.nl()
434 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
435
436label(ADDRESS_IP_RECV)dit(bf(tt(IP-RECV:<protocol>)))
437 Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP procotol version
438 4 or 6 is used. It receives packets from multiple unspecified peers and merges the data.
439 No replies are possible.
440 It can be, e.g., addressed by socat IP-SENDTO address peers.
441 Protocol 255 uses the raw socket with the IP header being part of the
442 data.nl()
443 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
444 Useful options:
445 link(pf)(OPTION_PROTOCOL_FAMILY),
446 link(range)(OPTION_RANGE)nl()
447 See also:
448 link(IP4-RECV)(ADDRESS_IP4_RECV),
449 link(IP6-RECV)(ADDRESS_IP6_RECV),
450 link(IP-SENDTO)(ADDRESS_IP_SENDTO),
451 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
452 link(UDP-RECV)(ADDRESS_UDP_RECV),
453 link(UNIX-RECV)(ADDRESS_UNIX_RECV)
454label(ADDRESS_IP4_RECV)dit(bf(tt(IP4-RECV:<protocol>)))
455 Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv4.nl()
456 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl()
457label(ADDRESS_IP6_RECV)dit(bf(tt(IP6-RECV:<protocol>)))
458 Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv6.nl()
459 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
460
461label(ADDRESS_OPEN)dit(bf(tt(OPEN:<filename>)))
462 Opens link(<filename>)(TYPE_FILENAME) using the code(open()) system call
463 (link(example)(EXAMPLE_ADDRESS_OPEN)).
464 This operation fails on unixdomain() sockets. nl()
465 Note: This address type is rarly useful in bidirectional mode.nl()
466 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
467 Useful options:
468 link(creat)(OPTION_CREAT),
469 link(excl)(OPTION_EXCL),
470 link(noatime)(OPTION_O_NOATIME),
471 link(nofollow)(OPTION_NOFOLLOW),
472 link(append)(OPTION_APPEND),
473 link(rdonly)(OPTION_RDONLY),
474 link(wronly)(OPTION_WRONLY),
475 link(lock)(OPTION_LOCK),
476 link(readbytes)(OPTION_READBYTES),
477 link(ignoreeof)(OPTION_IGNOREEOF)nl()
478 See also:
479 link(CREATE)(ADDRESS_CREAT),
480 link(GOPEN)(ADDRESS_GOPEN),
481 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
482label(ADDRESS_OPENSSL_CONNECT)dit(bf(tt(OPENSSL:<host>:<port>)))
483 Tries to establish a SSL connection to <port> [link(TCP
484 service)(TYPE_TCP_SERVICE)] on
485 <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6
486 depending on address specification, name resolution, or option
487 link(pf)(OPTION_PROTOCOL_FAMILY).nl()
488 NOTE: The server certificate is only checked for validity against
489 link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH),
490 but not for match with the server's name or its IP address!nl()
491 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(OPENSSL)(GROUP_OPENSSL),link(RETRY)(GROUP_RETRY) nl()
492 Useful options:
493 link(cipher)(OPTION_OPENSSL_CIPHERLIST),
494 link(method)(OPTION_OPENSSL_METHOD),
495 link(verify)(OPTION_OPENSSL_VERIFY),
496 link(cafile)(OPTION_OPENSSL_CAFILE),
497 link(capath)(OPTION_OPENSSL_CAPATH),
498 link(certificate)(OPTION_OPENSSL_CERTIFICATE),
499 link(key)(OPTION_OPENSSL_KEY),
500 link(bind)(OPTION_BIND),
501 link(pf)(OPTION_PROTOCOL_FAMILY),
502 link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
503 link(sourceport)(OPTION_SOURCEPORT),
504 link(retry)(OPTION_RETRY)nl()
505 See also:
506 link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN),
507 link(TCP)(ADDRESS_TCP_CONNECT)
508label(ADDRESS_OPENSSL_LISTEN)dit(bf(tt(OPENSSL-LISTEN:<port>)))
509 Listens on tcp <port> [link(TCP service)(TYPE_TCP_SERVICE)].
510 The IP version is 4 or the one specified with
511 link(pf)(OPTION_PROTOCOL_FAMILY). When a
512 connection is accepted, this address behaves as SSL server.nl()
513 Note: You probably want to use the link(certificate)(OPTION_OPENSSL_CERTIFICATE) option with this address.nl()
514 NOTE: The client certificate is only checked for validity against
515 link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH),
516 but not for match with the client's name or its IP address!nl()
517 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(LISTEN)(GROUP_LISTEN),link(OPENSSL)(GROUP_OPENSSL),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(RETRY)(GROUP_RETRY) nl()
518 Useful options:
519 link(pf)(OPTION_PROTOCOL_FAMILY),
520 link(cipher)(OPTION_OPENSSL_CIPHERLIST),
521 link(method)(OPTION_OPENSSL_METHOD),
522 link(verify)(OPTION_OPENSSL_VERIFY),
523 link(cafile)(OPTION_OPENSSL_CAFILE),
524 link(capath)(OPTION_OPENSSL_CAPATH),
525 link(certificate)(OPTION_OPENSSL_CERTIFICATE),
526 link(key)(OPTION_OPENSSL_KEY),
527 link(fork)(OPTION_FORK),
528 link(bind)(OPTION_BIND),
529 link(range)(OPTION_RANGE),
530 link(tcpwrap)(OPTION_TCPWRAPPERS),
531 link(su)(OPTION_SUBSTUSER),
532 link(reuseaddr)(OPTION_REUSEADDR),
533 link(retry)(OPTION_RETRY)nl()
534 See also:
535 link(OPENSSL)(ADDRESS_OPENSSL_CONNECT),
536 link(TCP)(ADDRESS_TCP_CONNECT)
537label(ADDRESS_NAMED_PIPE)dit(bf(tt(PIPE:<filename>)))
538 If link(<filename>)(TYPE_FILENAME) already exists, it is opened.
539 If it does not exist, a named pipe is created and opened. Beginning with
540 socat version 1.4.3, the named pipe is removed when the address is closed
541 (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)nl()
542 Note: When a pipe is used for both reading and writing, it works
543 as echo service.nl()
544 Note: When a pipe is used for both reading and writing, and socat tries
545 to write more bytes than the pipe can buffer (Linux 2.4: 2048 bytes), socat
546 might block. Consider using socat option, e.g., code(-b 2048) nl()
547 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
548 Useful options:
549 link(rdonly)(OPTION_RDONLY),
550 link(nonblock)(OPTION_NONBLOCK),
551 link(group)(OPTION_GROUP),
552 link(user)(OPTION_USER),
553 link(mode)(OPTION_MODE),
554 link(unlink-early)(OPTION_UNLINK_EARLY)nl()
555 See also: link(unnamed pipe)(ADDRESS_UNNAMED_PIPE)
556label(ADDRESS_UNNAMED_PIPE)dit(bf(tt(PIPE)))
557 Creates an unnamed pipe and uses it for reading and writing. It works as an
558 echo, because everything written
559 to it appeares immediately as read data.nl()
560 Note: When socat tries to write more bytes than the pipe can queue (Linux
561 2.4: 2048 bytes), socat might block. Consider, e.g., using
562 option code(-b 2048) nl()
563 Option groups: link(FD)(GROUP_FD) nl()
564 See also: link(named pipe)(ADDRESS_NAMED_PIPE)
565label(ADDRESS_PROXY_CONNECT)dit(bf(tt(PROXY:<proxy>:<hostname>:<port>)))
566 Connects to an HTTP proxy server on port 8080 using TCP/IP version 4 or 6
567 depending on address specification, name resolution, or option
568 link(pf)(OPTION_PROTOCOL_FAMILY), and sends a CONNECT
569 request for hostname:port. If the proxy grants access and succeeds to
570 connect to the target, data transfer between socat and the target can
571 start. Note that the traffic need not be HTTP but can be an arbitrary
572 protocol. nl()
573 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(HTTP)(GROUP_HTTP),link(RETRY)(GROUP_RETRY) nl()
574 Useful options:
575 link(proxyport)(OPTION_PROXYPORT),
576 link(ignorecr)(OPTION_IGNORECR),
577 link(proxyauth)(OPTION_PROXY_AUTHORIZATION),
578 link(resolve)(OPTION_PROXY_RESOLVE),
579 link(crnl)(OPTION_CRNL),
580 link(bind)(OPTION_BIND),
581 link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
582 link(mss)(OPTION_MSS),
583 link(sourceport)(OPTION_SOURCEPORT),
584 link(retry)(OPTION_RETRY) nl()
585 See also: link(SOCKS)(ADDRESS_SOCKS4), link(TCP)(ADDRESS_TCP_CONNECT)
586label(ADDRESS_PTY)dit(bf(tt(PTY)))
587 Generates a pseudo terminal (pty) and uses its master side. Another process
588 may open the pty's slave side using it like a serial line or terminal.
589 (link(example)(EXAMPLE_ADDRESS_PTY)). If
590 both the ptmx and the openpty mechanisms are available, ptmx is used
591 (POSIX).nl()
592 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(PTY)(GROUP_PTY),link(TERMIOS)(GROUP_TERMIOS) nl()
593 Useful options:
594 link(link)(OPTION_SYMBOLIC_LINK),
595 link(openpty)(OPTION_OPENPTY),
596 link(wait-slave)(OPTION_PTY_WAIT_SLAVE),
597 link(mode)(OPTION_MODE),
598 link(user)(OPTION_USER),
599 link(group)(OPTION_GROUP)nl()
600 See also:
601 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
602 link(PIPE)(ADDRESS_NAMED_PIPE),
603 link(EXEC)(ADDRESS_EXEC), link(SYSTEM)(ADDRESS_SYSTEM)
604label(ADDRESS_READLINE)dit(bf(tt(READLINE)))
605 Uses GNU readline and history on stdio to allow editing and reusing input
606 lines (link(example)(EXAMPLE_ADDRESS_READLINE)). This requires the GNU readline and
607 history libraries. Note that stdio should be a (pseudo) terminal device,
608 otherwise readline does not seem to work.nl()
609 Option groups: link(FD)(GROUP_FD),link(READLINE)(GROUP_READLINE),link(TERMIOS)(GROUP_TERMIOS) nl()
610 Useful options:
611 link(history)(OPTION_HISTORY),
612 link(noecho)(OPTION_NOECHO)nl()
613 See also:
614 link(STDIO)(ADDRESS_STDIO)
615label(ADDRESS_SCTP_CONNECT)dit(bf(tt(SCTP-CONNECT:<host>:<port>)))
616 Establishes an SCTP stream connection to the specified <host> [link(IP
617 address)(TYPE_IP_ADDRESS)] and <port> [link(TCP service)(TYPE_TCP_SERVICE)]
618 using TCP/IP version 4 or 6 depending on address specification, name
619 resolution, or option link(pf)(OPTION_PROTOCOL_FAMILY).nl()
620 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
621 Useful options:
622 link(bind)(OPTION_BIND),
623 link(pf)(OPTION_PROTOCOL_FAMILY),
624 link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
625 link(tos)(OPTION_TOS),
626 link(mtudiscover)(OPTION_MTUDISCOVER),
627 link(sctp-maxseg)(OPTION_SCTP_MAXSEG),
628 link(sctp-nodelay)(OPTION_SCTP_NODELAY),
629 link(nonblock)(OPTION_NONBLOCK),
630 link(sourceport)(OPTION_SOURCEPORT),
631 link(retry)(OPTION_RETRY),
632 link(readbytes)(OPTION_READBYTES)nl()
633 See also:
634 link(SCTP4-CONNECT)(ADDRESS_SCTP4_CONNECT),
635 link(SCTP6-CONNECT)(ADDRESS_SCTP6_CONNECT),
636 link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN),
637 link(TCP-CONNECT)(ADDRESS_TCP_CONNECT)
638label(ADDRESS_SCTP4_CONNECT)dit(bf(tt(SCTP4-CONNECT:<host>:<port>)))
639 Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv4 protocol.nl()
640 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
641label(ADDRESS_SCTP6_CONNECT)dit(bf(tt(SCTP6-CONNECT:<host>:<port>)))
642 Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv6 protocol.nl()
643 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
644label(ADDRESS_SCTP_LISTEN)dit(bf(tt(SCTP-LISTEN:<port>)))
645 Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a
646 TCP/IP connection. The IP version is 4 or the one specified with
647 address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option
648 (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP).
649 Note that opening
650 this address usually blocks until a client connects.nl()
651 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
652 Useful options:
653 link(crnl)(OPTION_CRNL),
654 link(fork)(OPTION_FORK),
655 link(bind)(OPTION_BIND),
656 link(range)(OPTION_RANGE),
657 link(tcpwrap)(OPTION_TCPWRAPPERS),
658 link(pf)(OPTION_PROTOCOL_FAMILY),
659 link(backlog)(OPTION_BACKLOG),
660 link(sctp-maxseg)(OPTION_SCTP_MAXSEG),
661 link(sctp-nodelay)(OPTION_SCTP_NODELAY),
662 link(su)(OPTION_SUBSTUSER),
663 link(reuseaddr)(OPTION_REUSEADDR),
664 link(retry)(OPTION_RETRY),
665 link(cool-write)(OPTION_COOL_WRITE)nl()
666 See also:
667 link(SCTP4-LISTEN)(ADDRESS_SCTP4_LISTEN),
668 link(SCTP6-LISTEN)(ADDRESS_SCTP6_LISTEN),
669 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN),
670 link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT)
671label(ADDRESS_SCTP4_LISTEN)dit(bf(tt(SCTP4-LISTEN:<port>)))
672 Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv4
673 protocol.nl()
674 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
675label(ADDRESS_SCTP6_LISTEN)dit(bf(tt(SCTP6-LISTEN:<port>)))
676 Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv6
677 protocol.nl()
678 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
679label(ADDRESS_SOCKET_CONNECT)dit(bf(tt(SOCKET-CONNECT:<domain>:<protocol>:<remote-address>)))
680 Creates a stream socket using the first and second given socket parameters
681 and tt(SOCK_STREAM) (see man socket\(2)) and connects to the remote-address.
682 The two socket parameters have to be specified by link(int)(TYPE_INT)
683 numbers. Consult your OS documentation and include files to find the
684 appropriate values. The remote-address must be the link(data)(TYPE_DATA)
685 representation of a sockaddr structure without sa_family and (BSD) sa_len
686 components.nl()
687 Please note that you can - beyond the options of the specified groups - also
688 use options of higher level protocols when you apply socat option
689 link(-g)(option_g).nl()
690 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl()
691 Useful options:
692 link(bind)(OPTION_BIND),
693 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
694 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
695 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
696 nl()
697 See also:
698 link(TCP)(ADDRESS_TCP_CONNECT),
699 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
700 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
701 link(SOCKET-LISTEN)(ADDRESS_SOCKET_LISTEN),
702 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO)
703label(ADDRESS_SOCKET_DATAGRAM)dit(bf(tt(SOCKET-DATAGRAM:<domain>:<type>:<protocol>:<remote-address>)))
704 Creates a datagram socket using the first three given socket parameters (see
705 man socket\(2)) and sends outgoing data to the remote-address. The three
706 socket parameters have to be specified by link(int)(TYPE_INT)
707 numbers. Consult your OS documentation and include files to find the
708 appropriate values. The remote-address must be the link(data)(TYPE_DATA)
709 representation of a sockaddr structure without sa_family and (BSD) sa_len
710 components.nl()
711 Please note that you can - beyond the options of the specified groups - also
712 use options of higher level protocols when you apply socat option
713 link(-g)(option_g).nl()
714 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl()
715 Useful options:
716 link(bind)(OPTION_BIND),
717 link(range)(OPTION_RANGE),
718 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
719 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
720 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
721 nl()
722 See also:
723 link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM),
724 link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM),
725 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
726 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV),
727 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
728label(ADDRESS_SOCKET_LISTEN)dit(bf(tt(SOCKET-LISTEN:<domain>:<protocol>:<local-address>)))
729 Creates a stream socket using the first and second given socket parameters
730 and tt(SOCK_STREAM) (see man socket\(2)) and waits for incoming connections
731 on local-address. The two socket parameters have to be specified by
732 link(int)(TYPE_INT) numbers. Consult your OS documentation and include files
733 to find the appropriate values. The local-address must be the
734 link(data)(TYPE_DATA) representation of a sockaddr structure without
735 sa_family and (BSD) sa_len components.nl()
736 Please note that you can - beyond the options of the specified groups - also
737 use options of higher level protocols when you apply socat option
738 link(-g)(option_g).nl()
739 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(RANGE)(GROUP_RANGE),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl()
740 Useful options:
741 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
742 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
743 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
744 nl()
745 See also:
746 link(TCP)(ADDRESS_TCP_LISTEN),
747 link(UDP-CONNECT)(ADDRESS_UDP_LISTEN),
748 link(UNIX-CONNECT)(ADDRESS_UNIX_LISTEN),
749 link(SOCKET-LISTEN)(ADDRESS_SOCKET_CONNECT),
750 link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECVFROM),
751 link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECV)
752label(ADDRESS_SOCKET_RECV)dit(bf(tt(SOCKET-RECV:<domain>:<type>:<protocol>:<local-address>)))
753 Creates a socket using the three given socket parameters (see man socket\(2))
754 and binds it to <local-address>. Receives arriving data. The three
755 parameters have to be specified by link(int)(TYPE_INT) numbers. Consult your
756 OS documentation and include files to find the appropriate values. The
757 local-address must be the link(data)(TYPE_DATA) representation of a sockaddr
758 structure without sa_family and (BSD) sa_len components.nl()
759 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl()
760 Useful options:
761 link(range)(OPTION_RANGE),
762 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
763 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
764 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
765 nl()
766 See also:
767 link(UDP-RECV)(ADDRESS_UDP_RECV),
768 link(IP-RECV)(ADDRESS_IP_RECV),
769 link(UNIX-RECV)(ADDRESS_UNIX_RECV),
770 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
771 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
772 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
773label(ADDRESS_SOCKET_RECVFROM)dit(bf(tt(SOCKET-RECVFROM:<domain>:<type>:<protocol>:<local-address>)))
774 Creates a socket using the three given socket parameters (see man socket\(2))
775 and binds it to <local-address>. Receives arriving data and sends replies
776 back to the sender. The first three parameters have to be specified as
777 link(int)(TYPE_INT) numbers. Consult your OS documentation and include files
778 to find the appropriate values. The local-address must be the
779 link(data)(TYPE_DATA) representation of a sockaddr structure without
780 sa_family and (BSD) sa_len components.nl()
781 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)nl()
782 Useful options:
783 link(fork)(OPTION_FORK),
784 link(range)(OPTION_RANGE),
785 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
786 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
787 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
788 nl()
789 See also:
790 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
791 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
792 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
793 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
794 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
795 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV)
796label(ADDRESS_SOCKET_SENDTO)dit(bf(tt(SOCKET-SENDTO:<domain>:<type>:<protocol>:<remote-address>)))
797 Creates a socket using the three given socket parameters (see man
798 socket\(2)). Sends outgoing data to the given address and receives replies.
799 The three parameters have to be specified as link(int)(TYPE_INT)
800 numbers. Consult your OS documentation and include files to find the
801 appropriate values. The remote-address must be the link(data)(TYPE_DATA)
802 representation of a sockaddr structure without sa_family and (BSD) sa_len
803 components.nl()
804 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET)nl()
805 Useful options:
806 link(bind)(OPTION_BIND),
807 link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
808 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
809 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
810 nl()
811 See also:
812 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
813 link(IP-SENDTO)(ADDRESS_IP_SENDTO),
814 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
815 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
816 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV)
817 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
818label(ADDRESS_SOCKS4)dit(bf(tt(SOCKS4:<socks-server>:<host>:<port>)))
819 Connects via <socks-server> [link(IP address)(TYPE_IP_ADDRESS)]
820 to <host> [link(IPv4 address)(TYPE_IPV4_ADDRESS)]
821 on <port> [link(TCP service)(TYPE_TCP_SERVICE)],
822 using socks version 4 protocol over IP version 4 or 6 depending on address specification, name resolution, or option
823 link(pf)(OPTION_PROTOCOL_FAMILY) (link(example)(EXAMPLE_ADDRESS_SOCKS4)).nl()
824 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl()
825 Useful options:
826 link(socksuser)(OPTION_SOCKSUSER),
827 link(socksport)(OPTION_SOCKSPORT),
828 link(sourceport)(OPTION_SOURCEPORT),
829 link(pf)(OPTION_PROTOCOL_FAMILY),
830 link(retry)(OPTION_RETRY)nl()
831 See also:
832 link(SOCKS4A)(ADDRESS_SOCKS4A),
833 link(PROXY)(ADDRESS_PROXY_CONNECT),
834 link(TCP)(ADDRESS_TCP_CONNECT)
835label(ADDRESS_SOCKS4A)dit(bf(tt(SOCKS4A:<socks-server>:<host>:<port>)))
836 like link(SOCKS4)(ADDRESS_SOCKS4), but uses socks protocol version 4a, thus
837 leaving host name resolution to the socks server.nl()
838 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl()
839label(ADDRESS_STDERR)dit(bf(tt(STDERR)))
840 Uses file descriptor 2.nl()
841 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
842 See also: link(FD)(ADDRESS_FD)
843label(ADDRESS_STDIN)dit(bf(tt(STDIN)))
844 Uses file descriptor 0.nl()
845 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
846 Useful options:
847 link(readbytes)(OPTION_READBYTES)nl()
848 See also: link(FD)(ADDRESS_FD)
849label(ADDRESS_STDIO)dit(bf(tt(STDIO)))
850 Uses file descriptor 0 for reading, and 1 for writing.nl()
851 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
852 Useful options:
853 link(readbytes)(OPTION_READBYTES)nl()
854 See also: link(FD)(ADDRESS_FD)
855label(ADDRESS_STDOUT)dit(bf(tt(STDOUT)))
856 Uses file descriptor 1.nl()
857 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
858 See also: link(FD)(ADDRESS_FD)
859label(ADDRESS_SYSTEM)dit(bf(tt(SYSTEM:<shell-command>)))
860 Forks a sub process that establishes communication with its parent process
861 and invokes the specified program with code(system()). Please note that
862 <shell-command> [link(string)(TYPE_STRING)] must
863 not contain ',' or "!!", and that shell meta characters may have to be
864 protected.
865 After successful program start, socat() writes data to stdin of the
866 process and reads from its stdout.nl()
867 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl()
868 Useful options:
869 link(path)(OPTION_PATH),
870 link(fdin)(OPTION_FDIN),
871 link(fdout)(OPTION_FDOUT),
872 link(chroot)(OPTION_CHROOT),
873 link(su)(OPTION_SUBSTUSER),
874 link(su-d)(OPTION_SUBSTUSER_DELAYED),
875 link(nofork)(OPTION_NOFORK),
876 link(pty)(OPTION_PTY),
877 link(stderr)(OPTION_STDERR),
878 link(ctty)(OPTION_CTTY),
879 link(setsid)(OPTION_SETSID),
880 link(pipes)(OPTION_PIPES),
881 link(sigint)(OPTION_SIGINT),
882 link(sigquit)(OPTION_SIGQUIT)nl()
883 See also: link(EXEC)(ADDRESS_EXEC)
884label(ADDRESS_TCP_CONNECT)dit(bf(tt(TCP:<host>:<port>)))
885 Connects to <port> [link(TCP service)(TYPE_TCP_SERVICE)] on
886 <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6
887 depending on address specification, name resolution, or option
888 link(pf)(OPTION_PROTOCOL_FAMILY).nl()
889 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
890 Useful options:
891 link(crnl)(OPTION_CRNL),
892 link(bind)(OPTION_BIND),
893 link(pf)(OPTION_PROTOCOL_FAMILY),
894 link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
895 link(tos)(OPTION_TOS),
896 link(mtudiscover)(OPTION_MTUDISCOVER),
897 link(mss)(OPTION_MSS),
898 link(nodelay)(OPTION_NODELAY),
899 link(nonblock)(OPTION_NONBLOCK),
900 link(sourceport)(OPTION_SOURCEPORT),
901 link(retry)(OPTION_RETRY),
902 link(readbytes)(OPTION_READBYTES)nl()
903 See also:
904 link(TCP4)(ADDRESS_TCP4_CONNECT),
905 link(TCP6)(ADDRESS_TCP6_CONNECT),
906 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN),
907 link(UDP)(ADDRESS_UDP_CONNECT),
908 link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT),
909 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
910label(ADDRESS_TCP4_CONNECT)dit(bf(tt(TCP4:<host>:<port>)))
911 Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv4 protocol (link(example)(EXAMPLE_ADDRESS_TCP4_CONNECT)).nl()
912 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
913label(ADDRESS_TCP6_CONNECT)dit(bf(tt(TCP6:<host>:<port>)))
914 Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv6 protocol.nl()
915 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
916label(ADDRESS_TCP_LISTEN)dit(bf(tt(TCP-LISTEN:<port>)))
917 Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a
918 TCP/IP connection. The IP version is 4 or the one specified with
919 address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option
920 (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP).
921 Note that opening
922 this address usually blocks until a client connects.nl()
923 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
924 Useful options:
925 link(crnl)(OPTION_CRNL),
926 link(fork)(OPTION_FORK),
927 link(bind)(OPTION_BIND),
928 link(range)(OPTION_RANGE),
929 link(tcpwrap)(OPTION_TCPWRAPPERS),
930 link(pf)(OPTION_PROTOCOL_FAMILY),
931 link(backlog)(OPTION_BACKLOG),
932 link(mss)(OPTION_MSS),
933 link(su)(OPTION_SUBSTUSER),
934 link(reuseaddr)(OPTION_REUSEADDR),
935 link(retry)(OPTION_RETRY),
936 link(cool-write)(OPTION_COOL_WRITE)nl()
937 See also:
938 link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN),
939 link(TCP6-LISTEN)(ADDRESS_TCP6_LISTEN),
940 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
941 link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN),
942 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
943 link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN),
944 link(TCP-CONNECT)(ADDRESS_TCP_CONNECT)
945label(ADDRESS_TCP4_LISTEN)dit(bf(tt(TCP4-LISTEN:<port>)))
946 Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv4
947 protocol (link(example)(EXAMPLE_ADDRESS_TCP4_LISTEN)).nl()
948 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
949label(ADDRESS_TCP6_LISTEN)dit(bf(tt(TCP6-LISTEN:<port>)))
950 Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv6
951 protocol.nl()
952 Additional useful option:
953 link(ipv6only)(OPTION_IPV6_V6ONLY)nl()
954 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
955label(ADDRESS_TUN)dit(bf(tt(TUN:<if-addr>/<bits>)))
956 Creates a Linux TUN/TAP device and assignes to it the address and netmask
957 defined by the parameters. The resulting network interface is ready for use
958 by other processes; socat serves its "wire side". This address requires read
959 and write access to the tunnel cloning device, usually code(/dev/net/tun).
960 nl()
961 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN),link(TUN)(GROUP_TUN) nl()
962 Useful options:
963 link(iff-up)(OPTION_IFF_UP),
964 link(tun-device)(OPTION_TUN_DEVICE),
965 link(tun-name)(OPTION_TUN_NAME),
966 link(tun-type)(OPTION_TUN_TYPE),
967 link(iff-no-pi)(OPTION_IFF_NO_PI) nl()
968 See also:
969 link(ip-recv)(ADDRESS_IP_RECV)
970label(ADDRESS_UDP_CONNECT)dit(bf(tt(UDP:<host>:<port>)))
971 Connects to <port> [link(UDP service)(TYPE_UDP_SERVICE)] on
972 <host> [link(IP address)(TYPE_IP_ADDRESS)] using UDP/IP version 4 or 6
973 depending on address specification, name resolution, or option
974 link(pf)(OPTION_PROTOCOL_FAMILY).nl()
975 Please note that,
976 due to UDP protocol properties, no real connection is established; data has
977 to be sent for `connecting' to the server, and no end-of-file condition can
978 be transported.nl()
979 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
980 Useful options:
981 link(ttl)(OPTION_TTL),
982 link(tos)(OPTION_TOS),
983 link(bind)(OPTION_BIND),
984 link(sourceport)(OPTION_SOURCEPORT),
985 link(pf)(OPTION_PROTOCOL_FAMILY)nl()
986 See also:
987 link(UDP4)(ADDRESS_UDP4_CONNECT),
988 link(UDP6)(ADDRESS_UDP6_CONNECT),
989 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
990 link(TCP)(ADDRESS_TCP_CONNECT),
991 link(IP)(ADDRESS_IP_SENDTO)
992label(ADDRESS_UDP4_CONNECT)dit(bf(tt(UDP4:<host>:<port>)))
993 Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv4 protocol.nl()
994 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl()
995label(ADDRESS_UDP6_CONNECT)dit(bf(tt(UDP6:<host>:<port>)))
996 Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv6 protocol.nl()
997 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl()
998label(ADDRESS_UDP_DATAGRAM)dit(bf(tt(UDP-DATAGRAM:<address>:<port>)))
999 Sends outgoing data to the specified address which may in particular be a
1000 broadcast or multicast address. Packets arriving on the local socket are
1001 checked for the correct remote port and if their source addresses match
1002 link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
1003 options. This address type can for example be used for implementing
1004 symmetric or asymmetric broadcast or multicast communications.nl()
1005 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
1006 Useful options:
1007 link(bind)(OPTION_BIND),
1008 link(range)(OPTION_RANGE),
1009 link(tcpwrap)(OPTION_TCPWRAPPERS),
1010 link(broadcast)(OPTION_SO_BROADCAST),
1011 link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP),
1012 link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL),
1013 link(ip-multicast-if)(OPTION_IP_MULTICAST_IF),
1014 link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP),
1015 link(ttl)(OPTION_TTL),
1016 link(tos)(OPTION_TOS),
1017 link(sourceport)(OPTION_SOURCEPORT),
1018 link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1019 See also:
1020 link(UDP4-DATAGRAM)(ADDRESS_UDP4_DATAGRAM),
1021 link(UDP6-DATAGRAM)(ADDRESS_UDP6_DATAGRAM),
1022 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1023 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1024 link(UDP-RECV)(ADDRESS_UDP_RECV),
1025 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1026 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1027 link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM)
1028label(ADDRESS_UDP4_DATAGRAM)dit(bf(tt(UDP4-DATAGRAM:<address>:<port>)))
1029 Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv4
1030 protocol (link(example1)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT),
1031 link(example2)(EXAMPLE_ADDRESS_UDP4_MULTICAST)).nl()
1032 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4), link(RANGE)(GROUP_RANGE)
1033label(ADDRESS_UDP6_DATAGRAM)dit(bf(tt(UDP6-DATAGRAM:<address>:<port>)))
1034 Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv6
1035 protocol.nl()
1036 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE)
1037label(ADDRESS_UDP_LISTEN)dit(bf(tt(UDP-LISTEN:<port>)))
1038 Waits for a UDP/IP packet arriving on <port>
1039 [link(UDP service)(TYPE_UDP_SERVICE)] and `connects' back to sender.
1040 The accepted IP version is 4 or the one specified with option
1041 link(pf)(OPTION_PROTOCOL_FAMILY).
1042 Please note that,
1043 due to UDP protocol properties, no real connection is established; data has
1044 to arrive from the peer first, and no end-of-file condition can be
1045 transported. Note that opening
1046 this address usually blocks until a client connects.nl()
1047 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
1048 Useful options:
1049 link(fork)(OPTION_FORK),
1050 link(bind)(OPTION_BIND),
1051 link(range)(OPTION_RANGE),
1052 link(pf)(OPTION_PROTOCOL_FAMILY) nl()
1053 See also:
1054 link(UDP)(ADDRESS_UDP_CONNECT),
1055 link(UDP4-LISTEN)(ADDRESS_UDP4_LISTEN),
1056 link(UDP6-LISTEN)(ADDRESS_UDP6_LISTEN),
1057 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN)
1058label(ADDRESS_UDP4_LISTEN)dit(bf(tt(UDP4-LISTEN:<port>)))
1059 Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv4
1060 protocol.nl()
1061 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4) nl()
1062label(ADDRESS_UDP6_LISTEN)dit(bf(tt(UDP6-LISTEN:<port>)))
1063 Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv6
1064 protocol.nl()
1065 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6) nl()
1066label(ADDRESS_UDP_SENDTO)dit(bf(tt(UDP-SENDTO:<host>:<port>)))
1067 Communicates with the specified peer socket, defined by <port> [link(UDP
1068 service)(TYPE_UDP_SERVICE)] on
1069 <host> [link(IP address)(TYPE_IP_ADDRESS)], using UDP/IP version 4 or 6
1070 depending on address specification, name resolution, or option
1071 link(pf)(OPTION_PROTOCOL_FAMILY). It sends packets to and receives packets
1072 from that peer socket only.
1073 This address effectively implements a datagram client.
1074 It works well with socat UDP-RECVFROM and UDP-RECV address peers.nl()
1075 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
1076 Useful options:
1077 link(ttl)(OPTION_TTL),
1078 link(tos)(OPTION_TOS),
1079 link(bind)(OPTION_BIND),
1080 link(sourceport)(OPTION_SOURCEPORT),
1081 link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1082 See also:
1083 link(UDP4-SENDTO)(ADDRESS_UDP4_SENDTO),
1084 link(UDP6-SENDTO)(ADDRESS_UDP6_SENDTO),
1085 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1086 link(UDP-RECV)(ADDRESS_UDP_RECV),
1087 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1088 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1089 link(IP-SENDTO)(ADDRESS_IP_SENDTO)
1090label(ADDRESS_UDP4_SENDTO)dit(bf(tt(UDP4-SENDTO:<host>:<port>)))
1091 Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv4
1092 protocol.nl()
1093 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4)
1094label(ADDRESS_UDP6_SENDTO)dit(bf(tt(UDP6-SENDTO:<host>:<port>)))
1095 Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv6
1096 protocol.nl()
1097 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6)
1098
1099label(ADDRESS_UDP_RECVFROM)dit(bf(tt(UDP-RECVFROM:<port>)))
1100 Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using
1101 UDP/IP version 4 or 6
1102 depending on option link(pf)(OPTION_PROTOCOL_FAMILY).
1103 It receives one packet from an unspecified peer and may send one or more
1104 answer packets to that peer. This mode is particularly useful with fork
1105 option
1106 where each arriving packet - from arbitrary peers - is handled by its own sub
1107 process. This allows a behaviour similar to typical UDP based servers like ntpd
1108 or named. This address works well with socat UDP-SENDTO address peers.nl()
1109 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
1110 Useful options:
1111 link(fork)(OPTION_FORK),
1112 link(ttl)(OPTION_TTL),
1113 link(tos)(OPTION_TOS),
1114 link(bind)(OPTION_BIND),
1115 link(sourceport)(OPTION_SOURCEPORT),
1116 link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1117 See also:
1118 link(UDP4-RECVFROM)(ADDRESS_UDP4_RECVFROM),
1119 link(UDP6-RECVFROM)(ADDRESS_UDP6_RECVFROM),
1120 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1121 link(UDP-RECV)(ADDRESS_UDP_RECV),
1122 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1123 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1124 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
1125 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM)
1126label(ADDRESS_UDP4_RECVFROM)dit(bf(tt(UDP4-RECVFROM:<port>)))
1127 Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv4 protocol.nl()
1128 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)
1129label(ADDRESS_UDP6_RECVFROM)dit(bf(tt(UDP6-RECVFROM:<port>)))
1130 Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv6 protocol.nl()
1131 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)
1132
1133label(ADDRESS_UDP_RECV)dit(bf(tt(UDP-RECV:<port>)))
1134 Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using UDP/IP version 4 or 6
1135 depending on option link(pf)(OPTION_PROTOCOL_FAMILY).
1136 It receives packets from multiple unspecified peers and merges the data.
1137 No replies are possible. It works well with, e.g., socat UDP-SENDTO address peers; it behaves similar to a syslog server.nl()
1138 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
1139 Useful options:
1140 link(fork)(OPTION_FORK),
1141 link(pf)(OPTION_PROTOCOL_FAMILY),
1142 link(bind)(OPTION_BIND),
1143 link(sourceport)(OPTION_SOURCEPORT),
1144 link(ttl)(OPTION_TTL),
1145 link(tos)(OPTION_TOS)nl()
1146 See also:
1147 link(UDP4-RECV)(ADDRESS_UDP4_RECV),
1148 link(UDP6-RECV)(ADDRESS_UDP6_RECV),
1149 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1150 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1151 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1152 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1153 link(IP-RECV)(ADDRESS_IP_RECV),
1154 link(UNIX-RECV)(ADDRESS_UNIX_RECV)
1155label(ADDRESS_UDP4_RECV)dit(bf(tt(UDP4-RECV:<port>)))
1156 Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv4 protocol.nl()
1157 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE)
1158label(ADDRESS_UDP6_RECV)dit(bf(tt(UDP6-RECV:<port>)))
1159 Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv6 protocol.nl()
1160 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE)
1161
1162label(ADDRESS_UNIX_CONNECT)dit(bf(tt(UNIX-CONNECT:<filename>)))
1163 Connects to link(<filename>)(TYPE_FILENAME) assuming it is a unixdomain()
1164 socket.
1165 If <filename> does not exist, this is an error;
1166 if <filename> is not a unixdomain() socket, this is an error;
1167 if <filename> is a unixdomain() socket, but no process is listening, this is
1168 an error.nl()
1169 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl())
1170 Useful options:
1171 link(bind)(OPTION_BIND)nl()
1172 See also:
1173 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1174 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1175 link(TCP)(ADDRESS_TCP_CONNECT)
1176
1177label(ADDRESS_UNIX_LISTEN)dit(bf(tt(UNIX-LISTEN:<filename>)))
1178 Listens on link(<filename>)(TYPE_FILENAME) using a unixdomain() stream
1179 socket and accepts a connection.
1180 If <filename> exists and is not a socket, this is an error.
1181 If <filename> exists and is a unixdomain() socket, binding to the address
1182 fails (use option link(unlink-early)(OPTION_UNLINK_EARLY)!).
1183 Note that opening this address usually blocks until a client connects.
1184 Beginning with socat version 1.4.3, the file system entry is removed when
1185 this address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)) (link(example)(EXAMPLE_ADDRESS_UNIX_LISTEN)).nl()
1186 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl()
1187 Useful options:
1188 link(fork)(OPTION_FORK),
1189 link(umask)(OPTION_UMASK),
1190 link(mode)(OPTION_MODE),
1191 link(user)(OPTION_USER),
1192 link(group)(OPTION_GROUP),
1193 link(unlink-early)(OPTION_UNLINK_EARLY)nl()
1194 See also:
1195 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1196 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1197 link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1198 link(TCP-LISTEN)(ADDRESS_TCP4_LISTEN)
1199
1200label(ADDRESS_UNIX_SENDTO)dit(bf(tt(UNIX-SENDTO:<filename>)))
1201 Communicates with the specified peer socket, defined by [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() datagram socket.
1202 It sends packets to and receives packets from that peer socket only.
1203 Please note that it might be neccessary to link(bind)(OPTION_BIND) the
1204 local socket to an address (e.g. tt(/tmp/sock1), which must not exist
1205 before).
1206 This address type works well with socat UNIX-RECVFROM and UNIX-RECV address
1207 peers.nl()
1208 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX)nl()
1209 Useful options:
1210 link(bind)(OPTION_BIND)nl()
1211 See also:
1212 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1213 link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1214 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1215 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1216 link(IP-SENDTO)(ADDRESS_IP_SENDTO)
1217
1218label(ADDRESS_UNIX_RECVFROM)dit(bf(tt(UNIX-RECVFROM:<filename>)))
1219 Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)].
1220 Receives one packet and may send one or more answer packets to that peer.
1221 This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.
1222 This address works well with socat UNIX-SENDTO address peers.nl()
1223 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(CHILD)(GROUP_CHILD),link(UNIX)(GROUP_SOCK_UNIX) nl()
1224 Useful options:
1225 link(fork)(OPTION_FORK)nl()
1226 See also:
1227 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1228 link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1229 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1230 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1231 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM)
1232
1233label(ADDRESS_UNIX_RECV)dit(bf(tt(UNIX-RECV:<filename>)))
1234 Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)].
1235 Receives packets from multiple unspecified peers and merges the data.
1236 No replies are possible. It can be, e.g., addressed by socat UNIX-SENDTO address peers.
1237 It behaves similar to a syslog server.
1238 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl()
1239 See also:
1240 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1241 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1242 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1243 link(UDP-RECV)(ADDRESS_UDP_RECV),
1244 link(IP-RECV)(ADDRESS_IP_RECV)
1245
1246label(ADDRESS_UNIX_CLIENT)dit(bf(tt(UNIX-CLIENT:<filename>)))
1247 Communicates with the specified peer socket, defined by
1248 [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() socket.
1249 It first tries to connect and, if that fails, assumes it is a datagram
1250 socket, thus supporting both types.nl()
1251 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl()
1252 Useful options:
1253 link(bind)(OPTION_BIND)nl()
1254 See also:
1255 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1256 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1257 link(GOPEN)(ADDRESS_GOPEN)
1258
1259dit(bf(tt(ABSTRACT-CONNECT:<string>)))
1260dit(bf(tt(ABSTRACT-LISTEN:<string>)))
1261dit(bf(tt(ABSTRACT-SENDTO:<string>)))
1262dit(bf(tt(ABSTRACT-RECVFROM:<string>)))
1263dit(bf(tt(ABSTRACT-RECV:<string>)))
1264dit(bf(tt(ABSTRACT-CLIENT:<string>)))
1265 The ABSTRACT addresses are almost identical to the related UNIX addresses
1266 except that they do not address file system based sockets but an alternate
1267 unixdomain() address space. To archieve this the socket address strings are
1268 prefixed with "\0" internally. This feature is available (only?) on Linux.
1269 Option groups are the same as with the related UNIX addresses, except that
1270 the ABSTRACT addresses are not member of the NAMED group.
1271enddit()
1272
1273
1274label(ADDRESS_OPTIONS)
1275manpagesection(ADDRESS OPTIONS)
1276
1277Address options can be applied to address specifications to influence the
1278process of opening the addresses and the
1279properties of the resulting data channels.
1280
1281For technical reasons not every option can be
1282applied to every address type; e.g., applying a socket option to a regular file
1283will fail. To catch most useless combinations as early as in the open phase,
1284the concept of em(option groups) was introduced. Each option belongs to one
1285or more option groups. Options can be used only with address types that support
1286at least one of their option groups (but see link(option -g)(option_g)).
1287
1288Address options have data types that their values must conform to.
1289Every address option consists of just a keyword or a keyword followed by
1290"=value", where value must conform to the options type.
1291COMMENT(Options that trigger a call with
1292trivial parameters are described with type BOOL which might be misleading.)
1293Some address options manipulate parameters of system calls;
1294e.g., option sync sets the code(O_SYNC) flag with the code(open()) call.
1295Other options cause a system or library call; e.g., with option `ttl=value'
1296the code(setsockopt(fd, SOL_IP, IP_TTL, value, sizeof(int))) call is applied.
1297Other
1298options set internal socat() variables that are used during data transfer;
1299e.g., `crnl' causes explicit character conversions.
1300A few options have more complex implementations; e.g., su-d
1301(substuser-delayed) inquires some user and group infos, stores them, and
1302applies them later after a possible code(chroot()) call.
1303
1304If multiple options are given to an address, their sequence in the address specification has (almost) no
1305effect on the sequence of their execution/application. Instead, socat() has
1306built in an em(option phase) model that tries to bring the options in a useful
1307order. Some options exist in different forms (e.g.,
1308unlink, unlink-early, unlink-late) to control the time of their execution.
1309
1310If the same option is specified more than once within one address
1311specification, with equal or different values, the effect depends on the kind of option. Options
1312resulting in function calls like code(setsockopt()) cause multiple
1313invocations. With options that set parameters for a required call like
1314code(open())
1315or set internal flags, the value of the last option occurrence is effective.
1316
1317The existence or semantics of many options are system dependent. Socat()
1318usually does NOT try to emulate missing libc or kernel features, it just
1319provides an
1320interface to the underlying system. So, if an operating system lacks a feature,
1321the related option is simply not available on this platform.
1322
1323The following paragraphs introduce just the more common address options. For
1324a more comprehensive reference and to find information about canonical option
1325names, alias names, option phases, and platforms see file file(xio.help).
1326nl() nl()
1327
1328startdit()enddit()nl()
1329
1330
1331label(GROUP_FD)em(bf(FD option group))
1332
1333This option group contains options that are applied to a unix()
1334style file descriptor, no matter how it was generated.
1335Because all current socat() address types are file descriptor based, these
1336options may be applied to any address. nl()
1337Note: Some of these options are also member of another option group, that
1338provides an other, non-fd based mechanism.
1339For these options, it depends on the actual address type and its option groups
1340which mechanism is used. The second, non-fd based mechanism is prioritized.
1341startdit()
1342label(OPTION_CLOEXEC)dit(bf(tt(cloexec=<bool>)))
1343 Sets the code(FD_CLOEXEC) flag with the code(fcntl()) system call to value
1344 link(<bool>)(TYPE_BOOL). If set,
1345 the file descriptor is closed on code(exec()) family function calls. Socat()
1346 internally handles
1347 this flag for the fds it controls, so in most cases there will be no need to
1348 apply this option.
1349label(OPTION_SETLK_WR)dit(bf(tt(setlk)))
1350 Tries to set a discretionary write lock to the whole file using the code(fcntl(fd,
1351 F_SETLK, ...)) system call. If the file is already locked, this call results
1352 in an error.
1353 On Linux, when the file permissions for group are "S" (g-x,g+s), and the
1354 file system is locally mounted with the "mand" option, the lock is
1355 mandatory, i.e. prevents other processes from opening the file.
1356label(OPTION_SETLKW_WR)dit(bf(tt(setlkw)))
1357 Tries to set a discretionary waiting write lock to the whole file using the
1358 code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already locked,
1359 this call blocks.
1360 See option link(setlk)(OPTION_SETLK_WR) for information about making this
1361 lock mandatory.
1362label(OPTION_SETLK_RD)dit(bf(tt(setlk-rd)))
1363 Tries to set a discretionary read lock to the whole file using the code(fcntl(fd,
1364 F_SETLK, ...)) system call. If the file is already write locked, this call
1365 results in an error.
1366 See option link(setlk)(OPTION_SETLK_WR) for information about making this
1367 lock mandatory.
1368label(OPTION_SETLKW_RD)dit(bf(tt(setlkw-rd)))
1369 Tries to set a discretionary waiting read lock to the whole file using the
1370 code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already write
1371 locked, this call blocks.
1372 See option link(setlk)(OPTION_SETLK_WR) for information about making this
1373 lock mandatory.
1374label(OPTION_FLOCK_EX)dit(bf(tt(flock-ex)))
1375 Tries to set a blocking exclusive advisory lock to the file using the
1376 code(flock(fd, LOCK_EX)) system call. Socat() hangs in this call if the file
1377 is locked by another process.
1378label(OPTION_FLOCK_EX_NB)dit(bf(tt(flock-ex-nb)))
1379 Tries to set a nonblocking exclusive advisory lock to the file using the
1380 code(flock(fd, LOCK_EX|LOCK_NB)) system call. If the file is already locked,
1381 this option results in an error.
1382label(OPTION_FLOCK_SH)dit(bf(tt(flock-sh)))
1383 Tries to set a blocking shared advisory lock to the file using the
1384 code(flock(fd, LOCK_SH)) system call. Socat() hangs in this call if the file
1385 is locked by another process.
1386label(OPTION_FLOCK_SH_NB)dit(bf(tt(flock-sh-nb)))
1387 Tries to set a nonblocking shared advisory lock to the file using the
1388 code(flock(fd, LOCK_SH|LOCK_NB)) system call. If the file is already locked,
1389 this option results in an error.
1390label(OPTION_LOCK)dit(bf(tt(lock)))
1391 Sets a blocking lock on the file. Uses the setlk or flock mechanism
1392 depending on availability on the particular platform. If both are available,
1393 the POSIX variant (setlkw) is used.
1394label(OPTION_USER)dit(bf(tt(user=<user>)))
1395 Sets the link(<user>)(TYPE_USER) (owner) of the stream.
1396 If the address is member of the NAMED option group,
1397 socat() uses the code(chown()) system call after opening the
1398 file or binding to the unixdomain() socket (race condition!).
1399 Without filesystem entry, socat() sets the user of the stream
1400 using the code(fchown()) system call.
1401 These calls might require root privilege.
1402label(OPTION_USER_LATE)dit(bf(tt(user-late=<user>)))
1403 Sets the owner of the fd to link(<user>)(TYPE_USER) with the code(fchown())
1404 system call after opening
1405 or connecting the channel.
1406 This is useful only on file system entries.
1407label(OPTION_GROUP)dit(bf(tt(group=<group>)))
1408 Sets the link(<group>)(TYPE_GROUP) of the stream.
1409 If the address is member of the NAMED option group,
1410 socat() uses the code(chown()) system call after opening the
1411 file or binding to the unixdomain() socket (race condition!).
1412 Without filesystem entry, socat() sets the group of the stream
1413 with the code(fchown()) system call.
1414 These calls might require group membership or root privilege.
1415label(OPTION_GROUP_LATE)dit(bf(tt(group-late=<group>)))
1416 Sets the group of the fd to link(<group>)(TYPE_GROUP) with the
1417 code(fchown()) system call after opening
1418 or connecting the channel.
1419 This is useful only on file system entries.
1420label(OPTION_MODE)dit(bf(tt(mode=<mode>)))
1421 Sets the <mode> [link(mode_t)(TYPE_MODE_T)] (permissions) of the stream.
1422 If the address is member of the NAMED option group and
1423 uses the code(open()) or code(creat()) call, the mode is applied with these.
1424 If the address is member of the NAMED option group without using these
1425 system calls, socat() uses the code(chmod()) system call after opening the
1426 filesystem entry or binding to the unixdomain() socket (race condition!).
1427 Otherwise, socat() sets the mode of the stream
1428 using code(fchmod()).
1429 These calls might require ownership or root privilege.
1430label(OPTION_PERM_LATE)dit(bf(tt(perm-late=<mode>)))
1431 Sets the permissions of the fd to value <mode>
1432 [link(mode_t)(TYPE_MODE_T)] using the code(fchmod()) system call after
1433 opening or connecting the channel.
1434 This is useful only on file system entries.
1435label(OPTION_APPEND)dit(bf(tt(append=<bool>)))
1436 Always writes data to the actual end of file.
1437 If the address is member of the OPEN option group,
1438 socat() uses the code(O_APPEND) flag with the code(open()) system call
1439 (link(example)(EXAMPLE_OPTION_APPEND)).
1440 Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_APPEND)) call.
1441label(OPTION_NONBLOCK)dit(bf(tt(nonblock=<bool>)))
1442 Tries to open or use file in nonblocking mode. Its only effects are that the
1443 code(connect()) call of TCP addresses does not block, and that opening a
1444 named pipe for reading does not block.
1445 If the address is member of the OPEN option group,
1446 socat() uses the code(O_NONBLOCK) flag with the code(open()) system call.
1447 Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_NONBLOCK)) call.
1448COMMENT(label(OPTION_NDELAY)dit(bf(tt(ndelay=<bool>)))
1449 Tries to open or use file in nonblocking mode. Has no effect because socat()
1450 works with code(select()).)
1451COMMENT(label(OPTION_ASYNC)dit(bf(tt(async=<bool>)))
1452 Enables SIGIO for this fd. Has no effect, because socat() ignores SIGIO.)
1453label(OPTION_O_BINARY)dit(bf(tt(binary)))
1454 Opens the file in binary mode to avoid implicit line terminator
1455 conversions (Cygwin).
1456label(OPTION_O_TEXT)dit(bf(tt(text)))
1457 Opens the file in text mode to force implicit line terminator conversions
1458 (Cygwin).
1459label(OPTION_O_NOINHERIT)dit(bf(tt(noinherit)))
1460 Does not keep this file open in a spawned process (Cygwin).
1461label(OPTION_COOL_WRITE)dit(bf(tt(cool-write)))
1462 Takes it easy when write fails with EPIPE or ECONNRESET and logs the message
1463 with em(notice) level instead of em(error).
1464 This prevents the log file from being filled with useless error messages
1465 when socat is used as a high volume server or proxy where clients often
1466 abort the connection.nl()
1467 This option is experimental.
1468label(OPTION_END_CLOSE)dit(bf(tt(end-close)))
1469 Changes the (address dependent) method of ending a connection to just close
1470 the file descriptors. This is useful when the connection is to be reused by
1471 or shared with other processes (link(example)(EXAMPLE_END_CLOSE)).nl()
1472 Normally, socket connections will be ended with tt(shutdown(2)) which
1473 terminates the socket even if it is shared by multiple processes.
1474 tt(close(2)) "unlinks" the socket from the process but keeps it active as
1475 long as there are still links from other processes.nl()
1476 Similarly, when an address of type EXEC or SYSTEM is ended, socat usually
1477 will explicitely kill the sub process. With this option, it will just close
1478 the file descriptors.
1479label(OPTION_SHUT_NONE)dit(bf(tt(shut-none)))
1480 Changes the (address dependent) method of shutting down the write part of a
1481 connection to not do anything.
1482label(OPTION_SHUT_DOWN)dit(bf(tt(shut-down)))
1483 Changes the (address dependent) method of shutting down the write part of a
1484 connection to tt(shutdown\(fd, SHUT_WR)). Is only useful with sockets.
1485label(OPTION_SHUT_CLOSE)dit(bf(tt(shut-close)))
1486 Changes the (address dependent) method of shutting down the write part of a
1487 connection to tt(close\(fd)).
1488label(OPTION_SHUT_NULL)dit(bf(tt(shut-null)))
1489 When one address indicates EOF, socat() will send a zero sized packet to the
1490 write channel of the other address to transfer the EOF condition. This is
1491 useful with UDP and other datagram protocols. Has been tested against
1492 netcat and socat with option link(null-eof)(OPTION_NULL_EOF).
1493label(OPTION_NULL_EOF)dit(bf(tt(null-eof)))
1494 Normally socat() will ignore empty (zero size payload) packets arriving on
1495 datagram sockets, so it survives port scans. With this option socat()
1496 interprets empty datagram packets as EOF indicator (see
1497 link(shut-null)(OPTION_SHUT_NULL)).
1498label(OPTION_IOCTL_VOID)dit(bf(tt(ioctl-void=<request>)))
1499 Calls tt(ioctl()) with the request value as second argument and NULL as
1500 third argument. This option allows to utilize ioctls that are not
1501 explicitely implemented in socat.
1502label(OPTION_IOCTL_INT)dit(bf(tt(ioctl-int=<request>:<value>)))
1503 Calls tt(ioctl()) with the request value as second argument and the integer
1504 value as third argument.
1505label(OPTION_IOCTL_INTP)dit(bf(tt(ioctl-intp=<request>:<value>)))
1506 Calls tt(ioctl()) with the request value as second argument and a pointer to
1507 the integer value as third argument.
1508label(OPTION_IOCTL_BIN)dit(bf(tt(ioctl-bin=<request>:<value>)))
1509 Calls tt(ioctl()) with the request value as second argument and a pointer to
1510 the given data value as third argument. This data must be specified in
1511 link(<dalan>)(TYPE_DATA) form.
1512label(OPTION_IOCTL_STRING)dit(bf(tt(ioctl-string=<request>:<value>)))
1513 Calls tt(ioctl()) with the request value as second argument and a pointer to
1514 the given string as third argument.
1515 link(<dalan>)(TYPE_DATA) form.
1516enddit()
1517
1518startdit()enddit()nl()
1519
1520
1521label(GROUP_NAMED)em(bf(NAMED option group))
1522
1523These options work on file system entries.nl()
1524See also options link(user)(OPTION_USER), link(group)(OPTION_GROUP), and
1525link(mode)(OPTION_MODE).
1526
1527startdit()
1528label(OPTION_USER_EARLY)dit(bf(tt(user-early=<user>)))
1529 Changes the link(<user>)(TYPE_USER) (owner) of the file system entry before
1530 accessing it, using the
1531 code(chown()) system call. This call might require root privilege.
1532label(OPTION_GROUP_EARLY)dit(bf(tt(group-early=<group>)))
1533 Changes the link(<group>)(TYPE_GROUP) of the file system entry before
1534 accessing it, using the
1535 code(chown()) system call. This call might require group membership or root
1536 privilege.
1537label(OPTION_PERM_EARLY)dit(bf(tt(perm-early=<mode>)))
1538 Changes the <mode> [link(mode_t)(TYPE_MODE_T)] of the file system entry
1539 before accessing it, using the
1540 code(chmod()) system call. This call might require ownership or root
1541 privilege.
1542label(OPTION_UMASK)dit(bf(tt(umask=<mode>)))
1543 Sets the umask of the process to <mode> [link(mode_t)(TYPE_MODE_T)] before
1544 accessing the file system entry (useful
1545 with unixdomain() sockets!). This call might affect all further operations
1546 of the socat() process!
1547label(OPTION_UNLINK_EARLY)dit(bf(tt(unlink-early)))
1548 Unlinks (removes) the file before opening it and even before applying
1549 user-early etc.
1550label(OPTION_UNLINK)dit(bf(tt(unlink)))
1551 Unlinks (removes) the file before accessing it, but after user-early etc.
1552label(OPTION_UNLINK_LATE)dit(bf(tt(unlink-late)))
1553 Unlinks (removes) the file after opening it to make it inaccessible for
1554 other processes after a short race condition.
1555label(OPTION_UNLINK_CLOSE)dit(bf(tt(unlink-close)))
1556 Removes the addresses file system entry when closing the address.
1557 For link(named pipes)(ADDRESS_NAMED_PIPE),
1558 link(listening unix domain sockets)(ADDRESS_UNIX_LISTEN),
1559 and the link(symbolic links)(OPTION_SYMBOLIC_LINK) of link(pty addresses)(ADDRESS_PTY),
1560 the default is 1; for link(created files)(ADDRESS_CREAT),
1561 link(opened files)(ADDRESS_OPEN),
1562 link(generic opened files)(ADDRESS_GOPEN), and
1563 link(client unix domain sockets)(ADDRESS_UNIX_CONNECT) the default is 0.
1564enddit()
1565
1566startdit()enddit()nl()
1567
1568
1569label(GROUP_OPEN)em(bf(OPEN option group))
1570
1571The OPEN group options allow to set flags with the code(open()) system call.
1572E.g., option `creat' sets the code(O_CREAT) flag.nl()
1573See also options link(append)(OPTION_APPEND) and
1574link(nonblock)(OPTION_NONBLOCK).
1575startdit()
1576label(OPTION_CREAT)dit(bf(tt(creat=<bool>)))
1577 Creates the file if it does not exist (link(example)(EXAMPLE_OPTION_CREAT)).
1578label(OPTION_DSYNC)dit(bf(tt(dsync=<bool>)))
1579 Blocks code(write()) calls until metainfo is physically written to media.
1580label(OPTION_EXCL)dit(bf(tt(excl=<bool>)))
1581 With option creat, if file exists this is an error.
1582label(OPTION_LARGEFILE)dit(bf(tt(largefile=<bool>)))
1583 On 32 bit systems, allows a file larger than 2^31 bytes.
1584label(OPTION_O_NOATIME)dit(bf(tt(noatime)))
1585 Sets the O_NOATIME options, so reads do not change the access timestamp.
1586label(OPTION_NOCTTY)dit(bf(tt(noctty=<bool>)))
1587 Does not make this file the controlling terminal.
1588label(OPTION_NOFOLLOW)dit(bf(tt(nofollow=<bool>)))
1589 Does not follow symbolic links.
1590label(OPTION_NSHARE)dit(bf(tt(nshare=<bool>)))
1591 Does not allow to share this file with other processes.
1592label(OPTION_RSHARE)dit(bf(tt(rshare=<bool>)))
1593 Does not allow other processes to open this file for writing.
1594label(OPTION_RSYNC)dit(bf(tt(rsync=<bool>)))
1595 Blocks code(write()) until metainfo is physically written to media.
1596label(OPTION_SYNC)dit(bf(tt(sync=<bool>)))
1597 Blocks code(write()) until data is physically written to media.
1598COMMENT(label(OPTION_DEFER)dit(bf(tt(defer=<bool>)))
1599 Temporarily stores write data in paging space.)
1600COMMENT(label(OPTION_DELAY)dit(bf(tt(delay=<bool>)))
1601 Blocks code(open()) until share conditions are fulfilled.)
1602COMMENT(label(OPTION_DIRECT)dit(bf(tt(direct=<bool>))))
1603COMMENT(label(OPTION_DIRECTORY)dit(bf(tt(directory=<bool>)))
1604 Fails if file is not a directory. Not useful with socat().)
1605label(OPTION_RDONLY)dit(bf(tt(rdonly=<bool>)))
1606 Opens the file for reading only.
1607COMMENT(label(OPTION_RDWR)dit(bf(tt(rdwr=<bool>)))
1608 Opens the file for reading and writing.)
1609label(OPTION_WRONLY)dit(bf(tt(wronly=<bool>)))
1610 Opens the file for writing only.
1611label(OPTION_TRUNC)dit(bf(tt(trunc)))
1612 Truncates the file to size 0 during opening it.
1613enddit()
1614
1615
1616startdit()enddit()nl()
1617
1618
1619label(GROUP_REG)em(bf(REG and BLK option group))
1620
1621These options are usually applied to a unix() file descriptor, but their
1622semantics make sense only on a file supporting random access.
1623startdit()
1624label(OPTION_SEEK)dit(bf(tt(seek=<offset>)))
1625 Applies the code(lseek(fd, <offset>, SEEK_SET)) (or code(lseek64)) system
1626 call, thus positioning the file pointer absolutely to <offset>
1627 [link(off_t)(TYPE_OFF) or link(off64_t)(TYPE_OFF64)]. Please note that a
1628 missing value defaults to 1, not 0.
1629label(OPTION_SEEK_CUR)dit(bf(tt(seek-cur=<offset>)))
1630 Applies the code(lseek(fd, <offset>, SEEK_CUR)) (or code(lseek64)) system
1631 call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or
1632 link(off64_t)(TYPE_OFF64)] bytes relatively to its current position (which
1633 is usually 0). Please note that a missing value defaults to 1, not 0.
1634label(OPTION_SEEK_END)dit(bf(tt(seek-end=<offset>)))
1635 Applies the code(lseek(fd, <offset>, SEEK_END)) (or code(lseek64)) system
1636 call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or
1637 link(off64_t)(TYPE_OFF64)] bytes relatively to the files current end. Please
1638 note that a missing value defaults to 1, not 0.
1639label(OPTION_FTRUNCATE)dit(bf(tt(ftruncate=<offset>)))
1640 Applies the code(ftruncate(fd, <offset>))
1641 (or code(ftruncate64) if available) system call, thus
1642 truncating the file at the position <offset> [link(off_t)(TYPE_OFF) or
1643 link(off64_t)(TYPE_OFF64)]. Please note that a missing value defaults to 1,
1644 not 0.
1645
1646label(OPTION_EXT2_SECRM_FL)dit(bf(tt(secrm=<bool>)))
1647label(OPTION_EXT2_UNRM)dit(bf(tt(unrm=<bool>)))
1648label(OPTION_EXT2_COMPR)dit(bf(tt(compr=<bool>)))
1649label(OPTION_EXT2_SYNC)dit(bf(tt(ext2-sync=<bool>)))
1650label(OPTION_EXT2_IMMUTABLE)dit(bf(tt(immutable=<bool>)))
1651label(OPTION_EXT2_APPEND)dit(bf(tt(ext2-append=<bool>)))
1652label(OPTION_EXT2_NODUMP)dit(bf(tt(nodump=<bool>)))
1653label(OPTION_EXT2_NOATIME)dit(bf(tt(ext2-noatime=<bool>)))
1654label(OPTION_EXT2_JOURNAL_DATA)dit(bf(tt(journal-data=<bool>)))
1655label(OPTION_EXT2_NOTAIL)dit(bf(tt(notail=<bool>)))
1656label(OPTION_EXT2_DIRSYNC)dit(bf(tt(dirsync=<bool>)))
1657 These options change non standard file attributes on operating systems and
1658 file systems that support these features, like Linux with ext2fs,
1659 ext3fs, or reiserfs. See man 1 chattr for information on these options.
1660 Please note that there might be a race condition between creating the file
1661 and applying these options.
1662enddit()
1663
1664startdit()enddit()nl()
1665
1666
1667label(GROUP_PROCESS)em(bf(PROCESS option group))
1668
1669Options of this group change the process properties instead of just affecting
1670one data channel.
1671For EXEC and SYSTEM addresses and for LISTEN and CONNECT type addresses with
1672option FORK,
1673these options apply to the child processes instead of the main socat process.
1674startdit()
1675label(OPTION_CHROOT)dit(bf(tt(chroot=<directory>)))
1676 Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY)
1677 after processing the address (link(example)(EXAMPLE_OPTION_CHROOT)). This call might require root privilege.
1678label(OPTION_CHROOT_EARLY)dit(bf(tt(chroot-early=<directory>)))
1679 Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY)
1680 before opening the address. This call might require root privilege.
1681label(OPTION_SETGID)dit(bf(tt(setgid=<group>)))
1682 Changes the primary link(<group>)(TYPE_GROUP) of the process after
1683 processing the address. This call might require root privilege. Please note
1684 that this option does not drop other group related privileges.
1685label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=<group>)))
1686 Like link(setgit)(OPTION_SETGID) but is performed before opening the address.
1687label(OPTION_SETUID)dit(bf(tt(setuid=<user>)))
1688 Changes the link(<user>)(TYPE_USER) (owner) of the process after processing
1689 the address. This call might require root privilege. Please note that this
1690 option does not drop group related privileges. Check if option
1691 link(su)(OPTION_SUBSTUSER) better fits your needs.
1692label(OPTION_SETUID_EARLY)dit(bf(tt(setuid-early=<user>)))
1693 Like link(setuid)(OPTION_SETUID) but is performed before opening the
1694 address.
1695label(OPTION_SUBSTUSER)dit(bf(tt(su=<user>)))
1696 Changes the link(<user>)(TYPE_USER) (owner) and groups of the process after
1697 processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER)). This call might require root privilege.
1698label(OPTION_SUBSTUSER_DELAYED)dit(bf(tt(su-d=<user>)))
1699 Short name for bf(tt(substuser-delayed)).
1700 Changes the link(<user>)(TYPE_USER)
1701 (owner) and groups of the process after processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER_DELAYED)).
1702 The user and his groups are retrieved em(before) a possible
1703 code(chroot()). This call might require root privilege.
1704label(OPTION_SETPGID)dit(bf(tt(setpgid=<pid_t>)))
1705 Makes the process a member of the specified process group
1706 link(<pid_t>)(TYPE_PID_T). If no value
1707 is given, or if the value is 0 or 1, the process becomes leader of a new
1708 process group.
1709label(OPTION_SETSID)dit(bf(tt(setsid)))
1710 Makes the process the leader of a new session (link(example)(EXAMPLE_OPTION_SETSID)).
1711enddit()
1712
1713startdit()enddit()nl()
1714
1715
1716label(GROUP_READLINE)em(bf(READLINE option group))
1717
1718These options apply to the readline address type.
1719startdit()
1720label(OPTION_HISTORY)dit(bf(tt(history=<filename>)))
1721 Reads and writes history from/to link(<filename>)(TYPE_FILENAME) (link(example)(EXAMPLE_OPTION_HISTORY)).
1722label(OPTION_NOPROMPT)dit(bf(tt(noprompt)))
1723 Since version 1.4.0, socat per default tries to determine a prompt -
1724 that is then passed to the readline call - by remembering the last
1725 incomplete line of the output. With this option, socat does not pass a
1726 prompt to readline, so it begins line editing in the first column
1727 of the terminal.
1728label(OPTION_NOECHO)dit(bf(tt(noecho=<pattern>)))
1729 Specifies a regular pattern for a prompt that prevents the following input
1730 line from being displayed on the screen and from being added to the history.
1731 The prompt is defined as the text that was output to the readline address
1732 after the lastest newline character and before an input character was
1733 typed. The pattern is a regular expression, e.g.
1734 "^[Pp]assword:.*$" or "([Uu]ser:|[Pp]assword:)". See regex\(7) for details.
1735 (link(example)(EXAMPLE_OPTION_NOECHO))
1736label(OPTION_PROMPT)dit(bf(tt(prompt=<string>)))
1737 Passes the string as prompt to the readline function. readline prints this
1738 prompt when stepping through the history. If this string matches a constant
1739 prompt issued by an interactive program on the other socat address,
1740 consistent look and feel can be archieved.
1741enddit()
1742
1743startdit()enddit()nl()
1744
1745
1746label(GROUP_APPLICATION)em(bf(APPLICATION option group))
1747
1748This group contains options that work at data level.
1749Note that these options only apply to the "raw" data transferred by socat,
1750but not to protocol data used by addresses like
1751link(PROXY)(ADDRESS_PROXY_CONNECT).
1752startdit()
1753label(OPTION_CR)dit(bf(tt(cr)))
1754 Converts the default line termination character NL ('\n', 0x0a) to/from CR
1755 ('\r', 0x0d) when writing/reading on this channel.
1756label(OPTION_CRNL)dit(bf(tt(crnl)))
1757 Converts the default line termination character NL ('\n', 0x0a) to/from CRNL
1758 ("\r\n", 0x0d0a) when writing/reading on this channel (link(example)(EXAMPLE_OPTION_CRNL)).
1759 Note: socat simply strips all CR characters.
1760label(OPTION_IGNOREEOF)dit(bf(tt(ignoreeof)))
1761 When EOF occurs on this channel, socat() ignores it and tries to read more
1762 data (like "tail -f") (link(example)(EXAMPLE_OPTION_IGNOREEOF)).
1763label(OPTION_READBYTES)dit(bf(tt(readbytes=<bytes>)))
1764 socat() reads only so many bytes from this address (the address provides
1765 only so many bytes for transfer and pretends to be at EOF afterwards).
1766 Must be greater than 0.
1767label(OPTION_LOCKFILE)dit(bf(tt(lockfile=<filename>)))
1768 If lockfile exists, exits with error. If lockfile does not exist, creates it
1769 and continues, unlinks lockfile on exit.
1770label(OPTION_WAITLOCK)dit(bf(tt(waitlock=<filename>)))
1771 If lockfile exists, waits until it disappears. When lockfile does not exist,
1772 creates it and continues, unlinks lockfile on exit.
1773label(OPTION_ESCAPE)dit(bf(tt(escape=<int>)))
1774 Specifies the numeric code of a character that triggers EOF on the input
1775 stream. It is useful with a terminal in raw mode
1776 (link(example)(EXAMPLE_OPTION_ESCAPE)).
1777enddit()
1778
1779startdit()enddit()nl()
1780
1781
1782label(GROUP_SOCKET)em(bf(SOCKET option group))
1783
1784These options are intended for all kinds of sockets, e.g. IP or unixdomain(). Most are applied with a code(setsockopt()) call.
1785startdit()
1786label(OPTION_BIND)dit(bf(tt(bind=<sockname>)))
1787 Binds the socket to the given socket address using the code(bind()) system
1788 call. The form of <sockname> is socket domain dependent:
1789 IP4 and IP6 allow the form [hostname|hostaddress][:(service|port)] (link(example)(EXAMPLE_OPTION_BIND_TCP4)),
1790 unixdomain() sockets require link(<filename>)(TYPE_FILENAME).
1791label(OPTION_CONNECT_TIMEOUT)dit(bf(tt(connect-timeout=<seconds>)))
1792 Abort the connection attempt after <seconds> [link(timeval)(TYPE_TIMEVAL)]
1793 with error status.
1794label(OPTION_SO_BINDTODEVICE)dit(bf(tt(so-bindtodevice=<interface>)))
1795 Binds the socket to the given link(<interface>)(TYPE_INTERFACE).
1796 This option might require root privilege.
1797label(OPTION_SO_BROADCAST)dit(bf(tt(broadcast)))
1798 For datagram sockets, allows sending to broadcast addresses and receiving
1799 packets addressed to broadcast addresses.
1800COMMENT(label(OPTION_BSDCOMPAT)dit(bf(tt(bsdcompat)))
1801 Emulates some (old?) bugs of the BSD socket implementation.)
1802label(OPTION_DEBUG)dit(bf(tt(debug)))
1803 Enables socket debugging.
1804label(OPTION_DONTROUTE)dit(bf(tt(dontroute)))
1805 Only communicates with directly connected peers, does not use routers.
1806label(OPTION_KEEPALIVE)dit(bf(tt(keepalive)))
1807 Enables sending keepalives on the socket.
1808label(OPTION_LINGER)dit(bf(tt(linger=<seconds>)))
1809 Blocks code(shutdown()) or code(close()) until data transfers have finished
1810 or the given timeout [link(int)(TYPE_INT)] expired.
1811COMMENT(label(OPTION_NOREUSEADDR)dit(bf(tt(noreuseaddr)))
1812 Set the code(SO_NOREUSEADDR) socket option.)
1813label(OPTION_OOBINLINE)dit(bf(tt(oobinline)))
1814 Places out-of-band data in the input data stream.
1815label(OPTION_PRIORITY)dit(bf(tt(priority=<priority>)))
1816 Sets the protocol defined <priority> [link(<int>)(TYPE_INT)] for outgoing
1817 packets.
1818label(OPTION_RCVBUF)dit(bf(tt(rcvbuf=<bytes>)))
1819 Sets the size of the receive buffer after the code(socket()) call to
1820 <bytes> [link(int)(TYPE_INT)]. With TCP
1821 sockets, this value corresponds to the socket's maximal window size.
1822label(OPTION_RCVBUF_LATE)dit(bf(tt(rcvbuf-late=<bytes>)))
1823 Sets the size of the receive buffer when the socket is already
1824 connected to <bytes> [link(int)(TYPE_INT)].
1825 With TCP sockets, this value corresponds to the socket's
1826 maximal window size.
1827label(OPTION_RCVLOWAT)dit(bf(tt(rcvlowat=<bytes>)))
1828 Specifies the minimum number of received bytes [link(int)(TYPE_INT)] until
1829 the socket layer will pass the buffered data to socat().
1830label(OPTION_RCVTIMEO)dit(bf(tt(rcvtimeo=<seconds>)))
1831 Sets the receive timeout [link(timeval)(TYPE_TIMEVAL)].
1832label(OPTION_REUSEADDR)dit(bf(tt(reuseaddr)))
1833 Allows other sockets to bind to an address even if parts of it (e.g. the
1834 local port) are already in use by socat() (link(example)(EXAMPLE_OPTION_REUSEADDR)).
1835label(OPTION_SNDBUF)dit(bf(tt(sndbuf=<bytes>)))
1836 Sets the size of the send buffer after the code(socket()) call to
1837 <bytes> [link(int)(TYPE_INT)].
1838label(OPTION_SNDBUF_LATE)dit(bf(tt(sndbuf-late=<bytes>)))
1839 Sets the size of the send buffer when the socket is connected to
1840 <bytes> [link(int)(TYPE_INT)].
1841label(OPTION_SNDLOWAT)dit(bf(tt(sndlowat=<bytes>)))
1842 Specifies the minimum number of bytes in the send buffer until the socket
1843 layer will send the data to <bytes> [link(int)(TYPE_INT)].
1844label(OPTION_SNDTIMEO)dit(bf(tt(sndtimeo=<seconds>)))
1845 Sets the send timeout to seconds [link(timeval)(TYPE_TIMEVAL)].
1846label(OPTION_PROTOCOL_FAMILY)dit(bf(tt(pf=<string>)))
1847 Forces the use of the specified IP version or protocol. <string> can be
1848 something like "ip4" or "ip6". The resulting value is
1849 used as first argument to the code(socket()) or code(socketpair()) calls.
1850 This option affects address resolution and the required syntax of bind and
1851 range options.
1852label(OPTION_SO_TYPE)dit(bf(tt(type=<type>)))
1853 Sets the type of the socket, specified as second argument to the
1854 code(socket()) or code(socketpair()) calls, to <type>
1855 [link(int)(TYPE_INT)]. Address resolution is not affected by this option.
1856 Under Linux, 1 means stream oriented socket, 2 means datagram socket, and 3
1857 means raw socket.
1858label(OPTION_SO_PROTOTYPE)dit(bf(tt(prototype)))
1859 Sets the protocol of the socket, specified as third argument to the
1860 code(socket()) or code(socketpair()) calls, to <prototype>
1861 [link(int)(TYPE_INT)]. Address resolution is not affected by this option.
1862 6 means TCP, 17 means UDP.
1863COMMENT(label(OPTION_USELOOPBACK)dit(bf(tt(useloopback)))
1864 Sets the code(SO_USELOOPBACK) socket option.)
1865COMMENT(label(OPTION_ACCEPTCONN)dit(bf(tt(acceptconn)))
1866 Tries to set the code(SO_ACCEPTCONN) socket option.)
1867COMMENT(label(OPTION_ATTACHFILTER)dit(bf(tt(attachfilter)))
1868 Tries to set the code(SO_ATTACH_FILTER) socket option.)
1869COMMENT(label(OPTION_AUDIT)dit(bf(tt(audit)))
1870 Sets the code(SO_AUDIT) socket option.)
1871COMMENT(label(OPTION_CHSUMRECV)dit(bf(tt(cksumrecv)))
1872 Sets the code(SO_CKSUMRECV) socket option.)
1873COMMENT(label(OPTION_DETACHFILTER)dit(bf(tt(detachfilter)))
1874 Tries to set the code(SO_DETACH_FILTER) socket option.)
1875COMMENT(label(OPTION_DGRAMERRIND)dit(bf(tt(dgramerrind)))
1876 Sets the code(SO_DGRAM_ERRIND) socket option.)
1877COMMENT(label(OPTION_DONTLINGER)dit(bf(tt(dontlinger)))
1878 Sets the code(SO_DONTLINGER) socket option.)
1879COMMENT(label(OPTION_ERROR)dit(bf(tt(error)))
1880 Tries to set this read only socket option.)
1881COMMENT(label(OPTION_FIOSETOWN)dit(bf(tt(fiosetown=<pid_t>)))
1882 Sets the receiver of SIGIO.)
1883COMMENT(label(OPTION_KERNACCEPT)dit(bf(tt(kernaccept)))
1884 Sets the code(SO_KERNACCEPT) socket option.)
1885COMMENT(label(OPTION_NOCHECK)dit(bf(tt(nocheck)))
1886 Sets the code(SO_NO_CHECK) socket option. Undocumented...)
1887COMMENT(label(OPTION_PASSCRED)dit(bf(tt(passcred)))
1888 Set the code(SO_PASSCRED) socket option.)
1889COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred)))
1890 This is a read-only socket option.)
1891COMMENT(label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
1892 Set the code(SO_REUSEPORT) socket option.)
1893COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication)))
1894 Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
1895COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
1896 Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
1897COMMENT(label(OPTION_SECURITYENCRYPTIONTRANSPORT)dit(bf(tt(securityencryptiontransport)))
1898 Set the code(SO_SECURITY_ENCRYPTION_TRANSPORT) socket option.)
1899COMMENT(label(OPTION_SIOCSPGRP)dit(bf(tt(siocspgrp=<pid_t>)))
1900 Set the SIOCSPGRP with code(ioclt()) to enable SIGIO.)
1901COMMENT(label(OPTION_USEIFBUFS)dit(bf(tt(useifbufs)))
1902 Set the code(SO_USE_IFBUFS) socket option.)
1903label(OPTION_SO_TIMESTAMP)dit(bf(tt(so-timestamp)))
1904 Sets the SO_TIMESTAMP socket option. This enables receiving and logging of
1905 timestamp ancillary messages.
1906label(OPTION_SETSOCKOPT_INT)dit(bf(tt(setsockopt-int=<level>:<optname>:<optval>)))
1907 Invokes tt(setsockopt()) for the socket with the given parameters. tt(level)
1908 [link(int)(TYPE_INT)] is used as second argument to tt(setsockopt()) and
1909 specifies the layer, e.g. SOL_TCP for TCP (6 on Linux), or SOL_SOCKET for
1910 the socket layer (1 on Linux). tt(optname) [link(int)(TYPE_INT)] is the
1911 third argument to tt(setsockopt()) and tells which socket option is to be
1912 set. For the actual numbers you might have to look up the appropriate include
1913 files of your system. The 4th tt(setsockopt()) parameter, tt(value)
1914 [link(int)(TYPE_INT)], is passed to the function per pointer, and for the
1915 length parameter sizeof\(int) is taken implicitely.
1916label(OPTION_SETSOCKOPT_BIN)dit(bf(tt(setsockopt-bin=<level>:<optname>:<optval>)))
1917 Like tt(setsockopt-int), but <optval> must be provided in
1918 link(dalan)(TYPE_DATA) format and specifies an arbitrary sequence of bytes;
1919 the length parameter is automatically derived from the data.
1920label(OPTION_SETSOCKOPT_STRING)dit(bf(tt(setsockopt-string=<level>:<optname>:<optval>)))
1921 Like tt(setsockopt-int), but <optval> must be a link(string)(TYPE_STRING).
1922 This string is passed to the function with trailing null character, and the
1923 length parameter is automatically derived from the data.
1924enddit()
1925
1926startdit()enddit()nl()
1927
1928
1929label(GROUP_SOCK_UNIX)em(bf(UNIX option group))
1930
1931These options apply to UNIX domain based addresses.
1932startdit()
1933label(OPTION_UNIX_TIGHTSOCKLEN)dit(bf(tt(unix-tightsocklen=[0|1])))
1934 On socket operations, pass a socket address length that does not include the
1935 whole code(struct sockaddr_un) record but (besides other components) only
1936 the relevant part of the filename or abstract string. Default is 1.
1937enddit()
1938
1939label(GROUP_IP4)
1940label(GROUP_IP)em(bf(IP4 and IP6 option groups))
1941
1942These options can be used with IPv4 and IPv6 based sockets.
1943startdit()
1944label(OPTION_TOS)dit(bf(tt(tos=<tos>)))
1945 Sets the TOS (type of service) field of outgoing packets to <tos>
1946 [link(byte)(TYPE_BYTE)] (see RFC 791).
1947label(OPTION_TTL)dit(bf(tt(ttl=<ttl>)))
1948 Sets the TTL (time to live) field of outgoing packets to <ttl>
1949 [link(byte)(TYPE_BYTE)].
1950label(OPTION_IPOPTIONS)dit(bf(tt(ip-options=<data>)))
1951 Sets IP options like source routing. Must be given in binary form,
1952 recommended format is a leading "x" followed by an even number of hex
1953 digits. This option may be used multiple times, data are appended.
1954 E.g., to connect to host 10.0.0.1 via some gateway using a loose source
1955 route, use the gateway as address parameter and set a loose source route
1956 using the option code(ip-options=x8307040a000001).nl()
1957 IP options are defined in RFC 791. COMMENT(, RFC 2113)nl()
1958COMMENT( x00 end of option list
1959 x01 no operation (nop)
1960 x0211 security
1961 x03 loose source route
1962 x09 strict source route
1963 x07 record route
1964 x0804 stream ID
1965 x44 internet timestamp)
1966label(OPTION_MTUDISCOVER)dit(bf(tt(mtudiscover=<0|1|2>)))
1967 Takes 0, 1, 2 to never, want, or always use path MTU discover on this
1968 socket.
1969COMMENT(label(OPTION_HRDINCL)dit(bf(tt(ip-hdrincl)))
1970 Tell the raw socket that the application data includes the IP header.)
1971COMMENT(label(OPTION_IP_MULTICAST_LOOP)dit(bf(tt(ip-multicastloop)))
1972 Allow looping back outgoing multicast to the local interface.)
1973COMMENT(label(OPTION_IP_MULTICAST_TTL)dit(bf(tt(ip-multicastttl)))
1974 Set the TTL for outgoing multicast packets.)
1975label(OPTION_IP_PKTINFO)dit(bf(tt(ip-pktinfo)))
1976 Sets the IP_PKTINFO socket option. This enables receiving and logging of
1977 ancillary messages containing destination address and interface (Linux)
1978 (link(example)(EXAMPLE_ANCILLARY)).
1979COMMENT(label(OPTION_PKTOPTS)dit(bf(tt(ip-pktopts)))
1980 Set the IP_PKTOPTIONS socket option.)
1981label(OPTION_IP_RECVERR)dit(bf(tt(ip-recverr)))
1982 Sets the IP_RECVERR socket option. This enables receiving and logging of
1983 ancillary messages containing detailled error information.
1984label(OPTION_IP_RECVOPTS)dit(bf(tt(ip-recvopts)))
1985 Sets the IP_RECVOPTS socket option. This enables receiving and logging of IP
1986 options ancillary messages (Linux, *BSD).
1987label(OPTION_IP_RECVTOS)dit(bf(tt(ip-recvtos)))
1988 Sets the IP_RECVTOS socket option. This enables receiving and logging of TOS
1989 (type of service) ancillary messages (Linux).
1990label(OPTION_IP_RECVTTL)dit(bf(tt(ip-recvttl)))
1991 Sets the IP_RECVTTL socket option. This enables receiving and logging of TTL
1992 (time to live) ancillary messages (Linux, *BSD).
1993COMMENT(label(OPTION_RETOPTS)dit(bf(tt(ip-retopts)))
1994 Set the IP_RETOPTS socket option.)
1995label(OPTION_IP_RECVDSTADDR)dit(bf(tt(ip-recvdstaddr)))
1996 Sets the IP_RECVDSTADDR socket option. This enables receiving and logging of
1997 ancillary messages containing destination address (*BSD)
1998 (link(example)(EXAMPLE_ANCILLARY)).
1999label(OPTION_IP_RECVIF)dit(bf(tt(ip-recvif)))
2000 Sets the IP_RECVIF socket option. This enables receiving and logging of
2001 interface ancillary messages (*BSD) (link(example)(EXAMPLE_ANCILLARY)).
2002COMMENT(label(OPTION_ROUTERALERT)dit(bf(tt(routeralert)))
2003 Set the IP_ROUTER_ALERT socket option.)
2004label(OPTION_IP_ADD_MEMBERSHIP)
2005dit(bf(tt(ip-add-membership=<multicast-address:interface-address>)))
2006dit(bf(tt(ip-add-membership=<multicast-address:interface-name>)))
2007dit(bf(tt(ip-add-membership=<multicast-address:interface-index>)))
2008dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-name>)))
2009dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-index>)))
2010 Makes the socket member of the specified multicast group. This is currently
2011 only implemented for IPv4. The option takes the IP address of the multicast
2012 group and info about the desired network interface. The most common syntax
2013 is the first one, while the others are only available on systems that
2014 provide tt(struct mreqn) (Linux).nl()
2015 The indices of active network interfaces can be shown using the utility
2016 procan().
2017label(OPTION_IP_MULTICAST_IF)
2018dit(bf(tt(ip-multicast-if=<hostname>)))
2019 Specifies hostname or address of the network interface to be used for
2020 multicast traffic.
2021label(OPTION_IP_MULTICAST_LOOP)
2022dit(bf(tt(ip-multicast-loop=<bool>)))
2023 Specifies if outgoing multicast traffic should loop back to the interface.
2024label(OPTION_IP_MULTICAST_TTL)
2025dit(bf(tt(ip-multicast-ttl=<byte>)))
2026 Sets the TTL used for outgoing multicast traffic. Default is 1.
2027label(OPTION_RES_DEBUG)dit(bf(tt(res-debug)))
2028label(OPTION_RES_AAONLY)dit(bf(tt(res-aaonly)))
2029label(OPTION_RES_USEVC)dit(bf(tt(res-usevc)))
2030label(OPTION_RES_PRIMARY)dit(bf(tt(res-primary)))
2031label(OPTION_RES_IGNTC)dit(bf(tt(res-igntc)))
2032label(OPTION_RES_RECURSE)dit(bf(tt(res-recurse)))
2033label(OPTION_RES_DEFNAMES)dit(bf(tt(res-defnames)))
2034label(OPTION_RES_STAYOPEN)dit(bf(tt(res-stayopen)))
2035label(OPTION_RES_DNSRCH)dit(bf(tt(res-dnsrch)))
2036 These options set the corresponding resolver (name resolution) option flags.
2037 Append "=0" to clear a default option. See man resolver\(5) for more
2038 information on these options. Note: these options are valid only for the
2039 address they are applied to.
2040
2041enddit()
2042
2043startdit()enddit()nl()
2044
2045
2046label(GROUP_IP6)em(bf(IP6 option group))
2047
2048These options can only be used on IPv6 based sockets. See link(IP
2049options)(GROUP_IP) for options that can be applied to both IPv4 and IPv6
2050sockets.
2051startdit()
2052label(OPTION_IPV6_V6ONLY)dit(bf(tt(ipv6only=<bool>)))
2053 Sets the IPV6_V6ONLY socket option. If 0, the TCP stack will also accept
2054 connections using IPv4 protocol on the same port. The default is system
2055 dependent.
2056label(OPTION_IPV6_RECVDSTOPTS)dit(bf(tt(ipv6-recvdstopts)))
2057 Sets the IPV6_RECVDSTOPTS socket option. This enables receiving and logging
2058 of ancillary messages containing the destination options.
2059label(OPTION_IPV6_RECVHOPLIMIT)dit(bf(tt(ipv6-recvhoplimit)))
2060 Sets the IPV6_RECVHOPLIMIT socket option. This enables receiving and logging
2061 of ancillary messages containing the hoplimit.
2062label(OPTION_IPV6_RECVHOPOPTS)dit(bf(tt(ipv6-recvhopopts)))
2063 Sets the IPV6_RECVHOPOPTS socket option. This enables receiving and logging
2064 of ancillary messages containing the hop options.
2065label(OPTION_IPV6_RECVPKTINFO)dit(bf(tt(ipv6-recvpktinfo)))
2066 Sets the IPV6_RECVPKTINFO socket option. This enables receiving and logging
2067 of ancillary messages containing destination address and interface.
2068label(OPTION_IPV6_UNICAST_HOPS)dit(bf(tt(ipv6-unicast-hops=link(TYPE_INT)(<int>))))
2069 Sets the IPV6_UNICAST_HOPS socket option. This sets the hop count limit
2070 (TTL) for outgoing unicast packets.
2071label(OPTION_IPV6_RECVRTHDR)dit(bf(tt(ipv6-recvrthdr)))
2072 Sets the IPV6_RECVRTHDR socket option. This enables receiving and logging
2073 of ancillary messages containing routing information.
2074label(OPTION_IPV6_TCLASS)dit(bf(tt(ipv6-tclass)))
2075 Sets the IPV6_TCLASS socket option. This sets the transfer class of outgoing
2076 packets.
2077label(OPTION_IPV6_RECVTCLASS)dit(bf(tt(ipv6-recvtclass)))
2078 Sets the IPV6_RECVTCLASS socket option. This enables receiving and logging
2079 of ancillary messages containing the transfer class.
2080enddit()
2081
2082startdit()enddit()nl()
2083
2084
2085label(GROUP_TCP)em(bf(TCP option group))
2086
2087These options may be applied to TCP sockets. They work by invoking code(setsockopt()) with the appropriate parameters.
2088startdit()
2089label(OPTION_CORK)dit(bf(tt(cork)))
2090 Doesn't send packets smaller than MSS (maximal segment size).
2091label(OPTION_DEFER-ACCEPT)dit(bf(tt(defer-accept)))
2092 While listening, accepts connections only when data from the peer arrived.
2093label(OPTION_KEEPCNT)dit(bf(tt(keepcnt=<count>)))
2094 Sets the number of keepalives before shutting down the socket to
2095 <count> [link(int)(TYPE_INT)].
2096label(OPTION_KEEPIDLE)dit(bf(tt(keepidle=<seconds>)))
2097 Sets the idle time before sending the first keepalive to <seconds>
2098 [link(int)(TYPE_INT)].
2099label(OPTION_KEEPINTVL)dit(bf(tt(keepintvl=<seconds>)))
2100 Sets the interval between two keepalives to <seconds>
2101 [link(int)(TYPE_INT)].
2102label(OPTION_LINGER2)dit(bf(tt(linger2=<seconds>)))
2103 Sets the time to keep the socket in FIN-WAIT-2 state to <seconds>
2104 [link(int)(TYPE_INT)].
2105label(OPTION_MSS)dit(bf(tt(mss=<bytes>)))
2106 Sets the MSS (maximum segment size) after the code(socket()) call to <bytes>
2107 [link(int)(TYPE_INT)]. This
2108 value is then proposed to the peer with the SYN or SYN/ACK packet
2109 (link(example)(EXAMPLE_OPTION_MSS)).
2110label(OPTION_MSS_LATE)dit(bf(tt(mss-late=<bytes>)))
2111 Sets the MSS of the socket after connection has been established to <bytes>
2112 [link(int)(TYPE_INT)].
2113label(OPTION_NODELAY)dit(bf(tt(nodelay)))
2114 Turns off the Nagle algorithm for measuring the RTT (round trip time).
2115label(OPTION_RFC1323)dit(bf(tt(rfc1323)))
2116 Enables RFC1323 TCP options: TCP window scale, round-trip time measurement
2117 (RTTM), and protect against wrapped sequence numbers (PAWS) (AIX).
2118label(OPTION_STDURG)dit(bf(tt(stdurg)))
2119 Enables RFC1122 compliant urgent pointer handling (AIX).
2120label(OPTION_SYNCNT)dit(bf(tt(syncnt=<count>)))
2121 Sets the maximal number of SYN retransmits during connect to <count>
2122 [link(int)(TYPE_INT)].
2123COMMENT(label(OPTION_INFO)dit(bf(tt(info)))
2124 Tries to set the read-only TCP_INFO socket option.)
2125COMMENT(label(OPTION_WINDOW_CLAMP)dit(bf(tt(window-clamp)))
2126 Sets the TCP_WINDOW_CLAMP socket option.)
2127label(OPTION_TCP_MD5SIG)dit(bf(tt(md5sig)))
2128 Enables generation of MD5 digests on the packets (FreeBSD).
2129label(OPTION_TCP_NOOPT)dit(bf(tt(noopt)))
2130 Disables use of TCP options (FreeBSD, MacOSX).
2131label(OPTION_TCP_NOPUSH)dit(bf(tt(nopush)))
2132 sets the TCP_NOPUSH socket option (FreeBSD, MacOSX).
2133label(OPTION_TCP_SACK_DISABLE)dit(bf(tt(sack-disable)))
2134 Disables use the selective acknowledge feature (OpenBSD).
2135label(OPTION_TCP_SIGNATURE_ENABLE)dit(bf(tt(signature-enable)))
2136 Enables generation of MD5 digests on the packets (OpenBSD).
2137label(OPTION_TCP_ABORT_THRESHOLD)dit(bf(tt(abort-threshold=<milliseconds>)))
2138 Sets the time to wait for an answer of the peer on an established connection
2139 (HP-UX).
2140label(OPTION_TCP_CONN_ABORT_THRESHOLD)dit(bf(tt(conn-abort-threshold=<milliseconds>)))
2141 Sets the time to wait for an answer of the server during the initial connect
2142 (HP-UX).
2143label(OPTION_TCP_KEEPINIT)dit(bf(tt(keepinit)))
2144 Sets the time to wait for an answer of the server during connect\() before
2145 giving up. Value in half seconds, default is 150 (75s) (Tru64).
2146label(OPTION_TCP_PAWS)dit(bf(tt(paws)))
2147 Enables the "protect against wrapped sequence numbers" feature (Tru64).
2148label(OPTION_TCP_SACKENA)dit(bf(tt(sackena)))
2149 Enables selective acknowledge (Tru64).
2150label(OPTION_TCP_TSOPTENA)dit(bf(tt(tsoptena)))
2151 Enables the time stamp option that allows RTT recalculation on existing
2152 connections (Tru64).
2153enddit()
2154
2155startdit()enddit()nl()
2156
2157
2158label(GROUP_SCTP)em(bf(SCTP option group))
2159
2160These options may be applied to SCTP stream sockets.
2161startdit()
2162label(OPTION_SCTP_NODELAY)dit(bf(tt(sctp-nodelay)))
2163 Sets the SCTP_NODELAY socket option that disables the Nagle algorithm.
2164label(OPTION_SCTP_MAXSEG)dit(bf(tt(sctp-maxseg=<bytes>)))
2165 Sets the SCTP_MAXSEG socket option to <bytes> [link(int)(TYPE_INT)]. This
2166 value is then proposed to the peer with the SYN or SYN/ACK packet.
2167enddit()
2168
2169startdit()enddit()nl()
2170
2171
2172em(bf(UDP, TCP, and SCTP option groups))
2173
2174Here we find options that are related to the network port mechanism and thus
2175can be used with UDP, TCP, and SCTP client and server addresses.
2176startdit()
2177label(OPTION_SOURCEPORT)dit(bf(tt(sourceport=<port>)))
2178 For outgoing (client) TCP and UDP connections, it sets the source
2179 link(<port>)(TYPE_PORT) using an extra code(bind()) call.
2180 With TCP or UDP listen addresses, socat immediately shuts down the
2181 connection if the client does not use this sourceport (link(example)(EXAMPLE_OPTION_SOURCEPORT)).
2182label(OPTION_LOWPORT)dit(bf(tt(lowport)))
2183 Outgoing (client) TCP and UDP connections with this option use
2184 an unused random source port between 640 and 1023 incl. On UNIX class operating
2185 systems, this requires root privilege, and thus indicates that the
2186 client process is authorized by local root.
2187 TCP and UDP listen addresses with this option immediately shut down the
2188 connection if the client does not use a sourceport <= 1023.
2189 This mechanism can provide limited authorization under some circumstances.
2190enddit()
2191
2192startdit()enddit()nl()
2193
2194
2195label(GROUP_SOCKS)em(bf(SOCKS option group))
2196
2197When using SOCKS type addresses, some socks specific options can be set.
2198startdit()
2199label(OPTION_SOCKSPORT)dit(bf(tt(socksport=<tcp service>)))
2200 Overrides the default "socks" service or port 1080 for the socks server
2201 port with link(<TCP service>)(TYPE_TCP_SERVICE).
2202label(OPTION_SOCKSUSER)dit(bf(tt(socksuser=<user>)))
2203 Sends the <user> [link(string)(TYPE_STRING)] in the username field to the
2204 socks server. Default is the actual user name ($LOGNAME or $USER) (link(example)(EXAMPLE_OPTION_SOCKSUSER)).
2205enddit()
2206
2207startdit()enddit()nl()
2208
2209
2210label(GROUP_HTTP)em(bf(HTTP option group))
2211
2212Options that can be provided with HTTP type addresses. The only HTTP address
2213currently implemented is link(proxy-connect)(ADDRESS_PROXY_CONNECT).
2214
2215startdit()
2216label(OPTION_PROXYPORT)dit(bf(tt(proxyport=<TCP service>)))
2217 Overrides the default HTTP proxy port 8080 with
2218 link(<TCP service>)(TYPE_TCP_SERVICE).
2219label(OPTION_IGNORECR)dit(bf(tt(ignorecr)))
2220 The HTTP protocol requires the use of CR+NL as line terminator. When a proxy
2221 server violates this standard, socat might not understand its answer.
2222 This option directs socat to interprete NL as line terminator and
2223 to ignore CR in the answer. Nevertheless, socat sends CR+NL to the proxy.
2224label(OPTION_PROXY_AUTHORIZATION)dit(bf(tt(proxyauth=<username>:<password>)))
2225 Provide "basic" authentication to the proxy server. The argument to the
2226 option is used with a "Proxy-Authorization: Base" header in base64 encoded
2227 form.nl()
2228 Note: username and password are visible for every user on the local machine
2229 in the process list; username and password are transferred to the proxy
2230 server unencrypted (base64 encoded) and might be sniffed.
2231label(OPTION_PROXY_RESOLVE)dit(bf(tt(resolve)))
2232 Per default, socat sends to the proxy a CONNECT request containing the
2233 target hostname. With this option, socat resolves the hostname locally and
2234 sends the IP address. Please note that, according to RFC 2396, only name
2235 resolution to IPv4 addresses is implemented.
2236enddit()
2237
2238startdit()enddit()nl()
2239
2240
2241label(GROUP_RANGE)em(bf(RANGE option group))
2242
2243These options check if a connecting client should be granted access. They can
2244be applied to listening and receiving network sockets. tcp-wrappers options
2245fall into this group.
2246startdit()
2247label(OPTION_RANGE)dit(bf(tt(range=<address-range>)))
2248 After accepting a connection, tests if the peer is within em(range). For
2249 IPv4 addresses, address-range takes the form address/bits, e.g.
2250 10.0.0.0/8, or address:mask, e.g. 10.0.0.0:255.0.0.0 (link(example)(EXAMPLE_OPTION_RANGE)); for IPv6, it is [ip6-address/bits], e.g. [::1/128].
2251 If the client address does not match, socat() issues a warning and keeps
2252 listening/receiving.
2253label(OPTION_TCPWRAPPERS)dit(bf(tt(tcpwrap[=<name>])))
2254 Uses Wietse Venema's libwrap (tcpd) library to determine
2255 if the client is allowed to connect. The configuration files are
2256 /etc/hosts.allow and /etc/hosts.deny per default, see "man 5 hosts_access"
2257 for more information. The optional <name> (type link(string)(TYPE_STRING))
2258 is passed to the wrapper functions as daemon process name (link(example)(EXAMPLE_OPTION_TCPWRAPPERS)).
2259 If omitted, the basename of socats invocation (argv[0]) is passed.
2260 If both tcpwrap and range options are applied to an address, both
2261 conditions must be fulfilled to allow the connection.
2262label(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE)dit(bf(tt(allow-table=<filename>)))
2263 Takes the specified file instead of /etc/hosts.allow.
2264label(OPTION_TCPWRAP_HOSTS_DENY_TABLE)dit(bf(tt(deny-table=<filename>)))
2265 Takes the specified file instead of /etc/hosts.deny.
2266label(OPTION_TCPWRAP_ETC)dit(bf(tt(tcpwrap-etc=<directoryname>)))
2267 Looks for hosts.allow and hosts.deny in the specified directory. Is
2268 overridden by options link(hosts-allow)(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE)
2269 and link(hosts-deny)(OPTION_TCPWRAP_HOSTS_DENY_TABLE).
2270enddit()
2271
2272startdit()enddit()nl()
2273
2274
2275label(GROUP_LISTEN)em(bf(LISTEN option group))
2276
2277Options specific to listening sockets.
2278startdit()
2279label(OPTION_BACKLOG)dit(bf(tt(backlog=<count>)))
2280 Sets the backlog value passed with the code(listen()) system call to <count>
2281 [link(int)(TYPE_INT)]. Default is 5.
2282enddit()
2283startdit()enddit()nl()
2284
2285
2286label(GROUP_CHILD)em(bf(CHILD option group))
2287
2288Options for addresses with multiple connections via child processes.
2289startdit()
2290label(OPTION_FORK)dit(bf(tt(fork)))
2291 After establishing a connection, handles its channel in a child process and
2292 keeps the parent process attempting to produce more connections, either by
2293 listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
2294 SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child:
2295SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks
2296em(afterwards).
2297 RETRY and FOREVER options are not inherited by the child process.nl()
2298enddit()
2299
2300startdit()enddit()nl()
2301
2302
2303label(GROUP_EXEC)em(bf(EXEC option group))
2304
2305Options for addresses that invoke a program.
2306startdit()
2307label(OPTION_PATH)dit(bf(tt(path=<string>)))
2308 Overrides the PATH environment variable for searching the program with
2309 link(<string>)(TYPE_STRING). This
2310 code($PATH) value is effective in the child process too.
2311label(OPTION_LOGIN)dit(bf(tt(login)))
2312 Prefixes code(argv[0]) for the code(execvp()) call with '-', thus making a
2313 shell behave as login shell.
2314enddit()
2315
2316startdit()enddit()nl()
2317
2318
2319label(GROUP_FORK)em(bf(FORK option group))
2320
2321EXEC or SYSTEM addresses invoke a program using a child process and transfer data between socat() and the program. The interprocess communication mechanism can be influenced with the following options. Per
2322default, a code(socketpair()) is created and assigned to stdin and stdout of
2323the child process, while stderr is inherited from the socat() process, and the
2324child process uses file descriptors 0 and 1 for communicating with the main
2325socat process.
2326startdit()
2327label(OPTION_NOFORK)dit(bf(tt(nofork)))
2328 Does not fork a subprocess for executing the program, instead calls execvp\()
2329 or system\() directly from the actual socat instance. This avoids the
2330 overhead of another process between the program and its peer,
2331 but introduces a lot of restrictions:
2332 startit()
2333 it() this option can only be applied to the second socat() address.
2334 it() it cannot be applied to a part of a link(dual)(ADDRESS_DUAL) address.
2335 it() the first socat address cannot be OPENSSL or READLINE
2336 it() socat options -b, -t, -D, -l, -v, -x become useless
2337 it() for both addresses, options ignoreeof, cr, and crnl become useless
2338 it() for the second address (the one with option nofork), options
2339 append, metaCOMMENT(async,) cloexec, flock, user, group, mode, nonblock,
2340 perm-late, setlk, and setpgid cannot be applied. Some of these could be
2341 used on the first address though.
2342 endit()
2343label(OPTION_PIPES)dit(bf(tt(pipes)))
2344 Creates a pair of unnamed pipes for interprocess communication instead of a
2345 socket pair.
2346label(OPTION_OPENPTY)dit(bf(tt(openpty)))
2347 Establishes communication with the sub process using a pseudo terminal
2348 created with code(openpty()) instead of the default (socketpair or ptmx).
2349label(OPTION_PTMX)dit(bf(tt(ptmx)))
2350 Establishes communication with the sub process using a pseudo terminal
2351 created by opening file(/dev/ptmx) or file(/dev/ptc) instead of the default
2352 (socketpair).
2353label(OPTION_PTY)dit(bf(tt(pty)))
2354 Establishes communication with the sub process using a pseudo terminal
2355 instead of a socket pair. Creates the pty with an available mechanism. If
2356 openpty and ptmx are both available, it uses ptmx because this is POSIX
2357 compliant (link(example)(EXAMPLE_OPTION_PTY)).
2358label(OPTION_CTTY)dit(bf(tt(ctty)))
2359 Makes the pty the controlling tty of the sub process (link(example)(EXAMPLE_OPTION_CTTY)).
2360label(OPTION_STDERR)dit(bf(tt(stderr)))
2361 Directs stderr of the sub process to its output channel by making stderr a
2362 code(dup()) of stdout (link(example)(EXAMPLE_OPTION_STDERR)).
2363label(OPTION_FDIN)dit(bf(tt(fdin=<fdnum>)))
2364 Assigns the sub processes input channel to its file descriptor
2365 link(<fdnum>)(TYPE_FDNUM)
2366 instead of stdin (0). The program started from the subprocess has to use
2367 this fd for reading data from socat() (link(example)(EXAMPLE_OPTION_FDIN)).
2368label(OPTION_FDOUT)dit(bf(tt(fdout=<fdnum>)))
2369 Assigns the sub processes output channel to its file descriptor
2370 link(<fdnum>)(TYPE_FDNUM)
2371 instead of stdout (1). The program started from the subprocess has to use
2372 this fd for writing data to socat() (link(example)(EXAMPLE_OPTION_FDOUT)).
2373label(OPTION_SIGHUP)label(OPTION_SIGINT)label(OPTION_SIGQUIT)dit(bf(tt(sighup)), bf(tt(sigint)), bf(tt(sigquit)))
2374 Has socat() pass signals of this type to the sub process.
2375 If no address has this option, socat terminates on these signals.
2376enddit()
2377
2378startdit()enddit()nl()
2379
2380
2381label(GROUP_TERMIOS)em(bf(TERMIOS option group))
2382
2383For addresses that work on a tty (e.g., stdio, file:/dev/tty, exec:...,pty), the terminal parameters defined in the unix() termios mechanism are made available as address option parameters.
2384Please note that changes of the parameters of your interactive terminal
2385remain effective after socat()'s termination, so you might have to enter "reset"
2386or "stty sane" in your shell afterwards.
2387For EXEC and SYSTEM addresses with option PTY,
2388these options apply to the pty by the child processes.
2389
2390startdit()
2391label(OPTION_B0)dit(bf(tt(b0)))
2392 Disconnects the terminal.
2393label(OPTION_B19200)dit(bf(tt(b19200)))
2394 Sets the serial line speed to 19200 baud. Some other rates are possible; use
2395something like tt(socat -hh |grep ' b[1-9]') to find all speeds supported by
2396your implementation.nl()
2397Note: On some operating systems, these options may not be
2398available. Use link(ispeed)(OPTION_ISPEED) or link(ospeed)(OPTION_OSPEED)
2399instead.
2400label(OPTION_ECHO)dit(bf(tt(echo=<bool>)))
2401 Enables or disables local echo (link(example)(EXAMPLE_OPTION_ECHO)).
2402label(OPTION_ICANON)dit(bf(tt(icanon=<bool>)))
2403 Sets or clears canonical mode, enabling line buffering and some special
2404 characters.
2405label(OPTION_RAW)dit(bf(tt(raw)))
2406 Sets raw mode, thus passing input and output almost unprocessed (link(example)(EXAMPLE_OPTION_RAW)).
2407label(OPTION_IGNBRK)dit(bf(tt(ignbrk=<bool>)))
2408 Ignores or interpretes the BREAK character (e.g., ^C)
2409label(OPTION_BRKINT)dit(bf(tt(brkint=<bool>)))
2410label(OPTION_BS0)dit(bf(tt(bs0)))
2411label(OPTION_BS1)dit(bf(tt(bs1)))
2412label(OPTION_BSDLY)dit(bf(tt(bsdly=<0|1>)))
2413label(OPTION_CLOCAL)dit(bf(tt(clocal=<bool>)))
2414
2415label(OPTION_CR0)label(OPTION_CR1)label(OPTION_CR2)label(OPTION_CR3)
2416mancommand(\.LP)
2417mancommand(\.nf)
2418mancommand(\fBcr0
2419cr1
2420cr2
2421cr3\fP)
2422mancommand(\.fi)
2423mancommand(\.IP)
2424htmlcommand(<dt><code><strong>cr0</strong><br>
2425<strong>cr1</strong><br>
2426<strong>cr2</strong><br>
2427<strong>cr3</strong></code><dd>)
2428 Sets the carriage return delay to 0, 1, 2, or 3, respectively.
2429 0 means no delay, the other values are terminal dependent.
2430
2431label(OPTION_CRDLY)dit(bf(tt(crdly=<0|1|2|3>)))
2432label(OPTION_CREAD)dit(bf(tt(cread=<bool>)))
2433label(OPTION_CRTSCTS)dit(bf(tt(crtscts=<bool>)))
2434
2435label(OPTION_CS5)label(OPTION_CS6)label(OPTION_CS7)label(OPTION_CS8)
2436mancommand(\.LP)
2437mancommand(\.nf)
2438mancommand(\fBcs5
2439cs6
2440cs7
2441cs8\fP)
2442mancommand(\.fi)
2443mancommand(\.IP)
2444htmlcommand(<dt><code><strong>cs5</strong><br>
2445<strong>cs6</strong><br>
2446<strong>cs7</strong><br>
2447<strong>cs8</strong></code><dd>)
2448 Sets the character size to 5, 6, 7, or 8 bits, respectively.
2449
2450label(OPTION_CSIZE)dit(bf(tt(csize=<0|1|2|3>)))
2451label(OPTION_CSTOPB)dit(bf(tt(cstopb=<bool>)))
2452 Sets two stop bits, rather than one.
2453label(OPTION_VDSUSP)dit(bf(tt(dsusp=<byte>)))
2454 Sets the value for the VDSUSP character that suspends the current foreground
2455 process and reactivates the shell (all except Linux).
2456label(OPTION_ECHOCTL)dit(bf(tt(echoctl=<bool>)))
2457 Echos control characters in hat notation (e.g. ^A)
2458label(OPTION_ECHOE)dit(bf(tt(echoe=<bool>)))
2459label(OPTION_ECHOK)dit(bf(tt(echok=<bool>)))
2460label(OPTION_ECHOKE)dit(bf(tt(echoke=<bool>)))
2461label(OPTION_ECHONL)dit(bf(tt(echonl=<bool>)))
2462label(OPTION_ECHOPRT)dit(bf(tt(echoprt=<bool>)))
2463label(OPTION_EOF)dit(bf(tt(eof=<byte>)))
2464label(OPTION_EOL)dit(bf(tt(eol=<byte>)))
2465label(OPTION_EOL2)dit(bf(tt(eol2=<byte>)))
2466label(OPTION_ERASE)dit(bf(tt(erase=<byte>)))
2467label(OPTION_DISCARD)dit(bf(tt(discard=<byte>)))
2468label(OPTION_FF0)dit(bf(tt(ff0)))
2469label(OPTION_FF1)dit(bf(tt(ff1)))
2470label(OPTION_FFDLY)dit(bf(tt(ffdly=<bool>)))
2471label(OPTION_FLUSHO)dit(bf(tt(flusho=<bool>)))
2472label(OPTION_HUPCL)dit(bf(tt(hupcl=<bool>)))
2473label(OPTION_ICRNL)dit(bf(tt(icrnl=<bool>)))
2474label(OPTION_IEXTEN)dit(bf(tt(iexten=<bool>)))
2475label(OPTION_IGNCR)dit(bf(tt(igncr=<bool>)))
2476label(OPTION_IGNPAR)dit(bf(tt(ignpar=<bool>)))
2477label(OPTION_IMAXBEL)dit(bf(tt(imaxbel=<bool>)))
2478label(OPTION_INLCR)dit(bf(tt(inlcr=<bool>)))
2479label(OPTION_INPCK)dit(bf(tt(inpck=<bool>)))
2480label(OPTION_INTR)dit(bf(tt(intr=<byte>)))
2481label(OPTION_ISIG)dit(bf(tt(isig=<bool>)))
2482label(OPTION_ISPEED)dit(bf(tt(ispeed=<unsigned-int>)))
2483 Set the baud rate for incoming data on this line.nl()
2484 See also: link(ospeed)(OPTION_OSPEED), link(b19200)(OPTION_B19200)
2485label(OPTION_ISTRIP)dit(bf(tt(istrip=<bool>)))
2486label(OPTION_IUCLC)dit(bf(tt(iuclc=<bool>)))
2487label(OPTION_IXANY)dit(bf(tt(ixany=<bool>)))
2488label(OPTION_IXOFF)dit(bf(tt(ixoff=<bool>)))
2489label(OPTION_IXON)dit(bf(tt(ixon=<bool>)))
2490label(OPTION_KILL)dit(bf(tt(kill=<byte>)))
2491label(OPTION_LNEXT)dit(bf(tt(lnext=<byte>)))
2492label(OPTION_MIN)dit(bf(tt(min=<byte>)))
2493label(OPTION_NL0)dit(bf(tt(nl0)))
2494 Sets the newline delay to 0.
2495label(OPTION_NL1)dit(bf(tt(nl1)))
2496label(OPTION_NLDLY)dit(bf(tt(nldly=<bool>)))
2497label(OPTION_NOFLSH)dit(bf(tt(noflsh=<bool>)))
2498label(OPTION_OCRNL)dit(bf(tt(ocrnl=<bool>)))
2499label(OPTION_OFDEL)dit(bf(tt(ofdel=<bool>)))
2500label(OPTION_OFILL)dit(bf(tt(ofill=<bool>)))
2501label(OPTION_OLCUC)dit(bf(tt(olcuc=<bool>)))
2502label(OPTION_ONLCR)dit(bf(tt(onlcr=<bool>)))
2503label(OPTION_ONLRET)dit(bf(tt(onlret=<bool>)))
2504label(OPTION_ONOCR)dit(bf(tt(onocr=<bool>)))
2505label(OPTION_OPOST)dit(bf(tt(opost=<bool>)))
2506 Enables or disables output processing; e.g., converts NL to CR-NL.
2507label(OPTION_OSPEED)dit(bf(tt(ospeed=<unsigned-int>)))
2508 Set the baud rate for outgoing data on this line.nl()
2509 See also: link(ispeed)(OPTION_ISPEED), link(b19200)(OPTION_B19200)
2510label(OPTION_PARENB)dit(bf(tt(parenb=<bool>)))
2511 Enable parity generation on output and parity checking for input.
2512label(OPTION_PARMRK)dit(bf(tt(parmrk=<bool>)))
2513label(OPTION_PARODD)dit(bf(tt(parodd=<bool>)))
2514label(OPTION_PENDIN)dit(bf(tt(pendin=<bool>)))
2515label(OPTION_QUIT)dit(bf(tt(quit=<byte>)))
2516label(OPTION_REPRINT)dit(bf(tt(reprint=<byte>)))
2517label(OPTION_SANE)dit(bf(tt(sane)))
2518 Brings the terminal to something like a useful default state.
2519label(OPTION_START)dit(bf(tt(start=<byte>)))
2520label(OPTION_STOP)dit(bf(tt(stop=<byte>)))
2521label(OPTION_SUSP)dit(bf(tt(susp=<byte>)))
2522label(OPTION_SWTC)dit(bf(tt(swtc=<byte>)))
2523label(OPTION_TAB0)dit(bf(tt(tab0)))
2524label(OPTION_TAB1)dit(bf(tt(tab1)))
2525label(OPTION_TAB2)dit(bf(tt(tab2)))
2526label(OPTION_TAB3)dit(bf(tt(tab3)))
2527label(OPTION_TABDLY)dit(bf(tt(tabdly=<unsigned-int>)))
2528label(OPTION_TIME)dit(bf(tt(time=<byte>)))
2529label(OPTION_TOSTOP)dit(bf(tt(tostop=<bool>)))
2530label(OPTION_VT0)dit(bf(tt(vt0)))
2531label(OPTION_VT1)dit(bf(tt(vt1)))
2532label(OPTION_VTDLY)dit(bf(tt(vtdly=<bool>)))
2533label(OPTION_WERASE)dit(bf(tt(werase=<byte>)))
2534label(OPTION_XCASE)dit(bf(tt(xcase=<bool>)))
2535label(OPTION_XTABS)dit(bf(tt(xtabs)))
2536label(OPTION_I_POP_ALL)dit(bf(tt(i-pop-all)))
2537 With UNIX System V STREAMS, removes all drivers from the stack.
2538label(OPTION_I_PUSH)dit(bf(tt(i-push=<string>)))
2539 With UNIX System V STREAMS, pushes the driver (module) with the given name
2540 (link(string)(TYPE_STRING)) onto the stack. For example, to make sure that a
2541 character device on Solaris supports termios etc, use the following options:
2542 tt(i-pop-all,i-push=ptem,i-push=ldterm,i-push=ttcompat)
2543enddit()
2544
2545startdit()enddit()nl()
2546
2547
2548label(GROUP_PTY)em(bf(PTY option group))
2549
2550These options are intended for use with the link(pty)(ADDRESS_PTY) address
2551type.
2552
2553startdit()
2554label(OPTION_SYMBOLIC_LINK)dit(bf(tt(link=<filename>)))
2555 Generates a symbolic link that points to the actual pseudo terminal
2556 (pty). This might help
2557 to solve the problem that ptys are generated with more or less
2558 unpredictable names, making it difficult to directly access the socat
2559 generated pty automatically. With this option, the user can specify a "fix"
2560 point in the file hierarchy that helps him to access the actual pty
2561 (link(example)(EXAMPLE_OPTION_SYMBOLIC_LINK)).
2562 Beginning with socat() version 1.4.3, the symbolic link is removed when
2563 the address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)).
2564label(OPTION_PTY_WAIT_SLAVE)dit(bf(tt(wait-slave)))
2565 Blocks the open phase until a process opens the slave side of the pty.
2566 Usually, socat continues after generating the pty with opening the next
2567 address or with entering the transfer loop. With the wait-slave option,
2568 socat waits until some process opens the slave side of the pty before
2569 continuing.
2570 This option only works if the operating system provides the tt(poll())
2571 system call. And it depends on an undocumented behaviour of pty's, so it
2572 does not work on all operating systems. It has successfully been tested on
2573 Linux, FreeBSD, NetBSD, and on Tru64 with openpty.
2574label(OPTION_PTY_INTERVAL)dit(bf(tt(pty-interval=<seconds>)))
2575 When the link(wait-slave)(OPTION_PTY_WAIT_SLAVE) option is set, socat
2576 periodically checks the HUP condition using tt(poll()) to find if the pty's
2577 slave side has been opened. The default polling interval is 1s. Use the
2578 pty-interval option [link(timeval)(TYPE_TIMEVAL)] to change this value.
2579enddit()
2580
2581
2582startdit()enddit()nl()
2583
2584
2585label(GROUP_OPENSSL)em(bf(OPENSSL option group))
2586
2587These options apply to the link(openssl)(ADDRESS_OPENSSL_CONNECT) and
2588link(openssl-listen)(ADDRESS_OPENSSL_LISTEN) address types.
2589
2590startdit()
2591label(OPTION_OPENSSL_CIPHERLIST)dit(bf(tt(cipher=<cipherlist>)))
2592 Selects the list of ciphers that may be used for the connection.
2593 See the man page of code(ciphers), section bf(CIPHER LIST FORMAT), for
2594 detailed information about syntax, values, and default of <cipherlist>.nl()
2595 Several cipher strings may be given, separated by ':'.
2596 Some simple cipher strings:
2597 startdit()
2598 dit(3DES) Uses a cipher suite with triple DES.
2599 dit(MD5) Uses a cipher suite with MD5.
2600 dit(aNULL) Uses a cipher suite without authentication.
2601 dit(NULL) Does not use encryption.
2602 dit(HIGH) Uses a cipher suite with "high" encryption.
2603 enddit()
2604 Note that the peer must support the selected property, or the negotiation
2605 will fail.
2606label(OPTION_OPENSSL_METHOD)dit(bf(tt(method=<ssl-method>)))
2607 Sets the protocol version to be used. Valid strings (not case sensitive)
2608 are:
2609 startdit()
2610 dit(tt(SSLv2)) Select SSL protocol version 2.
2611 dit(tt(SSLv3)) Select SSL protocol version 3.
2612 dit(tt(SSLv23)) Select SSL protocol version 2 or 3. This is the default when
2613 this option is not provided.
2614 dit(tt(TLSv1)) Select TLS protocol version 1.
2615 enddit()
2616label(OPTION_OPENSSL_VERIFY)dit(bf(tt(verify=<bool>)))
2617 Controls check of the peer's certificate. Default is 1 (true). Disabling
2618 verify might open your socket for everyone, making the encryption useless!
2619label(OPTION_OPENSSL_CERTIFICATE)dit(bf(tt(cert=<filename>)))
2620 Specifies the file with the certificate and private key for authentication.
2621 The certificate must be in OpenSSL format (*.pem).
2622 With openssl-listen, use of this option is strongly
2623 recommended. Except with cipher aNULL, "no shared ciphers" error will
2624 occur when no certificate is given.
2625label(OPTION_OPENSSL_KEY)dit(bf(tt(key=<filename>)))
2626 Specifies the file with the private key. The private key may be in this
2627 file or in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE) option. The party that has
2628 to proof that it is the owner of a certificate needs the private key.
2629label(OPTION_OPENSSL_DHPARAMS)dit(bf(tt(dhparams=<filename>)))
2630 Specifies the file with the Diffie Hellman parameters. These parameters may
2631 also be in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE)
2632 option in which case the dhparams option is not needed.
2633label(OPTION_OPENSSL_CAFILE)dit(bf(tt(cafile=<filename>)))
2634 Specifies the file with the trusted (root) authority certificates. The file
2635 must be in PEM format and should contain one or more certificates. The party
2636 that checks the authentication of its peer trusts only certificates that are
2637 in this file.
2638label(OPTION_OPENSSL_CAPATH)dit(bf(tt(capath=<dirname>)))
2639 Specifies the directory with the trusted (root) certificates. The directory
2640 must contain certificates in PEM format and their hashes (see OpenSSL
2641 documentation)
2642label(OPTION_OPENSSL_EGD)dit(bf(tt(egd=<filename>)))
2643 On some systems, openssl requires an explicit source of random data. Specify
2644 the socket name where an entropy gathering daemon like egd provides random
2645 data, e.g. /dev/egd-pool.
2646label(OPTION_OPENSSL_PSEUDO)dit(bf(tt(pseudo)))
2647 On systems where openssl cannot find an entropy source and where no entropy
2648 gathering daemon can be utilized, this option activates a mechanism for
2649 providing pseudo entropy. This is archieved by taking the current time in
2650 microseconds for feeding the libc pseudo random number generator with an
2651 initial value. openssl is then feeded with output from random\() calls.nl()
2652 NOTE:This mechanism is not sufficient for generation of secure keys!
2653label(OPTION_OPENSSL_FIPS)dit(bf(tt(fips)))
2654 Enables FIPS mode if compiled in. For info about the FIPS encryption
2655 implementation standard see lurl(http://oss-institute.org/fips-faq.html).
2656 This mode might require that the involved certificates are generated with a
2657 FIPS enabled version of openssl. Setting or clearing this option on one
2658 socat address affects all OpenSSL addresses of this process.
2659enddit()
2660
2661startdit()enddit()nl()
2662
2663
2664label(GROUP_RETRY)em(bf(RETRY option group))
2665
2666Options that control retry of some system calls, especially connection
2667attempts.
2668
2669startdit()
2670label(OPTION_RETRY)dit(bf(tt(retry=<num>)))
2671 Number of retries before the connection or listen attempt is aborted.
2672 Default is 0, which means just one attempt.
2673label(OPTION_INTERVAL)dit(bf(tt(interval=<timespec>)))
2674 Time between consecutive attempts (seconds,
2675 [link(timespec)(TYPE_TIMESPEC)]). Default is 1 second.
2676label(OPTION_FOREVER)dit(bf(tt(forever)))
2677 Performs an unlimited number of retry attempts.
2678enddit()
2679
2680startdit()enddit()nl()
2681
2682
2683label(GROUP_TUN)em(bf(TUN option group))
2684
2685Options that control Linux TUN/TAP interface device addresses.
2686
2687startdit()
2688label(OPTION_TUN_DEVICE)dit(bf(tt(tun-device=<device-file>)))
2689 Instructs socat to take another path for the TUN clone device. Default is
2690 tt(/dev/net/tun).
2691label(OPTION_TUN_NAME)dit(bf(tt(tun-name=<if-name>)))
2692 Gives the resulting network interface a specific name instead of the system
2693 generated (tun0, tun1, etc.)
2694label(OPTION_TUN_TYPE)dit(bf(tt(tun-type=[tun|tap])))
2695 Sets the type of the TUN device; use this option to generate a TAP
2696 device. See the Linux docu for the difference between these types.
2697 When you try to establish a tunnel between two TUN devices, their types
2698 should be the same.
2699label(OPTION_IFF_NO_PI)dit(bf(tt(iff-no-pi)))
2700 Sets the IFF_NO_PI flag which controls if the device includes additional
2701 packet information in the tunnel.
2702 When you try to establish a tunnel between two TUN devices, these flags
2703 should have the same values.
2704label(OPTION_IFF_UP)dit(bf(tt(iff-up)))
2705 Sets the TUN network interface status UP. Strongly recommended.
2706label(OPTION_IFF_BROADCAST)dit(bf(tt(iff-broadcast)))
2707 Sets the BROADCAST flag of the TUN network interface.
2708label(OPTION_IFF_DEBUG)dit(bf(tt(iff-debug)))
2709 Sets the DEBUG flag of the TUN network interface.
2710label(OPTION_IFF_LOOPBACK)dit(bf(tt(iff-loopback)))
2711 Sets the LOOPBACK flag of the TUN network interface.
2712label(OPTION_IFF_POINTOPOINT)dit(bf(tt(iff-pointopoint)))
2713 Sets the POINTOPOINT flag of the TUN device.
2714label(OPTION_IFF_NOTRAILERS)dit(bf(tt(iff-notrailers)))
2715 Sets the NOTRAILERS flag of the TUN device.
2716label(OPTION_IFF_RUNNING)dit(bf(tt(iff-running)))
2717 Sets the RUNNING flag of the TUN device.
2718label(OPTION_IFF_NOARP)dit(bf(tt(iff-noarp)))
2719 Sets the NOARP flag of the TUN device.
2720label(OPTION_IFF_PROMISC)dit(bf(tt(iff-promisc)))
2721 Sets the PROMISC flag of the TUN device.
2722label(OPTION_IFF_ALLMULTI)dit(bf(tt(iff-allmulti)))
2723 Sets the ALLMULTI flag of the TUN device.
2724label(OPTION_IFF_MASTER)dit(bf(tt(iff-master)))
2725 Sets the MASTER flag of the TUN device.
2726label(OPTION_IFF_SLAVE)dit(bf(tt(iff-slave)))
2727 Sets the SLAVE flag of the TUN device.
2728label(OPTION_IFF_MULTICAST)dit(bf(tt(iff-multicast)))
2729 Sets the MULTICAST flag of the TUN device.
2730label(OPTION_IFFPORTSEL_)dit(bf(tt(iff-portsel)))
2731 Sets the PORTSEL flag of the TUN device.
2732label(OPTION_IFF_AUTOMEDIA)dit(bf(tt(iff-automedia)))
2733 Sets the AUTOMEDIA flag of the TUN device.
2734label(OPTION_IFF_DYNAMIC)dit(bf(tt(iff-dynamic)))
2735 Sets the DYNAMIC flag of the TUN device.
2736enddit()
2737
2738startdit()enddit()nl()
2739
2740
2741label(VALUES)
2742manpagesection(DATA VALUES)
2743
2744This section explains the different data types that address parameters and
2745address options can take.
2746
2747startdit()
2748label(TYPE_ADDRESS_RANGE)dit(address-range)
2749 Is currently only implemented for IPv4 and IPv6. See address-option
2750 link(`range')(OPTION_RANGE)
2751label(TYPE_BOOL)dit(bool)
2752 "0" or "1"; if value is omitted, "1" is taken.
2753label(TYPE_BYTE)dit(byte)
2754 An unsigned int number, read with code(strtoul()), lower or equal to
2755 code(UCHAR_MAX).
2756label(TYPE_COMMAND_LINE)dit(command-line)
2757 A string specifying a program name and its arguments, separated by single
2758 spaces.
2759label(TYPE_DATA)dit(data)
2760 A raw data specification following em(dalan) syntax. Currently the only
2761 valid form is a string starting with 'x' followed by an even number of hex
2762 digits, specifying a sequence of bytes.
2763label(TYPE_DIRECTORY)dit(directory)
2764 A string with usual unix() directory name semantics.
2765label(TYPE_FACILITY)dit(facility)
2766 The name of a syslog facility in lower case characters.
2767label(TYPE_FDNUM)dit(fdnum)
2768 An unsigned int type, read with code(strtoul()), specifying a unix() file
2769 descriptor.
2770label(TYPE_FILENAME)dit(filename)
2771 A string with usual unix() filename semantics.
2772label(TYPE_GROUP)dit(group)
2773 If the first character is a decimal digit, the value is read with
2774 code(strtoul()) as unsigned integer specifying a group id. Otherwise, it
2775 must be an existing group name.
2776label(TYPE_INT)dit(int)
2777 A number following the rules of the code(strtol()) function with base
2778 "0", i.e. decimal number, octal number with leading "0", or hexadecimal
2779 number with leading "0x". The value must fit into a C int.
2780label(TYPE_INTERFACE)dit(interface)
2781 A string specifying the device name of a network interface
2782 as shown by ifconfig or procan, e.g. "eth0".
2783label(TYPE_IP_ADDRESS)dit(IP address)
2784 An IPv4 address in numbers-and-dots notation, an IPv6 address in hex
2785 notation enclosed in brackets, or a hostname that resolves to an IPv4 or an
2786 IPv6 address.nl()
2787 Examples: 127.0.0.1, [::1], www.dest-unreach.org, dns1
2788label(TYPE_IPV4_ADDRESS)dit(IPv4 address)
2789 An IPv4 address in numbers-and-dots notation or a hostname that resolves to
2790 an IPv4 address.nl()
2791 Examples: 127.0.0.1, www.dest-unreach.org, dns2
2792label(TYPE_IPV6_ADDRESS)dit(IPv6 address)
2793 An iPv6 address in hexnumbers-and-colons notation enclosed in brackets, or a
2794 hostname that resolves to an IPv6 address.nl()
2795 Examples: [::1], [1234:5678:9abc:def0:1234:5678:9abc:def0],
2796 ip6name.domain.org
2797label(TYPE_LONG)dit(long)
2798 A number read with code(strtol()). The value must fit into a C long.
2799label(TYPE_LONGLONG)dit(long long)
2800 A number read with code(strtoll()). The value must fit into a C long long.
2801label(TYPE_OFF)dit(off_t)
2802 An implementation dependend signed number, usually 32 bits, read with strtol
2803 or strtoll.
2804label(TYPE_OFF64)dit(off64_t)
2805 An implementation dependend signed number, usually 64 bits, read with strtol
2806 or strtoll.
2807label(TYPE_MODE_T)dit(mode_t)
2808 An unsigned integer, read with code(strtoul()), specifying mode (permission)
2809 bits.
2810label(TYPE_PID_T)dit(pid_t)
2811 A number, read with code(strtol()), specifying a process id.
2812label(TYPE_PORT)dit(port)
2813 A uint16_t (16 bit unsigned number) specifying a TCP or UDP port, read
2814 with code(strtoul()).
2815label(TYPE_PROTOCOL)dit(protocol)
2816 An unsigned 8 bit number, read with code(strtoul()).
2817label(TYPE_SIZE_T)dit(size_t)
2818 An unsigned number with size_t limitations, read with code(strtoul).
2819label(TYPE_SOCKNAME)dit(sockname)
2820 A socket address. See address-option link(`bind')(OPTION_BIND)
2821label(TYPE_STRING)dit(string)
2822 A sequence of characters, not containing '\0' and, depending on
2823 the position within the command line, ':', ',', or "!!". Note
2824 that you might have to escape shell meta characters in the command line.
2825label(TYPE_TCP_SERVICE)dit(TCP service)
2826 A service name, not starting with a digit, that is resolved by
2827 code(getservbyname()), or an unsigned int 16 bit number read with
2828 code(strtoul()).
2829label(TYPE_TIMEVAL)dit(timeval)
2830 A double float specifying seconds; the number is mapped into a
2831 struct timeval, consisting of seconds and microseconds.
2832label(TYPE_TIMESPEC)dit(timespec)
2833 A double float specifying seconds; the number is mapped into a
2834 struct timespec, consisting of seconds and nanoseconds.
2835label(TYPE_UDP_SERVICE)dit(UDP service)
2836 A service name, not starting with a digit, that is resolved by
2837 code(getservbyname()), or an unsigned int 16 bit number read with
2838 code(strtoul()).
2839label(TYPE_UNSIGNED_INT)dit(unsigned int)
2840 A number read with code(strtoul()). The value must fit into a C unsigned
2841 int.
2842label(TYPE_USER)dit(user)
2843 If the first character is a decimal digit, the value is read with
2844 code(strtoul()) as unsigned integer specifying a user id. Otherwise, it must
2845 be an existing user name.
2846enddit()
2847
2848
2849label(EXAMPLES)
2850manpagesection(EXAMPLES)
2851
2852
2853startdit()
2854
2855label(EXAMPLE_ADDRESS_TCP4_CONNECT)
2856dit(bf(tt(socat - TCP4:www.domain.org:80)))
2857
2858transfers data between link(STDIO)(ADDRESS_STDIO) (-) and a
2859link(TCP4)(ADDRESS_TCP4_CONNECT) connection to port 80 of host
2860www.domain.org. This example results in an interactive connection similar to
2861telnet or netcat. The stdin terminal parameters are not changed, so you may
2862close the relay with ^D or abort it with ^C.
2863
2864label(EXAMPLE_ADDRESS_READLINE)
2865label(EXAMPLE_OPTION_HISTORY)
2866mancommand(\.LP)
2867mancommand(\.nf)
2868mancommand(\fBsocat -d -d READLINE,history=$HOME/.http_history \\
2869TCP4:www.domain.org:www,crnl\fP)
2870mancommand(\.fi)
2871
2872htmlcommand(<dt><code><strong>socat -d -d READLINE,history=$HOME/.http_history \</strong><br>
2873<strong>TCP4:www.domain.org:www,crnl</strong></code><dd>)
2874
2875this is similar to the previous example, but you can edit the current line in a
2876bash like manner (link(READLINE)(ADDRESS_READLINE)) and use the
2877link(history)(OPTION_HISTORY) file .http_history; socat() prints messages about
2878progress (link(-d -d)(option_d_d)). The port is specified by service name
2879(www), and correct network line termination characters
2880(link(crnl)(OPTION_CRNL)) instead of NL are used.
2881
2882
2883label(EXAMPLE_ADDRESS_TCP4_LISTEN)
2884dit(bf(tt(socat TCP4-LISTEN:www TCP4:www.domain.org:www)))
2885
2886installs a simple TCP port forwarder. With
2887link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN) it listens on local port "www" until a
2888connection comes in, accepts it, then connects to the remote host
2889(link(TCP4)(ADDRESS_TCP4_CONNECT)) and starts data transfer. It will not accept
2890a econd connection.
2891
2892label(EXAMPLE_OPTION_BIND_TCP4)
2893label(EXAMPLE_OPTION_REUSEADDR)
2894label(EXAMPLE_OPTION_FORK)
2895label(EXAMPLE_OPTION_SUBSTUSER)
2896label(EXAMPLE_OPTION_RANGE)
2897mancommand(\.LP)
2898mancommand(\.nf)
2899mancommand(\fBsocat -d -d -lmlocal2 \\
2900TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \\
2901TCP4:www.domain.org:80,bind=myaddr2\fP)
2902mancommand(\.fi)
2903
2904htmlcommand(<dt><code><strong>socat -d -d -lmlocal2 \</strong><br>
2905<strong>TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \</strong><br>
2906<strong>TCP4:www.domain.org:80,bind=myaddr2</strong></code><dd>)
2907
2908TCP port forwarder, each side bound to another local IP address
2909(link(bind)(OPTION_BIND)). This example handles an almost
2910arbitrary number of parallel or consecutive connections by
2911link(fork)(OPTION_FORK)'ing a new
2912process after each code(accept()). It provides a little security by
2913link(su)(OPTION_SUBSTUSER)'ing to user
2914nobody after forking; it only permits connections from the private 10 network
2915(link(range)(OPTION_RANGE)); due to link(reuseaddr)(OPTION_REUSEADDR), it
2916allows immediate restart after master process's termination, even if some child
2917sockets are not completely shut down.
2918With link(-lmlocal2)(option_lm), socat logs to stderr until successfully
2919reaching the accept loop. Further logging is directed to syslog with facility
2920local2.
2921
2922label(EXAMPLE_ADDRESS_EXEC)
2923label(EXAMPLE_OPTION_TCPWRAPPERS)
2924label(EXAMPLE_OPTION_CHROOT)
2925label(EXAMPLE_OPTION_SUBSTUSER_DELAYED)
2926label(EXAMPLE_OPTION_PTY)
2927label(EXAMPLE_OPTION_STDERR)
2928mancommand(\.LP)
2929mancommand(\.nf)
2930mancommand(\fBsocat TCP4-LISTEN:5555,fork,tcpwrap=script \\
2931EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr\fP)
2932mancommand(\.fi)
2933
2934htmlcommand(<dt><code><strong>socat TCP4-LISTEN:5555,fork,tcpwrap=script \</strong><br>
2935<strong>EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr</strong></code><dd>)
2936
2937a simple server that accepts connections
2938(link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN)) and link(fork)(OPTION_FORK)'s a new
2939child process for each connection; every child acts as single relay.
2940The client must match the rules for daemon process name "script" in
2941/etc/hosts.allow and /etc/hosts.deny, otherwise it is refused access (see "man
29425 hosts_access").
2943For link(EXEC)(ADDRESS_EXEC)'uting the program, the child process
2944link(chroot)(OPTION_CHROOT)'s
2945to file(/home/sandbox), link(su)(OPTION_SUBSTUSER)'s to user sandbox, and then starts
2946the program file(/home/sandbox/bin/myscript). Socat() and
2947myscript communicate via a pseudo tty (link(pty)(OPTION_PTY)); myscript's
2948link(stderr)(OPTION_STDERR) is redirected to stdout,
2949so its error messages are transferred via socat() to the connected client.
2950
2951label(EXAMPLE_OPTION_FDIN)
2952label(EXAMPLE_OPTION_FDOUT)
2953label(EXAMPLE_OPTION_CRNL)
2954label(EXAMPLE_OPTION_MSS)
2955mancommand(\.LP)
2956mancommand(\.nf)
2957mancommand(\fBsocat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \\
2958TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512\fP)
2959mancommand(\.fi)
2960
2961htmlcommand(<dt><code><strong>socat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \</strong><br>
2962<strong>TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512</strong></code><dd>)
2963
2964file(mail.sh) is a shell script, distributed with socat(), that implements a
2965simple
2966SMTP client. It is programmed to "speak" SMTP on its FDs 3 (in) and 4 (out).
2967The link(fdin)(OPTION_FDIN) and link(fdout)(OPTION_FDOUT) options tell socat()
2968to use these FDs for communication with
2969the program. Because mail.sh inherits stdin and stdout while socat() does not
2970use them, the script can read a
2971mail body from stdin. Socat() makes alias1 your local source address
2972(link(bind)(OPTION_BIND)), cares for correct network line termination
2973(link(crnl)(OPTION_CRNL)) and sends
2974at most 512 data bytes per packet (link(mss)(OPTION_MSS)).
2975
2976
2977label(EXAMPLE_ADDRESS_GOPEN)
2978label(EXAMPLE_OPTION_RAW)
2979label(EXAMPLE_OPTION_ECHO)
2980label(EXAMPLE_OPTION_ESCAPE)
2981dit(bf(tt(socat -,raw,echo=0,escape=0x0f /dev/ttyS0,raw,echo=0,crnl)))
2982
2983opens an interactive connection via the serial line, e.g. for talking with a
2984modem. link(raw)(OPTION_RAW) and link(echo)(OPTION_ECHO) set the console's and
2985ttyS0's terminal parameters to practicable values, link(crnl)(OPTION_CRNL)
2986converts to correct newline characters. link(escape)(OPTION_ESCAPE) allows to
2987terminate the socat process with character control-O.
2988Consider using link(READLINE)(ADDRESS_READLINE) instead of the first address.
2989
2990
2991label(EXAMPLE_ADDRESS_UNIX_LISTEN)
2992label(EXAMPLE_ADDRESS_SOCKS4)
2993label(EXAMPLE_OPTION_SOCKSUSER)
2994label(EXAMPLE_OPTION_SOURCEPORT)
2995mancommand(\.LP)
2996mancommand(\.nf)
2997mancommand(\fBsocat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \\
2998SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20\fP)
2999mancommand(\.fi)
3000
3001htmlcommand(<dt><code><strong>socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \</strong><br>
3002<strong>SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20</strong></code><dd>)
3003
3004with link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), socat() opens a listening
3005unixdomain() socket file(/tmp/.X11-unix/X1). This path corresponds
3006to local XWindow display :1 on your machine, so XWindow client connections to
3007DISPLAY=:1 are accepted. Socat() then speaks with
3008the link(SOCKS4)(ADDRESS_SOCKS4) server host.victim.org that might permit
3009link(sourceport)(OPTION_SOURCEPORT) 20 based connections due to an FTP related
3010weakness in its static IP filters. Socat()
3011pretends to be invoked by link(socksuser)(OPTION_SOCKSUSER) nobody, and
3012requests to be connected to
3013loopback port 6000 (only weak sockd configurations will allow this). So we get
3014a connection to the victims XWindow server and, if it does not require MIT
3015cookies or Kerberos authentication, we can start work. Please note that there
3016can only be one connection at a time, because TCP can establish only one
3017session with a given set of addresses and ports.
3018
3019
3020label(EXAMPLE_option_u)
3021label(EXAMPLE_OPTION_IGNOREEOF)
3022dit(bf(tt(socat -u /tmp/readdata,seek-end=0,ignoreeof -)))
3023
3024this is an example for unidirectional data transfer
3025(link(-u)(option_u)). Socat() transfers data
3026from file /tmp/readdata (implicit address link(GOPEN)(ADDRESS_GOPEN)), starting
3027at its current end (link(seek-end)(OPTION_SEEK_END)=0 lets socat() start
3028reading at current end of file; use link(seek)(OPTION_SEEK)=0 or no
3029seek option to first read the existing data) in a "tail -f" like mode
3030(link(ignoreeof)(OPTION_IGNOREEOF)). The "file"
3031might also be a listening unixdomain() socket (do not use a seek option then).
3032
3033
3034label(EXAMPLE_OPTION_SETSID)
3035label(EXAMPLE_OPTION_CTTY)
3036mancommand(\.LP)
3037mancommand(\.nf)
3038mancommand(\fB(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
3039socat - EXEC:'ssh -l user server',pty,setsid,ctty\fP)
3040mancommand(\.fi)
3041
3042htmlcommand(<dt><code><strong>(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |</strong><br>
3043<strong>socat - EXEC:'ssh -l user server',pty,setsid,ctty</strong></code><dd>)
3044
3045link(EXEC)(ADDRESS_EXEC)'utes an ssh session to server. Uses a link(pty)(OPTION_PTY) for communication between socat() and
3046ssh, makes it ssh's controlling tty (link(ctty)(OPTION_CTTY)),
3047and makes this pty the owner of
3048a new process group (link(setsid)(OPTION_SETSID)), so ssh accepts the password from socat().
3049
3050
3051label(EXAMPLE_ADDRESS_OPEN)
3052label(EXAMPLE_OPTION_CREAT)
3053label(EXAMPLE_OPTION_APPEND)
3054mancommand(\.LP)
3055mancommand(\.nf)
3056mancommand(\fBsocat -u TCP4-LISTEN:3334,reuseaddr,fork \\
3057OPEN:/tmp/in.log,creat,append\fP)
3058mancommand(\.fi)
3059
3060htmlcommand(<dt><code><strong>socat -u TCP4-LISTEN:3334,reuseaddr,fork \</strong><br>
3061<strong>OPEN:/tmp/in.log,creat,append</strong></code><dd>)
3062
3063implements a simple network based message collector.
3064For each client connecting to port 3334, a new child process is generated (option link(fork)(OPTION_FORK)).
3065All data sent by the clients are link(append)(OPTION_APPEND)'ed to the file /tmp/in.log.
3066If the file does not exist, socat link(creat)(OPTION_CREAT)'s it.
3067Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server
3068process.
3069
3070COMMENT(
3071dit(bf(tt(socat TCP4-LISTEN:3335,reuseaddr,fork OPEN:/tmp/motd,rdonly)))
3072
3073implements a simple network based motd server.
3074For each client connecting to port 3335, a new child process is generated
3075(option link(fork)(OPTION_FORK)).
3076The contents of the file /tmp/motd is sent to each client.
3077Messages sent by clients result in an error due to option link(rdonly)(OPTION_RDONLY).
3078Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server
3079process.
3080)
3081COMMENT(
3082dit(bf(tt(socat - TCP4-LISTEN:8080,mtudiscover=0,rcvbuf=2048)))
3083
3084changes some socket parameters to confuse active OS fingerprinting methods.
3085link(mtudiscover)(OPTION_MTUDISCOVER)=0 sets the DF (don'ft fragment flag) in
3086the IP packets to 0 and link(rcvbuf)(OPTION_RCVBUF) changes the initial TCP
3087window size.
3088)
3089
3090label(EXAMPLE_OPTION_NOECHO)
3091dit(bf(tt(socat READLINE,noecho='[Pp]assword:' EXEC:'ftp ftp.server.com',pty,setsid,ctty)))
3092
3093wraps a command line history (link(READLINE)(ADDRESS_READLINE)) around the link(EXEC)(ADDRESS_EXEC)'uted ftp client utility.
3094This allows editing and reuse of FTP commands for relatively comfortable
3095browsing through the ftp directory hierarchy. The password is echoed!
3096 link(pty)(OPTION_PTY) is required to have ftp issue a prompt.
3097Nevertheless, there may occur some confusion with the password and FTP
3098prompts.
3099
3100
3101label(EXAMPLE_ADDRESS_PTY)
3102label(EXAMPLE_OPTION_SYMBOLIC_LINK)
3103label(EXAMPLE_OPTION_WAIT_SLAVE)
3104label(EXAMPLE_OPTION_NONBLOCK)
3105(bf(tt(socat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"')))
3106
3107generates a pseudo terminal
3108device (link(PTY)(ADDRESS_PTY)) on the client that can be reached under the
3109symbolic link(link)(OPTION_SYMBOLIC_LINK) file($HOME/dev/vmodem0).
3110An application that expects a serial line or modem
3111can be configured to use file($HOME/dev/vmodem0); its traffic will be directed
3112to a modemserver via ssh where another socat instance links it with
3113file(/dev/ttyS0).
3114
3115
3116mancommand(\.LP)
3117mancommand(\.nf)
3118mancommand(\fBsocat TCP4-LISTEN:2022,reuseaddr,fork \\
3119PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass\fP)
3120mancommand(\.fi)
3121
3122htmlcommand(<dt><code><strong>socat TCP4-LISTEN:2022,reuseaddr,fork \</strong><br>
3123<strong>PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass</strong></code><dd>)
3124
3125starts a forwarder that accepts connections on port 2022, and directs them
3126through the link(proxy)(ADDRESS_PROXY_CONNECT) daemon listening on port 3128
3127(link(proxyport)(OPTION_PROXYPORT)) on host proxy, using the
3128CONNECT method, where they are authenticated as "user" with "pass" (link(proxyauth)(OPTION_PROXY_AUTHORIZATION)). The proxy
3129should establish connections to host www.domain.org on port 22 then.
3130
3131
3132label(EXAMPLE_ADDRESS_OPENSSL_CONNECT)
3133dit(bf(tt(socat - SSL:server:4443,cafile=server.crt,cert=client.pem)))
3134
3135is an OpenSSL client that tries to establish a secure connection to an SSL
3136server. Option link(cafile)(OPTION_OPENSSL_CAFILE) specifies a file that
3137contains trust certificates: we trust the server only when it presents one of
3138these certificates and proofs that it owns the related private key.
3139Otherwise the connection is terminated.
3140With link(cert)(OPTION_OPENSSL_CERTIFICATE) a file containing the client certificate
3141and the associated private key is specified. This is required in case the
3142server wishes a client authentication; many Internet servers do not.nl()
3143The first address ('-') can be replaced by almost any other socat address.
3144
3145
3146label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
3147dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
3148
3149is an OpenSSL server that accepts TCP connections, presents the certificate
3150from the file server.pem and forces the client to present a certificate that is
3151verified against cafile.crt.nl()
3152The second address ('PIPE') can be replaced by almost any other socat
3153address.nl()
3154For instructions on generating and distributing OpenSSL keys and certificates
3155see the additional socat docu tt(socat-openssl.txt).
3156
3157
3158dit(bf(tt(echo |socat -u - file:/tmp/bigfile,create,largefile,seek=100000000000)))
3159
3160creates a 100GB sparse file; this requires a file system type that
3161supports this (ext2, ext3, reiserfs, jfs; not minix, vfat). The operation of
3162writing 1 byte might take long (reiserfs: some minutes; ext2: "no" time), and
3163the resulting file can consume some disk space with just its inodes (reiserfs:
31642MB; ext2: 16KB).
3165
3166
3167dit(bf(tt(socat tcp-l:7777,reuseaddr,fork system:'filan -i 0 -s >&2',nofork)))
3168
3169listens for incoming TCP connections on port 7777. For each accepted
3170connection, invokes a shell. This shell has its stdin and stdout directly
3171connected to the TCP socket (link(nofork)(OPTION_NOFORK)). The shell starts filan and lets it print the socket addresses to
3172stderr (your terminal window).
3173
3174
3175dit(bf(tt(echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420)))
3176
3177functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
3178the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
3179to make the squid executable from Cygwin run under Windows, actual per May 2004).
3180
3181
3182dit(bf(tt(socat - tcp:www.blackhat.org:31337,readbytes=1000)))
3183
3184connects to an unknown service and prevents being flooded.
3185
3186
3187label(EXAMPLE_END_CLOSE)
3188dit(bf(tt(socat -U TCP:target:9999,end-close TCP-L:8888,reuseaddr,fork)))
3189
3190merges data arriving from different TCP streams on port 8888 to just one stream
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes: