PageRenderTime 57ms CodeModel.GetById 6ms app.highlight 22ms RepoModel.GetById 2ms app.codeStats 1ms

/doc/socat.yo

https://github.com/xscc/socat
Unknown | 3524 lines | 3187 code | 337 blank | 0 comment | 0 complexity | 1f86a98476e59b506dc7f2cc74b82fcc MD5 | raw file
   1COMMENT(source: socat.yo)
   2mailto(socat@dest-unreach.org)
   3
   4def(unix)(0)(UN*X)
   5def(unixdomain)(0)(UNIX domain)
   6def(socat)(0)(bf(socat))
   7def(Socat)(0)(bf(Socat))
   8def(filan)(0)(bf(filan))
   9def(Filan)(0)(bf(Filan))
  10def(procan)(0)(bf(procan))
  11def(Procan)(0)(bf(Procan))
  12
  13manpage(socat)(1)(Mar 2014)()()
  14
  15whenhtml(
  16label(CONTENTS)
  17manpagesection(CONTENTS)
  18link(NAME)(NAME)nl()
  19link(SYNOPSIS)(SYNOPSIS)nl()
  20link(DESCRIPTION)(DESCRIPTION)nl()
  21link(OPTIONS)(OPTIONS)nl()
  22link(ADDRESS SPECIFICATIONS)(ADDRESS_SPECIFICATIONS)nl()
  23link(ADDRESS TYPES)(ADDRESS_TYPES)nl()
  24link(ADDRESS OPTIONS)(ADDRESS_OPTIONS)nl()
  25link(DATA VALUES)(VALUES)nl()
  26link(EXAMPLES)(EXAMPLES)nl()
  27link(DIAGNOSTICS)(DIAGNOSTICS)nl()
  28link(FILES)(FILES)nl()
  29link(ENVIRONMENT VARIABLES)(ENVIRONMENT_VARIABLES)nl()
  30link(CREDITS)(CREDITS)nl()
  31link(VERSION)(VERSION)nl()
  32link(BUGS)(BUGS)nl()
  33link(SEE ALSO)(SEEALSO)nl()
  34)
  35
  36label(NAME)
  37manpagename(socat) (Multipurpose relay (SOcket CAT))
  38
  39label(SYNOPSIS)
  40manpagesynopsis()
  41tt(socat [options] <address> <address>)nl()
  42tt(socat -V)nl()
  43tt(socat -h[h[h]] | -?[?[?]])nl()
  44tt(filan)nl()
  45tt(procan)
  46
  47label(DESCRIPTION)
  48manpagedescription()
  49
  50Socat() is a command line based utility that establishes two bidirectional byte
  51streams and transfers data between them. Because the streams can be constructed
  52from a large set of different types of data sinks and sources 
  53(see link(address types)(ADDRESS_TYPES)), and because lots of
  54link(address options)(ADDRESS_OPTIONS) may be applied to the streams, socat can
  55be used for many different purposes. 
  56
  57Filan() is a utility that prints information about its active file
  58descriptors to stdout. It has been written for debugging socat(), but might be
  59useful for other purposes too. Use the -h option to find more infos.
  60
  61Procan() is a utility that prints information about process parameters to
  62stdout. It has been written to better understand 
  63some UNIX process properties and for debugging socat(), but might be 
  64useful for other purposes too.
  65
  66The life cycle of a socat() instance typically consists of four phases.
  67
  68In the em(init) phase, the command line options are parsed and logging is
  69initialized. 
  70
  71During the em(open) phase, socat() opens the first address and afterwards the
  72second address. These steps are usually blocking; thus, especially for complex address types like socks,
  73connection requests or authentication dialogs must be completed before the next
  74step is started.
  75
  76In the em(transfer) phase, socat() watches both streams' read and write file
  77descriptors via code(select()), and, when data is available on one side em(and)
  78can be written to the other side, socat reads it, performs newline
  79character conversions if required, and writes the data to the write file
  80descriptor of the other stream, then continues waiting for more data in both
  81directions.
  82
  83When one of the streams effectively reaches EOF, the em(closing) phase
  84begins. Socat() transfers the EOF condition to the other stream,
  85i.e. tries to shutdown only its write stream, giving it a chance to
  86terminate gracefully. For a defined time socat() continues to transfer data in
  87the other direction, but then closes all remaining channels and terminates.
  88
  89
  90label(OPTIONS)
  91manpageoptions()
  92
  93Socat() provides some command line options that modify the behaviour of the
  94program. They have nothing to do with so called
  95link(address options)(ADDRESS_OPTIONS) that are used as parts of link(address specifications)(ADDRESS_SPECIFICATIONS).
  96
  97startdit()
  98dit(bf(tt(-V)))
  99   Print version and available feature information to stdout, and exit.
 100dit(bf(tt(-h | -?)))
 101   Print a help text to stdout describing command line options and available address
 102   types, and exit.
 103dit(bf(tt(-hh | -??)))
 104   Like -h, plus a list of the short names of all available address options. Some options are
 105   platform dependend, so this output is helpful for checking the particular
 106   implementation. 
 107dit(bf(tt(-hhh | -???)))
 108   Like -hh, plus a list of all available address option names.
 109label(option_d)dit(bf(tt(-d)))
 110   Without this option, only fatal and error messages are generated; applying
 111   this option also prints warning messages. See link(DIAGNOSTICS)(DIAGNOSTICS)
 112   for more information. 
 113label(option_d_d)dit(bf(tt(-d -d))) Prints fatal, error, warning, and notice messages.
 114dit(bf(tt(-d -d -d))) Prints fatal, error, warning, notice, and info messages.
 115dit(bf(tt(-d -d -d -d))) Prints fatal, error, warning, notice, info, and debug
 116   messages. 
 117dit(bf(tt(-D)))
 118   Logs information about file descriptors before starting the transfer phase.
 119dit(bf(tt(-ly[<facility>])))
 120   Writes messages to syslog instead of stderr; severity as defined with -d
 121   option. With optional link(<facility>)(TYPE_FACILITY), the syslog type can
 122   be selected, default is "daemon". Third party libraries might not obey this
 123   option.
 124dit(bf(tt(-lf))tt( <logfile>))
 125   Writes messages to <logfile> [link(filename)(TYPE_FILENAME)] instead of
 126   stderr. Some third party libraries, in particular libwrap, might not obey
 127   this option.
 128dit(bf(tt(-ls)))
 129   Writes messages to stderr (this is the default). Some third party libraries 
 130   might not obey this option, in particular libwrap appears to only log to
 131   syslog. 
 132label(option_lp)dit(bf(tt(-lp))tt(<progname>))
 133   Overrides the program name printed in error messages and used for
 134   constructing environment variable names.
 135dit(bf(tt(-lu)))
 136   Extends the timestamp of error messages to microsecond resolution. Does not
 137   work when logging to syslog.
 138label(option_lm)dit(bf(tt(-lm[<facility>])))
 139   Mixed log mode. During startup messages are printed to stderr; when socat() 
 140   starts the transfer phase loop or daemon mode (i.e. after opening all
 141   streams and before starting data transfer, or, with listening sockets with
 142   fork option, before the first accept call), it switches logging to syslog. 
 143   With optional link(<facility>)(TYPE_FACILITY), the syslog type can be
 144   selected, default is "daemon". 
 145label(option_lh)dit(bf(tt(-lh)))
 146   Adds hostname to log messages. Uses the value from environment variable
 147   HOSTNAME or the value retrieved with tt(uname()) if HOSTNAME is not set.
 148dit(bf(tt(-v)))
 149   Writes the transferred data not only to their target streams, but also to
 150   stderr. The output format is text with some conversions for readability, and
 151   prefixed with "> " or "< " indicating flow directions.
 152dit(bf(tt(-x)))
 153   Writes the transferred data not only to their target streams, but also to
 154   stderr. The output format is hexadecimal, prefixed with "> " or "< "
 155   indicating flow directions. Can be combined with code(-v).
 156label(option_b)dit(bf(tt(-b))tt(<size>))
 157   Sets the data transfer block <size> [link(size_t)(TYPE_SIZE_T)].
 158   At most <size> bytes are transferred per step. Default is 8192 bytes. 
 159label(option_s)dit(bf(tt(-s)))
 160   By default, socat() terminates when an error occurred to prevent the process
 161   from running when some option could not be applied. With this
 162   option, socat() is sloppy with errors and tries to continue. Even with this
 163   option, socat will exit on fatals, and will abort connection attempts when
 164   security checks failed.
 165label(option_t)dit(bf(tt(-t))tt(<timeout>))
 166   When one channel has reached EOF, the write part of the other channel is shut
 167   down. Then, socat() waits <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds
 168   before terminating. Default is 0.5 seconds. This timeout only applies to
 169   addresses where write and read part can be closed independently. When during
 170   the timeout interval the read part gives EOF, socat terminates without
 171   awaiting the timeout.
 172label(option_T)dit(bf(tt(-T))tt(<timeout>))
 173   Total inactivity timeout: when socat is already in the transfer loop and
 174   nothing has happened for <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds
 175   (no data arrived, no interrupt occurred...) then it terminates.
 176   Useful with protocols like UDP that cannot transfer EOF.
 177label(option_u)dit(bf(tt(-u)))
 178   Uses unidirectional mode. The first address is only used for reading, and the
 179   second address is only used for writing (link(example)(EXAMPLE_option_u)). 
 180label(option_U)dit(bf(tt(-U)))
 181   Uses unidirectional mode in reverse direction. The first address is only
 182   used for writing, and the second address is only used for reading. 
 183label(option_g)dit(bf(tt(-g)))
 184   During address option parsing, don't check if the option is considered
 185   useful in the given address environment. Use it if you want to force, e.g.,
 186   appliance of a socket option to a serial device.
 187label(option_L)dit(bf(tt(-L))tt(<lockfile>))
 188   If lockfile exists, exits with error. If lockfile does not exist, creates it
 189   and continues, unlinks lockfile on exit.
 190label(option_W)dit(bf(tt(-W))tt(<lockfile>))
 191   If lockfile exists, waits until it disappears. When lockfile does not exist,
 192   creates it and continues, unlinks lockfile on exit.
 193label(option_4)dit(bf(tt(-4)))
 194   Use IP version 4 in case that the addresses do not implicitly or explicitly
 195   specify a version; this is the default.
 196label(option_6)dit(bf(tt(-6)))
 197   Use IP version 6 in case that the addresses do not implicitly or explicitly
 198   specify a version.
 199enddit()
 200
 201
 202label(ADDRESS_SPECIFICATIONS)
 203manpagesection(ADDRESS SPECIFICATIONS)
 204
 205With the address command line arguments, the user gives socat() instructions and
 206the necessary information for establishing the byte streams. 
 207
 208An address specification usually consists of an address type
 209keyword, zero or more required address parameters separated by ':' from the keyword and
 210from each 
 211other, and zero or more address options separated by ','. 
 212
 213The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For some
 214keywords there exist synonyms ('-' for STDIO, TCP for TCP4). Keywords are case
 215insensitive.
 216For a few special address types, the keyword may be omitted:
 217Address specifications starting with a number are assumed to be FD (raw file
 218descriptor) addresses; 
 219if a '/' is found before the first ':' or ',', GOPEN (generic file open) is
 220assumed. 
 221
 222The required number and type of address parameters depend on the address
 223type. E.g., TCP4 requires a server specification (name or address), and a port
 224specification (number or service name). 
 225
 226Zero or more address options may be given with each address. They influence the
 227address in some ways. 
 228Options consist of an option keyword or an option keyword and a value,
 229separated by '='. Option keywords are case insensitive.
 230For filtering the options that are useful with an address
 231type, each option is member of one option group. For
 232each address type there is a set of option groups allowed. Only options
 233belonging to one of these address groups may be used (except with link(option -g)(option_g)). 
 234
 235label(ADDRESS_DUAL)
 236Address specifications following the above schema are also called em(single)
 237address specifications.
 238Two single addresses can be combined with "!!" to form a em(dual) type
 239address for one channel. Here, the first address is used by socat() for reading
 240data, and the 
 241second address for writing data. There is no way to specify an option only once
 242for being applied to both single addresses.
 243
 244Usually, addresses are opened in read/write
 245mode. When an address is part of a dual address specification, or when
 246link(option -u)(option_u) or link(-U)(option_U) is used, an address might be
 247used only for reading or for writing. Considering this is important with some
 248address types.
 249
 250With socat version 1.5.0 and higher, the lexical analysis tries to handle
 251quotes and parenthesis meaningfully and allows escaping of special characters. 
 252If one of the characters ( { [ ' is found, the corresponding closing 
 253character - ) } ] ' - is looked for; they may also be nested. Within these
 254constructs, socats special characters and strings : , !! are not handled
 255specially. All those characters and strings can be escaped with \ or within ""
 256
 257label(ADDRESS_TYPES)
 258manpagesection(ADDRESS TYPES)
 259
 260This section describes the available address types with their keywords,
 261parameters, and semantics.
 262
 263startdit()
 264label(ADDRESS_CREAT)dit(bf(tt(CREATE:<filename>)))
 265   Opens link(<filename>)(TYPE_FILENAME) with code(creat()) and uses the file
 266   descriptor for writing. 
 267   This address type requires write-only context, because a file opened with
 268   code(creat) cannot be read from. nl()
 269   Flags like O_LARGEFILE cannot be applied. If you need them use
 270   link(OPEN)(ADDRESS_OPEN) with options
 271   link(create)(OPTION_O_CREAT),link(create)(OPTION_O_TRUNC). nl()
 272   <filename> must be a valid existing or not existing path.
 273   If <filename> is a named pipe, code(creat()) might block;
 274   if <filename> refers to a socket, this is an error.nl() 
 275   Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED) nl()
 276   Useful options:
 277   link(mode)(OPTION_MODE),
 278   link(user)(OPTION_USER),
 279   link(group)(OPTION_GROUP),
 280   link(unlink-early)(OPTION_UNLINK_EARLY),
 281   link(unlink-late)(OPTION_UNLINK_LATE),
 282   link(append)(OPTION_APPEND)nl()
 283   See also: link(OPEN)(ADDRESS_OPEN), link(GOPEN)(ADDRESS_GOPEN)
 284label(ADDRESS_EXEC)dit(bf(tt(EXEC:<command-line>)))
 285   Forks a sub process that establishes communication with its parent process
 286   and invokes the specified program with code(execvp()).
 287   link(<command-line>)(TYPE_COMMAND_LINE) is a simple command
 288   with arguments separated by single spaces. If the program name
 289   contains a '/', the part after the last '/' is taken as ARGV[0]. If the
 290   program name is a relative 
 291   path, the code(execvp()) semantics for finding the program via
 292   code($PATH) 
 293   apply. After successful program start, socat() writes data to stdin of the
 294   process and reads from its stdout using a unixdomain() socket generated by
 295   code(socketpair()) per default. (link(example)(EXAMPLE_ADDRESS_EXEC)) nl()  
 296   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl()
 297   Useful options:
 298   link(path)(OPTION_PATH),
 299   link(fdin)(OPTION_FDIN),
 300   link(fdout)(OPTION_FDOUT),
 301   link(chroot)(OPTION_CHROOT),
 302   link(su)(OPTION_SUBSTUSER),
 303   link(su-d)(OPTION_SUBSTUSER_DELAYED),
 304   link(nofork)(OPTION_NOFORK),
 305   link(pty)(OPTION_PTY),
 306   link(stderr)(OPTION_STDERR),
 307   link(ctty)(OPTION_CTTY),
 308   link(setsid)(OPTION_SETSID),
 309   link(pipes)(OPTION_PIPES),
 310   link(login)(OPTION_LOGIN),
 311   link(sigint)(OPTION_SIGINT),
 312   link(sigquit)(OPTION_SIGQUIT)nl()
 313   See also: link(SYSTEM)(ADDRESS_SYSTEM)
 314label(ADDRESS_FD)dit(bf(tt(FD:<fdnum>)))
 315   Uses the file descriptor link(<fdnum>)(TYPE_FDNUM). It must already exist as
 316   valid unix() file descriptor.nl()
 317   Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
 318   See also:
 319   link(STDIO)(ADDRESS_STDIO),
 320   link(STDIN)(ADDRESS_STDIN),
 321   link(STDOUT)(ADDRESS_STDOUT),
 322   link(STDERR)(ADDRESS_STDERR) 
 323label(ADDRESS_GOPEN)dit(bf(tt(GOPEN:<filename>)))
 324   (Generic open) This address type tries to handle any file system entry
 325   except directories usefully. link(<filename>)(TYPE_FILENAME) may be a
 326   relative or absolute path. If it already exists, its type is checked. 
 327   In case of a unixdomain() socket, socat() connects; if connecting fails,
 328   socat() assumes a datagram socket and uses code(sendto()) calls.
 329   If the entry is not a socket, socat() opens it applying the code(O_APPEND)
 330   flag. 
 331   If it does not exist, it is opened with flag
 332   code(O_CREAT) as a regular file (link(example)(EXAMPLE_ADDRESS_GOPEN)).nl()
 333   Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
 334   See also:
 335   link(OPEN)(ADDRESS_OPEN),
 336   link(CREATE)(ADDRESS_CREAT),
 337   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
 338
 339label(ADDRESS_IP_SENDTO)dit(bf(tt(IP-SENDTO:<host>:<protocol>)))
 340   Opens a raw IP socket. Depending on host specification or option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version
 341   4 or 6 is used. It uses link(<protocol>)(TYPE_PROTOCOL) to send packets
 342   to <host> [link(IP address)(TYPE_IP_ADDRESS)] and receives packets from
 343   host, ignores packets from other hosts. 
 344   Protocol 255 uses the raw socket with the IP header being part of the
 345   data.nl()
 346   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
 347   Useful options:
 348   link(pf)(OPTION_PROTOCOL_FAMILY),
 349   link(ttl)(OPTION_TTL) nl()
 350   See also:
 351   link(IP4-SENDTO)(ADDRESS_IP4_SENDTO),
 352   link(IP6-SENDTO)(ADDRESS_IP6_SENDTO),
 353   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
 354   link(IP-RECV)(ADDRESS_IP_RECV),
 355   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
 356   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO)
 357label(ADDRESS_INTERFACE)dit(bf(tt(INTERFACE:<interface>)))
 358   Communicates with a network connected on an interface using raw packets
 359   including link level data. link(<interface>)(TYPE_INTERFACE) is the name of
 360   the network interface. Currently only available on Linux.
 361   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET) nl()
 362   Useful options:
 363   link(pf)(OPTION_PROTOCOL_FAMILY),
 364   link(type)(OPTION_SO_TYPE)nl()
 365   See also: link(ip-recv)(ADDRESS_IP_RECV)
 366label(ADDRESS_IP4_SENDTO)dit(bf(tt(IP4-SENDTO:<host>:<protocol>)))
 367   Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv4.nl()
 368   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl()
 369label(ADDRESS_IP6_SENDTO)dit(bf(tt(IP6-SENDTO:<host>:<protocol>)))
 370   Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv6.nl()
 371   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl()
 372
 373label(ADDRESS_IP_DATAGRAM)dit(bf(tt(IP-DATAGRAM:<address>:<protocol>)))
 374   Sends outgoing data to the specified address which may in particular be a
 375   broadcast or multicast address. Packets arriving on the local socket are
 376   checked if their source addresses match
 377   link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
 378   options. This address type can for example be used for implementing
 379   symmetric or asymmetric broadcast or multicast communications.nl()
 380   Option groups: link(FD)(GROUP_FD), link(SOCKET)(GROUP_SOCKET),
 381      link(IP4)(GROUP_IP4), link(IP6)(GROUP_IP6), link(RANGE)(GROUP_RANGE) nl()
 382   Useful options:
 383   link(bind)(OPTION_BIND),
 384   link(range)(OPTION_RANGE),
 385   link(tcpwrap)(OPTION_TCPWRAPPERS),
 386   link(broadcast)(OPTION_SO_BROADCAST),
 387   link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP),
 388   link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL),
 389   link(ip-multicast-if)(OPTION_IP_MULTICAST_IF),
 390   link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP),
 391   link(ttl)(OPTION_TTL),
 392   link(tos)(OPTION_TOS),
 393   link(pf)(OPTION_PROTOCOL_FAMILY)nl()
 394   See also:
 395   link(IP4-DATAGRAM)(ADDRESS_IP4_DATAGRAM),
 396   link(IP6-DATAGRAM)(ADDRESS_IP6_DATAGRAM),
 397   link(IP-SENDTO)(ADDRESS_IP_SENDTO),
 398   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
 399   link(IP-RECV)(ADDRESS_IP_RECV),
 400   link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM)
 401label(ADDRESS_IP4_DATAGRAM)dit(bf(tt(IP4-DATAGRAM:<host>:<protocol>)))
 402   Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv4.
 403   (link(example)(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT))nl()
 404   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl()
 405label(ADDRESS_IP6_DATAGRAM)dit(bf(tt(IP6-DATAGRAM:<host>:<protocol>)))
 406   Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv6. Please
 407   note that IPv6 does not know broadcasts.nl()
 408   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
 409
 410label(ADDRESS_IP_RECVFROM)dit(bf(tt(IP-RECVFROM:<protocol>)))
 411   Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version
 412   4 or 6 is used. It receives one packet from an unspecified peer and may send one or more answer packets to that peer.
 413   This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.
 414   This allows a behaviour similar to typical UDP based servers like ntpd or
 415   named.nl()
 416   Please note that the reply packets might be fetched as incoming traffic when
 417   sender and receiver IP address are identical because there is no port number
 418   to distinguish the sockets.nl()
 419   This address works well with IP-SENDTO address peers (see above).
 420   Protocol 255 uses the raw socket with the IP header being part of the
 421   data.nl()
 422   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
 423   Useful options:
 424   link(pf)(OPTION_PROTOCOL_FAMILY),
 425   link(fork)(OPTION_FORK),
 426   link(range)(OPTION_RANGE),
 427   link(ttl)(OPTION_TTL),
 428   link(broadcast)(OPTION_SO_BROADCAST)nl()
 429   See also:
 430   link(IP4-RECVFROM)(ADDRESS_IP4_RECVFROM),
 431   link(IP6-RECVFROM)(ADDRESS_IP6_RECVFROM),
 432   link(IP-SENDTO)(ADDRESS_IP_SENDTO),
 433   link(IP-RECV)(ADDRESS_IP_RECV),
 434   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
 435   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM) 
 436label(ADDRESS_IP4_RECVFROM)dit(bf(tt(IP4-RECVFROM:<protocol>)))
 437   Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv4.nl()
 438   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
 439label(ADDRESS_IP6_RECVFROM)dit(bf(tt(IP6-RECVFROM:<protocol>)))
 440   Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv6.nl()
 441   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
 442
 443label(ADDRESS_IP_RECV)dit(bf(tt(IP-RECV:<protocol>)))
 444   Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version
 445   4 or 6 is used. It receives packets from multiple unspecified peers and merges the data.
 446   No replies are possible.
 447   It can be, e.g., addressed by socat IP-SENDTO address peers.
 448   Protocol 255 uses the raw socket with the IP header being part of the
 449   data.nl()
 450   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
 451   Useful options:
 452   link(pf)(OPTION_PROTOCOL_FAMILY),
 453   link(range)(OPTION_RANGE)nl()
 454   See also:
 455   link(IP4-RECV)(ADDRESS_IP4_RECV),
 456   link(IP6-RECV)(ADDRESS_IP6_RECV),
 457   link(IP-SENDTO)(ADDRESS_IP_SENDTO),
 458   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
 459   link(UDP-RECV)(ADDRESS_UDP_RECV),
 460   link(UNIX-RECV)(ADDRESS_UNIX_RECV) 
 461label(ADDRESS_IP4_RECV)dit(bf(tt(IP4-RECV:<protocol>)))
 462   Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv4.nl()
 463   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl()
 464label(ADDRESS_IP6_RECV)dit(bf(tt(IP6-RECV:<protocol>)))
 465   Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv6.nl()
 466   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
 467
 468label(ADDRESS_OPEN)dit(bf(tt(OPEN:<filename>)))
 469   Opens link(<filename>)(TYPE_FILENAME) using the code(open()) system call
 470   (link(example)(EXAMPLE_ADDRESS_OPEN)).
 471   This operation fails on unixdomain() sockets. nl()
 472   Note: This address type is rarly useful in bidirectional mode.nl()
 473   Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
 474   Useful options:
 475   link(creat)(OPTION_O_CREAT),
 476   link(excl)(OPTION_EXCL),
 477   link(noatime)(OPTION_O_NOATIME),
 478   link(nofollow)(OPTION_NOFOLLOW),
 479   link(append)(OPTION_APPEND),
 480   link(rdonly)(OPTION_RDONLY),
 481   link(wronly)(OPTION_WRONLY),
 482   link(lock)(OPTION_LOCK),
 483   link(readbytes)(OPTION_READBYTES),
 484   link(ignoreeof)(OPTION_IGNOREEOF)nl()
 485   See also:
 486   link(CREATE)(ADDRESS_CREAT),
 487   link(GOPEN)(ADDRESS_GOPEN),
 488   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
 489label(ADDRESS_OPENSSL_CONNECT)dit(bf(tt(OPENSSL:<host>:<port>)))
 490   Tries to establish a SSL connection to <port> [link(TCP
 491   service)(TYPE_TCP_SERVICE)] on  
 492   <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6
 493   depending on address specification, name resolution, or option
 494   link(pf)(OPTION_PROTOCOL_FAMILY).nl()
 495   NOTE: The server certificate is only checked for validity against
 496   link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH),
 497   but not for match with the server's name or its IP address!nl() 
 498   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(OPENSSL)(GROUP_OPENSSL),link(RETRY)(GROUP_RETRY) nl()
 499   Useful options:
 500   link(cipher)(OPTION_OPENSSL_CIPHERLIST),
 501   link(method)(OPTION_OPENSSL_METHOD),
 502   link(verify)(OPTION_OPENSSL_VERIFY),
 503   link(cafile)(OPTION_OPENSSL_CAFILE),
 504   link(capath)(OPTION_OPENSSL_CAPATH),
 505   link(certificate)(OPTION_OPENSSL_CERTIFICATE),
 506   link(key)(OPTION_OPENSSL_KEY),
 507   link(compress)(OPTION_OPENSSL_COMPRESS),
 508   link(bind)(OPTION_BIND),
 509   link(pf)(OPTION_PROTOCOL_FAMILY),
 510   link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
 511   link(sourceport)(OPTION_SOURCEPORT),
 512   link(retry)(OPTION_RETRY)nl()
 513   See also:
 514   link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN),
 515   link(TCP)(ADDRESS_TCP_CONNECT)
 516label(ADDRESS_OPENSSL_LISTEN)dit(bf(tt(OPENSSL-LISTEN:<port>)))
 517   Listens on tcp <port> [link(TCP service)(TYPE_TCP_SERVICE)].
 518   The IP version is 4 or the one specified with
 519   link(pf)(OPTION_PROTOCOL_FAMILY). When a
 520   connection is accepted, this address behaves as SSL server.nl()
 521   Note: You probably want to use the link(certificate)(OPTION_OPENSSL_CERTIFICATE) option with this address.nl()
 522   NOTE: The client certificate is only checked for validity against
 523   link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH),
 524   but not for match with the client's name or its IP address!nl()
 525   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(LISTEN)(GROUP_LISTEN),link(OPENSSL)(GROUP_OPENSSL),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(RETRY)(GROUP_RETRY) nl()
 526   Useful options:
 527   link(pf)(OPTION_PROTOCOL_FAMILY),
 528   link(cipher)(OPTION_OPENSSL_CIPHERLIST),
 529   link(method)(OPTION_OPENSSL_METHOD),
 530   link(verify)(OPTION_OPENSSL_VERIFY),
 531   link(cafile)(OPTION_OPENSSL_CAFILE),
 532   link(capath)(OPTION_OPENSSL_CAPATH),
 533   link(certificate)(OPTION_OPENSSL_CERTIFICATE),
 534   link(key)(OPTION_OPENSSL_KEY),
 535   link(compress)(OPTION_OPENSSL_COMPRESS),
 536   link(fork)(OPTION_FORK),
 537   link(bind)(OPTION_BIND),
 538   link(range)(OPTION_RANGE),
 539   link(tcpwrap)(OPTION_TCPWRAPPERS),
 540   link(su)(OPTION_SUBSTUSER),
 541   link(reuseaddr)(OPTION_REUSEADDR),
 542   link(retry)(OPTION_RETRY)nl()
 543   See also:
 544   link(OPENSSL)(ADDRESS_OPENSSL_CONNECT),
 545   link(TCP-LISTEN)(ADDRESS_TCP_LISTEN)
 546label(ADDRESS_NAMED_PIPE)dit(bf(tt(PIPE:<filename>)))
 547   If link(<filename>)(TYPE_FILENAME) already exists, it is opened.
 548   If it does not exist, a named pipe is created and opened. Beginning with
 549   socat version 1.4.3, the named pipe is removed when the address is closed
 550   (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)nl()
 551   Note: When a pipe is used for both reading and writing, it works
 552   as echo service.nl()
 553   Note: When a pipe is used for both reading and writing, and socat tries
 554   to write more bytes than the pipe can buffer (Linux 2.4: 2048 bytes), socat
 555   might block. Consider using socat option, e.g., code(-b 2048) nl()
 556   Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl()
 557   Useful options:
 558   link(rdonly)(OPTION_RDONLY),
 559   link(nonblock)(OPTION_NONBLOCK),
 560   link(group)(OPTION_GROUP),
 561   link(user)(OPTION_USER),
 562   link(mode)(OPTION_MODE),
 563   link(unlink-early)(OPTION_UNLINK_EARLY)nl()
 564   See also: link(unnamed pipe)(ADDRESS_UNNAMED_PIPE)
 565label(ADDRESS_UNNAMED_PIPE)dit(bf(tt(PIPE)))
 566   Creates an unnamed pipe and uses it for reading and writing. It works as an
 567   echo, because everything written 
 568   to it appeares immediately as read data.nl()
 569   Note: When socat tries to write more bytes than the pipe can queue (Linux
 570   2.4: 2048 bytes), socat might block. Consider, e.g., using
 571   option code(-b 2048) nl()
 572   Option groups: link(FD)(GROUP_FD) nl()
 573   See also: link(named pipe)(ADDRESS_NAMED_PIPE)
 574label(ADDRESS_PROXY_CONNECT)dit(bf(tt(PROXY:<proxy>:<hostname>:<port>)))
 575   Connects to an HTTP proxy server on port 8080 using TCP/IP  version 4 or 6
 576   depending on address specification, name resolution, or option
 577   link(pf)(OPTION_PROTOCOL_FAMILY), and sends a CONNECT
 578   request for hostname:port. If the proxy grants access and succeeds to
 579   connect to the target, data transfer between socat and the target can
 580   start. Note that the traffic need not be HTTP but can be an arbitrary
 581   protocol. nl()
 582   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(HTTP)(GROUP_HTTP),link(RETRY)(GROUP_RETRY) nl()
 583   Useful options:
 584   link(proxyport)(OPTION_PROXYPORT),
 585   link(ignorecr)(OPTION_IGNORECR),
 586   link(proxyauth)(OPTION_PROXY_AUTHORIZATION),
 587   link(resolve)(OPTION_PROXY_RESOLVE),
 588   link(crnl)(OPTION_CRNL),
 589   link(bind)(OPTION_BIND),
 590   link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
 591   link(mss)(OPTION_MSS),
 592   link(sourceport)(OPTION_SOURCEPORT),
 593   link(retry)(OPTION_RETRY) nl()
 594   See also: link(SOCKS)(ADDRESS_SOCKS4), link(TCP)(ADDRESS_TCP_CONNECT)
 595label(ADDRESS_PTY)dit(bf(tt(PTY)))
 596   Generates a pseudo terminal (pty) and uses its master side. Another process
 597   may open the pty's slave side using it like a serial line or terminal.
 598   (link(example)(EXAMPLE_ADDRESS_PTY)). If
 599   both the ptmx and the openpty mechanisms are available, ptmx is used
 600   (POSIX).nl()
 601   Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(PTY)(GROUP_PTY),link(TERMIOS)(GROUP_TERMIOS) nl()
 602   Useful options:
 603   link(link)(OPTION_SYMBOLIC_LINK),
 604   link(openpty)(OPTION_OPENPTY),
 605   link(wait-slave)(OPTION_PTY_WAIT_SLAVE),
 606   link(mode)(OPTION_MODE),
 607   link(user)(OPTION_USER),
 608   link(group)(OPTION_GROUP)nl()
 609   See also:
 610   link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
 611   link(PIPE)(ADDRESS_NAMED_PIPE),
 612   link(EXEC)(ADDRESS_EXEC), link(SYSTEM)(ADDRESS_SYSTEM)
 613label(ADDRESS_READLINE)dit(bf(tt(READLINE)))
 614   Uses GNU readline and history on stdio to allow editing and reusing input
 615   lines (link(example)(EXAMPLE_ADDRESS_READLINE)). This requires the GNU readline and 
 616   history libraries. Note that stdio should be a (pseudo) terminal device,
 617   otherwise readline does not seem to work.nl()
 618   Option groups: link(FD)(GROUP_FD),link(READLINE)(GROUP_READLINE),link(TERMIOS)(GROUP_TERMIOS) nl()
 619   Useful options:
 620   link(history)(OPTION_HISTORY),
 621   link(noecho)(OPTION_NOECHO)nl()
 622   See also:
 623   link(STDIO)(ADDRESS_STDIO)
 624label(ADDRESS_SCTP_CONNECT)dit(bf(tt(SCTP-CONNECT:<host>:<port>)))
 625   Establishes an SCTP stream connection to the specified <host> [link(IP
 626   address)(TYPE_IP_ADDRESS)] and <port> [link(TCP service)(TYPE_TCP_SERVICE)]
 627   using TCP/IP version 4 or 6 depending on address specification, name
 628   resolution, or option link(pf)(OPTION_PROTOCOL_FAMILY).nl()
 629   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
 630   Useful options:
 631   link(bind)(OPTION_BIND),
 632   link(pf)(OPTION_PROTOCOL_FAMILY),
 633   link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
 634   link(tos)(OPTION_TOS),
 635   link(mtudiscover)(OPTION_MTUDISCOVER),
 636   link(sctp-maxseg)(OPTION_SCTP_MAXSEG),
 637   link(sctp-nodelay)(OPTION_SCTP_NODELAY),
 638   link(nonblock)(OPTION_NONBLOCK),
 639   link(sourceport)(OPTION_SOURCEPORT),
 640   link(retry)(OPTION_RETRY),
 641   link(readbytes)(OPTION_READBYTES)nl()
 642   See also:
 643   link(SCTP4-CONNECT)(ADDRESS_SCTP4_CONNECT),
 644   link(SCTP6-CONNECT)(ADDRESS_SCTP6_CONNECT),
 645   link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN),
 646   link(TCP-CONNECT)(ADDRESS_TCP_CONNECT)
 647label(ADDRESS_SCTP4_CONNECT)dit(bf(tt(SCTP4-CONNECT:<host>:<port>)))
 648   Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv4 protocol.nl()
 649   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
 650label(ADDRESS_SCTP6_CONNECT)dit(bf(tt(SCTP6-CONNECT:<host>:<port>)))
 651   Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv6 protocol.nl()
 652   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl()
 653label(ADDRESS_SCTP_LISTEN)dit(bf(tt(SCTP-LISTEN:<port>)))
 654   Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a
 655   TCP/IP connection. The IP version is 4 or the one specified with
 656   address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option
 657   (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP).
 658   Note that opening
 659   this address usually blocks until a client connects.nl()
 660   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
 661   Useful options:
 662   link(crnl)(OPTION_CRNL),
 663   link(fork)(OPTION_FORK),
 664   link(bind)(OPTION_BIND),
 665   link(range)(OPTION_RANGE),
 666   link(tcpwrap)(OPTION_TCPWRAPPERS),
 667   link(pf)(OPTION_PROTOCOL_FAMILY),
 668   link(max-children)(OPTION_MAX_CHILDREN),
 669   link(backlog)(OPTION_BACKLOG),
 670   link(sctp-maxseg)(OPTION_SCTP_MAXSEG),
 671   link(sctp-nodelay)(OPTION_SCTP_NODELAY),
 672   link(su)(OPTION_SUBSTUSER),
 673   link(reuseaddr)(OPTION_REUSEADDR),
 674   link(retry)(OPTION_RETRY),
 675   link(cool-write)(OPTION_COOL_WRITE)nl()
 676   See also:
 677   link(SCTP4-LISTEN)(ADDRESS_SCTP4_LISTEN),
 678   link(SCTP6-LISTEN)(ADDRESS_SCTP6_LISTEN),
 679   link(TCP-LISTEN)(ADDRESS_TCP_LISTEN),
 680   link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT)
 681label(ADDRESS_SCTP4_LISTEN)dit(bf(tt(SCTP4-LISTEN:<port>)))
 682   Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv4
 683   protocol.nl() 
 684   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
 685label(ADDRESS_SCTP6_LISTEN)dit(bf(tt(SCTP6-LISTEN:<port>)))
 686   Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv6
 687   protocol.nl() 
 688   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl()
 689label(ADDRESS_SOCKET_CONNECT)dit(bf(tt(SOCKET-CONNECT:<domain>:<protocol>:<remote-address>)))
 690   Creates a stream socket using the first and second given socket parameters
 691   and tt(SOCK_STREAM) (see man socket\(2)) and connects to the remote-address.
 692   The two socket parameters have to be specified by link(int)(TYPE_INT)
 693   numbers. Consult your OS documentation and include files to find the
 694   appropriate values. The remote-address must be the link(data)(TYPE_DATA)
 695   representation of a sockaddr structure without sa_family and (BSD) sa_len
 696   components.nl()
 697   Please note that you can - beyond the options of the specified groups - also
 698   use options of higher level protocols when you apply socat option
 699   link(-g)(option_g).nl()
 700   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl()
 701   Useful options:
 702   link(bind)(OPTION_BIND),
 703   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 704   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 705   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 706   nl()
 707   See also:
 708   link(TCP)(ADDRESS_TCP_CONNECT),
 709   link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
 710   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
 711   link(SOCKET-LISTEN)(ADDRESS_SOCKET_LISTEN),
 712   link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO)
 713label(ADDRESS_SOCKET_DATAGRAM)dit(bf(tt(SOCKET-DATAGRAM:<domain>:<type>:<protocol>:<remote-address>)))
 714   Creates a datagram socket using the first three given socket parameters (see
 715   man socket\(2)) and sends outgoing data to the remote-address. The three
 716   socket parameters have to be specified by link(int)(TYPE_INT)
 717   numbers. Consult your OS documentation and include files to find the
 718   appropriate values. The remote-address must be the link(data)(TYPE_DATA)
 719   representation of a sockaddr structure without sa_family and (BSD) sa_len
 720   components.nl()
 721   Please note that you can - beyond the options of the specified groups - also
 722   use options of higher level protocols when you apply socat option
 723   link(-g)(option_g).nl()
 724   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl()
 725   Useful options:
 726   link(bind)(OPTION_BIND),
 727   link(range)(OPTION_RANGE),
 728   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 729   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 730   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 731   nl()
 732   See also:
 733   link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM),
 734   link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM),
 735   link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
 736   link(SOCKET-RECV)(ADDRESS_SOCKET_RECV),
 737   link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
 738label(ADDRESS_SOCKET_LISTEN)dit(bf(tt(SOCKET-LISTEN:<domain>:<protocol>:<local-address>)))
 739   Creates a stream socket using the first and second given socket parameters
 740   and tt(SOCK_STREAM) (see man socket\(2)) and waits for incoming connections
 741   on local-address. The two socket parameters have to be specified by
 742   link(int)(TYPE_INT) numbers. Consult your OS documentation and include files
 743   to find the appropriate values. The local-address must be the
 744   link(data)(TYPE_DATA) representation of a sockaddr structure without
 745   sa_family and (BSD) sa_len components.nl()
 746   Please note that you can - beyond the options of the specified groups - also
 747   use options of higher level protocols when you apply socat option
 748   link(-g)(option_g).nl()
 749   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(RANGE)(GROUP_RANGE),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl()
 750   Useful options:
 751   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 752   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 753   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 754   nl()
 755   See also:
 756   link(TCP)(ADDRESS_TCP_LISTEN),
 757   link(UDP-CONNECT)(ADDRESS_UDP_LISTEN),
 758   link(UNIX-CONNECT)(ADDRESS_UNIX_LISTEN),
 759   link(SOCKET-LISTEN)(ADDRESS_SOCKET_CONNECT),
 760   link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECVFROM),
 761   link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECV)
 762label(ADDRESS_SOCKET_RECV)dit(bf(tt(SOCKET-RECV:<domain>:<type>:<protocol>:<local-address>)))
 763   Creates a socket using the three given socket parameters (see man socket\(2))
 764   and binds it to <local-address>. Receives arriving data. The three
 765   parameters have to be specified by link(int)(TYPE_INT) numbers. Consult your
 766   OS documentation and include files to find the appropriate values. The
 767   local-address must be the link(data)(TYPE_DATA) representation of a sockaddr
 768   structure without sa_family and (BSD) sa_len components.nl()
 769   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl()
 770   Useful options:
 771   link(range)(OPTION_RANGE),
 772   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 773   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 774   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 775   nl()
 776   See also:
 777   link(UDP-RECV)(ADDRESS_UDP_RECV),
 778   link(IP-RECV)(ADDRESS_IP_RECV),
 779   link(UNIX-RECV)(ADDRESS_UNIX_RECV),
 780   link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
 781   link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
 782   link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
 783label(ADDRESS_SOCKET_RECVFROM)dit(bf(tt(SOCKET-RECVFROM:<domain>:<type>:<protocol>:<local-address>)))
 784   Creates a socket using the three given socket parameters (see man socket\(2))
 785   and binds it to <local-address>. Receives arriving data and sends replies
 786   back to the sender. The first three parameters have to be specified as
 787   link(int)(TYPE_INT) numbers. Consult your OS documentation and include files
 788   to find the appropriate values. The local-address must be the
 789   link(data)(TYPE_DATA) representation of a sockaddr structure without
 790   sa_family and (BSD) sa_len components.nl()
 791   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)nl()
 792   Useful options:
 793   link(fork)(OPTION_FORK),
 794   link(range)(OPTION_RANGE),
 795   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 796   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 797   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 798   nl()
 799   See also:
 800   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
 801   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
 802   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
 803   link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
 804   link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO),
 805   link(SOCKET-RECV)(ADDRESS_SOCKET_RECV)
 806label(ADDRESS_SOCKET_SENDTO)dit(bf(tt(SOCKET-SENDTO:<domain>:<type>:<protocol>:<remote-address>)))
 807   Creates a socket using the three given socket parameters (see man
 808   socket\(2)). Sends outgoing data to the given address and receives replies.
 809   The three parameters have to be specified as link(int)(TYPE_INT)
 810   numbers. Consult your OS documentation and include files to find the
 811   appropriate values. The remote-address must be the link(data)(TYPE_DATA)
 812   representation of a sockaddr structure without sa_family and (BSD) sa_len
 813   components.nl()
 814   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET)nl()
 815   Useful options:
 816   link(bind)(OPTION_BIND),
 817   link(setsockopt-int)(OPTION_SETSOCKOPT_INT),
 818   link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN),
 819   link(setsockopt-string)(OPTION_SETSOCKOPT_STRING)
 820   nl()
 821   See also:
 822   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
 823   link(IP-SENDTO)(ADDRESS_IP_SENDTO),
 824   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
 825   link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM),
 826   link(SOCKET-RECV)(ADDRESS_SOCKET_RECV)
 827   link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM)
 828label(ADDRESS_SOCKS4)dit(bf(tt(SOCKS4:<socks-server>:<host>:<port>)))
 829   Connects via <socks-server> [link(IP address)(TYPE_IP_ADDRESS)]
 830   to <host> [link(IPv4 address)(TYPE_IPV4_ADDRESS)]
 831   on <port> [link(TCP service)(TYPE_TCP_SERVICE)],
 832   using socks version 4 protocol over IP version 4 or 6 depending on address specification, name resolution, or option
 833   link(pf)(OPTION_PROTOCOL_FAMILY) (link(example)(EXAMPLE_ADDRESS_SOCKS4)).nl()
 834   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl()
 835   Useful options:
 836   link(socksuser)(OPTION_SOCKSUSER),
 837   link(socksport)(OPTION_SOCKSPORT),
 838   link(sourceport)(OPTION_SOURCEPORT),
 839   link(pf)(OPTION_PROTOCOL_FAMILY),
 840   link(retry)(OPTION_RETRY)nl()
 841   See also:
 842   link(SOCKS4A)(ADDRESS_SOCKS4A),
 843   link(PROXY)(ADDRESS_PROXY_CONNECT),
 844   link(TCP)(ADDRESS_TCP_CONNECT)
 845label(ADDRESS_SOCKS4A)dit(bf(tt(SOCKS4A:<socks-server>:<host>:<port>)))
 846   like link(SOCKS4)(ADDRESS_SOCKS4), but uses socks protocol version 4a, thus
 847   leaving host name resolution to the socks server.nl()
 848   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl()
 849label(ADDRESS_STDERR)dit(bf(tt(STDERR)))
 850   Uses file descriptor 2.nl()
 851   Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
 852   See also: link(FD)(ADDRESS_FD)
 853label(ADDRESS_STDIN)dit(bf(tt(STDIN)))
 854   Uses file descriptor 0.nl()
 855   Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
 856   Useful options:
 857   link(readbytes)(OPTION_READBYTES)nl()
 858   See also: link(FD)(ADDRESS_FD)
 859label(ADDRESS_STDIO)dit(bf(tt(STDIO)))
 860   Uses file descriptor 0 for reading, and 1 for writing.nl()
 861   Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
 862   Useful options:
 863   link(readbytes)(OPTION_READBYTES)nl()
 864   See also: link(FD)(ADDRESS_FD)
 865label(ADDRESS_STDOUT)dit(bf(tt(STDOUT)))
 866   Uses file descriptor 1.nl()
 867   Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl()
 868   See also: link(FD)(ADDRESS_FD)
 869label(ADDRESS_SYSTEM)dit(bf(tt(SYSTEM:<shell-command>)))
 870   Forks a sub process that establishes communication with its parent process
 871   and invokes the specified program with code(system()). Please note that
 872   <shell-command> [link(string)(TYPE_STRING)] must 
 873   not contain ',' or "!!", and that shell meta characters may have to be
 874   protected.
 875   After successful program start, socat() writes data to stdin of the 
 876   process and reads from its stdout.nl()
 877   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl()
 878   Useful options:
 879   link(path)(OPTION_PATH),
 880   link(fdin)(OPTION_FDIN),
 881   link(fdout)(OPTION_FDOUT),
 882   link(chroot)(OPTION_CHROOT),
 883   link(su)(OPTION_SUBSTUSER),
 884   link(su-d)(OPTION_SUBSTUSER_DELAYED),
 885   link(nofork)(OPTION_NOFORK),
 886   link(pty)(OPTION_PTY),
 887   link(stderr)(OPTION_STDERR),
 888   link(ctty)(OPTION_CTTY),
 889   link(setsid)(OPTION_SETSID),
 890   link(pipes)(OPTION_PIPES),
 891   link(sigint)(OPTION_SIGINT),
 892   link(sigquit)(OPTION_SIGQUIT)nl()
 893   See also: link(EXEC)(ADDRESS_EXEC)
 894label(ADDRESS_TCP_CONNECT)dit(bf(tt(TCP:<host>:<port>)))
 895   Connects to <port> [link(TCP service)(TYPE_TCP_SERVICE)] on
 896   <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6
 897   depending on address specification, name resolution, or option
 898   link(pf)(OPTION_PROTOCOL_FAMILY).nl() 
 899   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 900   Useful options:
 901   link(crnl)(OPTION_CRNL),
 902   link(bind)(OPTION_BIND),
 903   link(pf)(OPTION_PROTOCOL_FAMILY),
 904   link(connect-timeout)(OPTION_CONNECT_TIMEOUT),
 905   link(tos)(OPTION_TOS),
 906   link(mtudiscover)(OPTION_MTUDISCOVER),
 907   link(mss)(OPTION_MSS),
 908   link(nodelay)(OPTION_NODELAY),
 909   link(nonblock)(OPTION_NONBLOCK),
 910   link(sourceport)(OPTION_SOURCEPORT),
 911   link(retry)(OPTION_RETRY),
 912   link(readbytes)(OPTION_READBYTES)nl()
 913   See also:
 914   link(TCP4)(ADDRESS_TCP4_CONNECT),
 915   link(TCP6)(ADDRESS_TCP6_CONNECT),
 916   link(TCP-LISTEN)(ADDRESS_TCP_LISTEN),
 917   link(UDP)(ADDRESS_UDP_CONNECT),
 918   link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT),
 919   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT)
 920label(ADDRESS_TCP4_CONNECT)dit(bf(tt(TCP4:<host>:<port>)))
 921   Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv4 protocol (link(example)(EXAMPLE_ADDRESS_TCP4_CONNECT)).nl()
 922   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 923label(ADDRESS_TCP6_CONNECT)dit(bf(tt(TCP6:<host>:<port>)))
 924   Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv6 protocol.nl()
 925   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 926label(ADDRESS_TCP_LISTEN)dit(bf(tt(TCP-LISTEN:<port>)))
 927   Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a
 928   TCP/IP connection. The IP version is 4 or the one specified with
 929   address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option
 930   (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP).
 931   Note that opening
 932   this address usually blocks until a client connects.nl()
 933   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 934   Useful options:
 935   link(crnl)(OPTION_CRNL),
 936   link(fork)(OPTION_FORK),
 937   link(bind)(OPTION_BIND),
 938   link(range)(OPTION_RANGE),
 939   link(tcpwrap)(OPTION_TCPWRAPPERS),
 940   link(pf)(OPTION_PROTOCOL_FAMILY),
 941   link(max-children)(OPTION_MAX_CHILDREN),
 942   link(backlog)(OPTION_BACKLOG),
 943   link(mss)(OPTION_MSS),
 944   link(su)(OPTION_SUBSTUSER),
 945   link(reuseaddr)(OPTION_REUSEADDR),
 946   link(retry)(OPTION_RETRY),
 947   link(cool-write)(OPTION_COOL_WRITE)nl()
 948   See also:
 949   link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN),
 950   link(TCP6-LISTEN)(ADDRESS_TCP6_LISTEN),
 951   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
 952   link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN),
 953   link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
 954   link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN),
 955   link(TCP-CONNECT)(ADDRESS_TCP_CONNECT)
 956label(ADDRESS_TCP4_LISTEN)dit(bf(tt(TCP4-LISTEN:<port>)))
 957   Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv4
 958   protocol (link(example)(EXAMPLE_ADDRESS_TCP4_LISTEN)).nl() 
 959   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 960label(ADDRESS_TCP6_LISTEN)dit(bf(tt(TCP6-LISTEN:<port>)))
 961   Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv6
 962   protocol.nl()
 963   Additional useful option:
 964   link(ipv6only)(OPTION_IPV6_V6ONLY)nl()
 965   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
 966label(ADDRESS_TUN)dit(bf(tt(TUN[:<if-addr>/<bits>])))
 967   Creates a Linux TUN/TAP device and optionally assignes it the address and
 968   netmask given by the parameters. The resulting network interface is almost
 969   ready for use by other processes; socat serves its "wire side". This address
 970   requires read and write access to the tunnel cloning device, usually
 971   code(/dev/net/tun), as well as permission to set some tt(ioctl()s).
 972   bf(Option iff-up is required to immediately activate the interface!)nl() 
 973   Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN),link(TUN)(GROUP_TUN) nl()
 974   Useful options:
 975   link(iff-up)(OPTION_IFF_UP),
 976   link(tun-device)(OPTION_TUN_DEVICE),
 977   link(tun-name)(OPTION_TUN_NAME),
 978   link(tun-type)(OPTION_TUN_TYPE),
 979   link(iff-no-pi)(OPTION_IFF_NO_PI) nl()
 980   See also:
 981   link(ip-recv)(ADDRESS_IP_RECV)
 982label(ADDRESS_UDP_CONNECT)dit(bf(tt(UDP:<host>:<port>)))
 983   Connects to <port> [link(UDP service)(TYPE_UDP_SERVICE)] on
 984   <host> [link(IP address)(TYPE_IP_ADDRESS)] using UDP/IP version 4 or 6
 985   depending on address specification, name resolution, or option
 986   link(pf)(OPTION_PROTOCOL_FAMILY).nl()
 987   Please note that,
 988   due to UDP protocol properties, no real connection is established; data has
 989   to be sent for `connecting' to the server, and no end-of-file condition can
 990   be transported.nl()
 991   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
 992   Useful options:
 993   link(ttl)(OPTION_TTL),
 994   link(tos)(OPTION_TOS),
 995   link(bind)(OPTION_BIND),
 996   link(sourceport)(OPTION_SOURCEPORT),
 997   link(pf)(OPTION_PROTOCOL_FAMILY)nl()
 998   See also:
 999   link(UDP4)(ADDRESS_UDP4_CONNECT),
1000   link(UDP6)(ADDRESS_UDP6_CONNECT),
1001   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1002   link(TCP)(ADDRESS_TCP_CONNECT),
1003   link(IP)(ADDRESS_IP_SENDTO)
1004label(ADDRESS_UDP4_CONNECT)dit(bf(tt(UDP4:<host>:<port>)))
1005   Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv4 protocol.nl()
1006   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl()
1007label(ADDRESS_UDP6_CONNECT)dit(bf(tt(UDP6:<host>:<port>)))
1008   Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv6 protocol.nl()
1009   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl()
1010label(ADDRESS_UDP_DATAGRAM)dit(bf(tt(UDP-DATAGRAM:<address>:<port>)))
1011   Sends outgoing data to the specified address which may in particular be a
1012   broadcast or multicast address. Packets arriving on the local socket are
1013   checked for the correct remote port and if their source addresses match
1014   link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS)
1015   options. This address type can for example be used for implementing
1016   symmetric or asymmetric broadcast or multicast communications.nl()
1017   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
1018   Useful options:
1019   link(bind)(OPTION_BIND),
1020   link(range)(OPTION_RANGE),
1021   link(tcpwrap)(OPTION_TCPWRAPPERS),
1022   link(broadcast)(OPTION_SO_BROADCAST),
1023   link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP),
1024   link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL),
1025   link(ip-multicast-if)(OPTION_IP_MULTICAST_IF),
1026   link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP),
1027   link(ttl)(OPTION_TTL),
1028   link(tos)(OPTION_TOS),
1029   link(sourceport)(OPTION_SOURCEPORT),
1030   link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1031   See also:
1032   link(UDP4-DATAGRAM)(ADDRESS_UDP4_DATAGRAM),
1033   link(UDP6-DATAGRAM)(ADDRESS_UDP6_DATAGRAM),
1034   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1035   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1036   link(UDP-RECV)(ADDRESS_UDP_RECV),
1037   link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1038   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1039   link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM)
1040label(ADDRESS_UDP4_DATAGRAM)dit(bf(tt(UDP4-DATAGRAM:<address>:<port>)))
1041   Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv4
1042   protocol (link(example1)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT),
1043   link(example2)(EXAMPLE_ADDRESS_UDP4_MULTICAST)).nl() 
1044   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4), link(RANGE)(GROUP_RANGE)
1045label(ADDRESS_UDP6_DATAGRAM)dit(bf(tt(UDP6-DATAGRAM:<address>:<port>)))
1046   Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv6
1047   protocol.nl() 
1048   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE)
1049label(ADDRESS_UDP_LISTEN)dit(bf(tt(UDP-LISTEN:<port>)))
1050   Waits for a UDP/IP packet arriving on <port>
1051   [link(UDP service)(TYPE_UDP_SERVICE)] and `connects' back to sender.
1052   The accepted IP version is 4 or the one specified with option
1053   link(pf)(OPTION_PROTOCOL_FAMILY).
1054   Please note that,
1055   due to UDP protocol properties, no real connection is established; data has
1056   to arrive from the peer first, and no end-of-file condition can be
1057   transported. Note that opening  
1058   this address usually blocks until a client connects.nl()
1059   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
1060   Useful options:
1061   link(fork)(OPTION_FORK),
1062   link(bind)(OPTION_BIND),
1063   link(range)(OPTION_RANGE),
1064   link(pf)(OPTION_PROTOCOL_FAMILY) nl()
1065   See also:
1066   link(UDP)(ADDRESS_UDP_CONNECT),
1067   link(UDP4-LISTEN)(ADDRESS_UDP4_LISTEN),
1068   link(UDP6-LISTEN)(ADDRESS_UDP6_LISTEN),
1069   link(TCP-LISTEN)(ADDRESS_TCP_LISTEN)
1070label(ADDRESS_UDP4_LISTEN)dit(bf(tt(UDP4-LISTEN:<port>)))
1071   Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv4
1072   protocol.nl()
1073   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4) nl()
1074label(ADDRESS_UDP6_LISTEN)dit(bf(tt(UDP6-LISTEN:<port>)))
1075   Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv6
1076   protocol.nl()
1077   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6) nl()
1078label(ADDRESS_UDP_SENDTO)dit(bf(tt(UDP-SENDTO:<host>:<port>)))
1079   Communicates with the specified peer socket, defined by <port> [link(UDP
1080   service)(TYPE_UDP_SERVICE)] on
1081   <host> [link(IP address)(TYPE_IP_ADDRESS)], using UDP/IP version 4 or 6
1082   depending on address specification, name resolution, or option
1083   link(pf)(OPTION_PROTOCOL_FAMILY). It sends packets to and receives packets
1084   from that peer socket only.  
1085   This address effectively implements a datagram client.
1086   It works well with socat UDP-RECVFROM and UDP-RECV address peers.nl()
1087   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl()
1088   Useful options:
1089   link(ttl)(OPTION_TTL),
1090   link(tos)(OPTION_TOS),
1091   link(bind)(OPTION_BIND),
1092   link(sourceport)(OPTION_SOURCEPORT),
1093   link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1094   See also:
1095   link(UDP4-SENDTO)(ADDRESS_UDP4_SENDTO),
1096   link(UDP6-SENDTO)(ADDRESS_UDP6_SENDTO),
1097   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1098   link(UDP-RECV)(ADDRESS_UDP_RECV),
1099   link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1100   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1101   link(IP-SENDTO)(ADDRESS_IP_SENDTO)
1102label(ADDRESS_UDP4_SENDTO)dit(bf(tt(UDP4-SENDTO:<host>:<port>)))
1103   Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv4
1104   protocol.nl() 
1105   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4)
1106label(ADDRESS_UDP6_SENDTO)dit(bf(tt(UDP6-SENDTO:<host>:<port>)))
1107   Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv6
1108   protocol.nl()
1109   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6)
1110
1111label(ADDRESS_UDP_RECVFROM)dit(bf(tt(UDP-RECVFROM:<port>)))
1112   Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using
1113   UDP/IP version 4 or 6 
1114   depending on option link(pf)(OPTION_PROTOCOL_FAMILY).
1115   It receives one packet from an unspecified peer and may send one or more
1116   answer packets to that peer. This mode is particularly useful with fork
1117   option 
1118   where each arriving packet - from arbitrary peers - is handled by its own sub
1119   process. This allows a behaviour similar to typical UDP based servers like ntpd
1120   or named. This address works well with socat UDP-SENDTO address peers.nl()
1121   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl()
1122   Useful options:
1123   link(fork)(OPTION_FORK),
1124   link(ttl)(OPTION_TTL),
1125   link(tos)(OPTION_TOS),
1126   link(bind)(OPTION_BIND),
1127   link(sourceport)(OPTION_SOURCEPORT),
1128   link(pf)(OPTION_PROTOCOL_FAMILY)nl()
1129   See also:
1130   link(UDP4-RECVFROM)(ADDRESS_UDP4_RECVFROM),
1131   link(UDP6-RECVFROM)(ADDRESS_UDP6_RECVFROM),
1132   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1133   link(UDP-RECV)(ADDRESS_UDP_RECV),
1134   link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1135   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1136   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM),
1137   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM)
1138label(ADDRESS_UDP4_RECVFROM)dit(bf(tt(UDP4-RECVFROM:<port>)))
1139   Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv4 protocol.nl()
1140   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)
1141label(ADDRESS_UDP6_RECVFROM)dit(bf(tt(UDP6-RECVFROM:<port>)))
1142   Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv6 protocol.nl()
1143   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)
1144
1145label(ADDRESS_UDP_RECV)dit(bf(tt(UDP-RECV:<port>)))
1146   Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using UDP/IP version 4 or 6
1147   depending on option link(pf)(OPTION_PROTOCOL_FAMILY).
1148   It receives packets from multiple unspecified peers and merges the data.
1149   No replies are possible. It works well with, e.g., socat UDP-SENDTO address peers; it behaves similar to a syslog server.nl()
1150   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl()
1151   Useful options:
1152   link(fork)(OPTION_FORK),
1153   link(pf)(OPTION_PROTOCOL_FAMILY),
1154   link(bind)(OPTION_BIND),
1155   link(sourceport)(OPTION_SOURCEPORT),
1156   link(ttl)(OPTION_TTL),
1157   link(tos)(OPTION_TOS)nl()
1158   See also:
1159   link(UDP4-RECV)(ADDRESS_UDP4_RECV),
1160   link(UDP6-RECV)(ADDRESS_UDP6_RECV),
1161   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1162   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1163   link(UDP-CONNECT)(ADDRESS_UDP_CONNECT),
1164   link(UDP-LISTEN)(ADDRESS_UDP_LISTEN),
1165   link(IP-RECV)(ADDRESS_IP_RECV),
1166   link(UNIX-RECV)(ADDRESS_UNIX_RECV)
1167label(ADDRESS_UDP4_RECV)dit(bf(tt(UDP4-RECV:<port>)))
1168   Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv4 protocol.nl()
1169   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE)
1170label(ADDRESS_UDP6_RECV)dit(bf(tt(UDP6-RECV:<port>)))
1171   Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv6 protocol.nl()
1172   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE)
1173
1174label(ADDRESS_UNIX_CONNECT)dit(bf(tt(UNIX-CONNECT:<filename>)))
1175   Connects to link(<filename>)(TYPE_FILENAME) assuming it is a unixdomain()
1176   socket.
1177   If <filename> does not exist, this is an error;
1178   if <filename> is not a unixdomain() socket, this is an error;
1179   if <filename> is a unixdomain() socket, but no process is listening, this is
1180   an error.nl() 
1181   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl())
1182   Useful options:
1183   link(bind)(OPTION_BIND)nl()
1184   See also:
1185   link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1186   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1187   link(TCP)(ADDRESS_TCP_CONNECT)
1188
1189label(ADDRESS_UNIX_LISTEN)dit(bf(tt(UNIX-LISTEN:<filename>)))
1190   Listens on link(<filename>)(TYPE_FILENAME) using a unixdomain() stream
1191   socket and accepts a connection.
1192   If <filename> exists and is not a socket, this is an error.
1193   If <filename> exists and is a unixdomain() socket, binding to the address
1194   fails (use option link(unlink-early)(OPTION_UNLINK_EARLY)!).
1195   Note that opening this address usually blocks until a client connects.
1196   Beginning with socat version 1.4.3, the file system entry is removed when
1197   this address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)) (link(example)(EXAMPLE_ADDRESS_UNIX_LISTEN)).nl()
1198   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl()
1199   Useful options:
1200   link(fork)(OPTION_FORK),
1201   link(umask)(OPTION_UMASK),
1202   link(mode)(OPTION_MODE),
1203   link(user)(OPTION_USER),
1204   link(group)(OPTION_GROUP),
1205   link(unlink-early)(OPTION_UNLINK_EARLY)nl() 
1206   See also:
1207   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1208   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1209   link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1210   link(TCP-LISTEN)(ADDRESS_TCP4_LISTEN)
1211
1212label(ADDRESS_UNIX_SENDTO)dit(bf(tt(UNIX-SENDTO:<filename>)))
1213   Communicates with the specified peer socket, defined by [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() datagram socket.
1214   It sends packets to and receives packets from that peer socket only.
1215   Please note that it might be neccessary to link(bind)(OPTION_BIND) the
1216   local socket to an address (e.g. tt(/tmp/sock1), which must not exist
1217   before).
1218   This address type works well with socat UNIX-RECVFROM and UNIX-RECV address
1219   peers.nl() 
1220   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX)nl()
1221   Useful options:
1222   link(bind)(OPTION_BIND)nl()
1223   See also:
1224   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1225   link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1226   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1227   link(UDP-SENDTO)(ADDRESS_UDP_SENDTO),
1228   link(IP-SENDTO)(ADDRESS_IP_SENDTO)
1229
1230label(ADDRESS_UNIX_RECVFROM)dit(bf(tt(UNIX-RECVFROM:<filename>)))
1231   Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)].
1232   Receives one packet and may send one or more answer packets to that peer.
1233   This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.
1234   This address works well with socat UNIX-SENDTO address peers.nl()
1235   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(CHILD)(GROUP_CHILD),link(UNIX)(GROUP_SOCK_UNIX) nl()
1236   Useful options:
1237   link(fork)(OPTION_FORK)nl()
1238   See also:
1239   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1240   link(UNIX-RECV)(ADDRESS_UNIX_RECV),
1241   link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1242   link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM),
1243   link(IP-RECVFROM)(ADDRESS_IP_RECVFROM)
1244
1245label(ADDRESS_UNIX_RECV)dit(bf(tt(UNIX-RECV:<filename>)))
1246   Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)].
1247   Receives packets from multiple unspecified peers and merges the data.
1248   No replies are possible. It can be, e.g., addressed by socat UNIX-SENDTO address peers.
1249   It behaves similar to a syslog server.
1250   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl()
1251   See also:
1252   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1253   link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM),
1254   link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN),
1255   link(UDP-RECV)(ADDRESS_UDP_RECV),
1256   link(IP-RECV)(ADDRESS_IP_RECV)
1257
1258label(ADDRESS_UNIX_CLIENT)dit(bf(tt(UNIX-CLIENT:<filename>)))
1259   Communicates with the specified peer socket, defined by
1260   [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() socket.
1261   It first tries to connect and, if that fails, assumes it is a datagram
1262   socket, thus supporting both types.nl()
1263   Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl()
1264   Useful options:
1265   link(bind)(OPTION_BIND)nl()
1266   See also:
1267   link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT),
1268   link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO),
1269   link(GOPEN)(ADDRESS_GOPEN)
1270
1271dit(bf(tt(ABSTRACT-CONNECT:<string>)))
1272dit(bf(tt(ABSTRACT-LISTEN:<string>)))
1273dit(bf(tt(ABSTRACT-SENDTO:<string>)))
1274dit(bf(tt(ABSTRACT-RECVFROM:<string>)))
1275dit(bf(tt(ABSTRACT-RECV:<string>)))
1276dit(bf(tt(ABSTRACT-CLIENT:<string>)))
1277   The ABSTRACT addresses are almost identical to the related UNIX addresses
1278   except that they do not address file system based sockets but an alternate
1279   unixdomain() address space. To archieve this the socket address strings are
1280   prefixed with "\0" internally. This feature is available (only?) on Linux.
1281   Option groups are the same as with the related UNIX addresses, except that
1282   the ABSTRACT addresses are not member of the NAMED group.
1283enddit()
1284
1285
1286label(ADDRESS_OPTIONS)
1287manpagesection(ADDRESS OPTIONS)
1288
1289Address options can be applied to address specifications to influence the
1290process of opening the addresses and the 
1291properties of the resulting data channels. 
1292
1293For technical reasons not every option can be
1294applied to every address type; e.g., applying a socket option to a regular file
1295will fail. To catch most useless combinations as early as in the open phase,
1296the concept of em(option groups) was introduced. Each option belongs to one
1297or more option groups. Options can be used only with address types that support
1298at least one of their option groups (but see link(option -g)(option_g)).
1299
1300Address options have data types that their values must conform to. 
1301Every address option consists of just a keyword or a keyword followed by
1302"=value", where value must conform to the options type.
1303COMMENT(Options that trigger a call with
1304trivial parameters are described with type BOOL which might be misleading.)
1305Some address options manipulate parameters of system calls;
1306e.g., option sync sets the code(O_SYNC) flag with the code(open()) call. 
1307Other options cause a system or library call; e.g., with option `ttl=value'
1308the code(setsockopt(fd, SOL_IP, IP_TTL, value, sizeof(int))) call is applied.
1309Other
1310options set internal socat() variables that are used during data transfer;
1311e.g., `crnl' causes explicit character conversions. 
1312A few options have more complex implementations; e.g., su-d
1313(substuser-delayed) inquires some user and group infos, stores them, and
1314applies them later after a possible code(chroot()) call.
1315
1316If multiple options are given to an address, their sequence in the address specification has (almost) no
1317effect on the sequence of their execution/application. Instead, socat() has
1318built in an em(option phase) model that tries to bring the options in a useful
1319order. Some options exist in different forms (e.g., 
1320unlink, unlink-early, unlink-late) to control the time of their execution.
1321
1322If the same option is specified more than once within one address
1323specification, with equal or different values, the effect depends on the kind of option. Options
1324resulting in function calls like code(setsockopt()) cause multiple
1325invocations. With options that set parameters for a required call like
1326code(open()) 
1327or set internal flags, the value of the last option occurrence is effective.
1328
1329The existence or semantics of many options are system dependent. Socat()
1330usually does NOT try to emulate missing libc or kernel features, it just
1331provides an 
1332interface to the underlying system. So, if an operating system lacks a feature,
1333the related option is simply not available on this platform.
1334
1335The following paragraphs introduce just the more common address options. For
1336a more comprehensive reference and to find information about canonical option
1337names, alias names, option phases, and platforms see file file(xio.help). 
1338nl() nl()
1339
1340startdit()enddit()nl()
1341
1342
1343label(GROUP_FD)em(bf(FD option group))
1344
1345This option group contains options that are applied to a unix()
1346style file descriptor, no matter how it was generated.
1347Because all current socat() address types are file descriptor based, these
1348options may be applied to any address. nl()
1349Note: Some of these options are also member of another option group, that
1350provides an other, non-fd based mechanism.
1351For these options, it depends on the actual address type and its option groups 
1352which mechanism is used. The second, non-fd based mechanism is prioritized.
1353startdit()
1354label(OPTION_CLOEXEC)dit(bf(tt(cloexec=<bool>)))
1355   Sets the code(FD_CLOEXEC) flag with the code(fcntl()) system call to value
1356   link(<bool>)(TYPE_BOOL). If set,
1357   the file descriptor is closed on code(exec()) family function calls. Socat()
1358   internally handles 
1359   this flag for the fds it controls, so in most cases there will be no need to
1360   apply this option. 
1361label(OPTION_SETLK_WR)dit(bf(tt(setlk)))
1362   Tries to set a discretionary write lock to the whole file using the code(fcntl(fd,
1363   F_SETLK, ...)) system call. If the file is already locked, this call results
1364   in an error. 
1365   On Linux, when the file permissions for group are "S" (g-x,g+s), and the
1366   file system is locally mounted with the "mand" option, the lock is
1367   mandatory, i.e. prevents other processes from opening the file.
1368label(OPTION_SETLKW_WR)dit(bf(tt(setlkw)))
1369   Tries to set a discretionary waiting write lock to the whole file using the
1370   code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already locked,
1371   this call blocks. 
1372   See option link(setlk)(OPTION_SETLK_WR) for information about making this
1373   lock mandatory. 
1374label(OPTION_SETLK_RD)dit(bf(tt(setlk-rd)))
1375   Tries to set a discretionary read lock to the whole file using the code(fcntl(fd,
1376   F_SETLK, ...)) system call. If the file is already write locked, this call
1377   results in an error. 
1378   See option link(setlk)(OPTION_SETLK_WR) for information about making this
1379   lock mandatory. 
1380label(OPTION_SETLKW_RD)dit(bf(tt(setlkw-rd)))
1381   Tries to set a discretionary waiting read lock to the whole file using the
1382   code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already write
1383   locked, this call blocks. 
1384   See option link(setlk)(OPTION_SETLK_WR) for information about making this
1385   lock mandatory. 
1386label(OPTION_FLOCK_EX)dit(bf(tt(flock-ex)))
1387   Tries to set a blocking exclusive advisory lock to the file using the
1388   code(flock(fd, LOCK_EX)) system call. Socat() hangs in this call if the file
1389   is locked by another process.
1390label(OPTION_FLOCK_EX_NB)dit(bf(tt(flock-ex-nb)))
1391   Tries to set a nonblocking exclusive advisory lock to the file using the
1392   code(flock(fd, LOCK_EX|LOCK_NB)) system call. If the file is already locked,
1393   this option results in an error.
1394label(OPTION_FLOCK_SH)dit(bf(tt(flock-sh)))
1395   Tries to set a blocking shared advisory lock to the file using the
1396   code(flock(fd, LOCK_SH)) system call. Socat() hangs in this call if the file
1397   is locked by another process.
1398label(OPTION_FLOCK_SH_NB)dit(bf(tt(flock-sh-nb)))
1399   Tries to set a nonblocking shared advisory lock to the file using the
1400   code(flock(fd, LOCK_SH|LOCK_NB)) system call. If the file is already locked,
1401   this option results in an error.
1402label(OPTION_LOCK)dit(bf(tt(lock)))
1403   Sets a blocking lock on the file. Uses the setlk or flock mechanism
1404   depending on availability on the particular platform. If both are available,
1405   the POSIX variant (setlkw) is used.
1406label(OPTION_USER)dit(bf(tt(user=<user>)))
1407   Sets the link(<user>)(TYPE_USER) (owner) of the stream.
1408   If the address is member of the NAMED option group,
1409   socat() uses the code(chown()) system call after opening the
1410   file or binding to the unixdomain() socket (race condition!).
1411   Without filesystem entry, socat() sets the user of the stream 
1412   using the code(fchown()) system call.
1413   These calls might require root privilege. 
1414label(OPTION_USER_LATE)dit(bf(tt(user-late=<user>)))
1415   Sets the owner of the fd to link(<user>)(TYPE_USER) with the code(fchown())
1416   system call after opening 
1417   or connecting the channel.
1418   This is useful only on file system entries.
1419label(OPTION_GROUP)dit(bf(tt(group=<group>)))
1420   Sets the link(<group>)(TYPE_GROUP) of the stream.
1421   If the address is member of the NAMED option group,
1422   socat() uses the code(chown()) system call after opening the
1423   file or binding to the unixdomain() socket (race condition!).
1424   Without filesystem entry, socat() sets the group of the stream 
1425   with the code(fchown()) system call. 
1426   These calls might require group membership or root privilege. 
1427label(OPTION_GROUP_LATE)dit(bf(tt(group-late=<group>)))
1428   Sets the group of the fd to link(<group>)(TYPE_GROUP) with the
1429   code(fchown()) system call after opening 
1430   or connecting the channel.
1431   This is useful only on file system entries. 
1432label(OPTION_MODE)dit(bf(tt(mode=<mode>)))
1433   Sets the <mode> [link(mode_t)(TYPE_MODE_T)] (permissions) of the stream.
1434   If the address is member of the NAMED option group and
1435   uses the code(open()) or code(creat()) call, the mode is applied with these.
1436   If the address is member of the NAMED option group without using these
1437   system calls, socat() uses the code(chmod()) system call after opening the
1438   filesystem entry or binding to the unixdomain() socket (race condition!).
1439   Otherwise, socat() sets the mode of the stream
1440   using code(fchmod()). 
1441   These calls might require ownership or root privilege.
1442label(OPTION_PERM_LATE)dit(bf(tt(perm-late=<mode>)))
1443   Sets the permissions of the fd to value <mode>
1444   [link(mode_t)(TYPE_MODE_T)] using the code(fchmod()) system call after
1445   opening or connecting the channel.
1446   This is useful only on file system entries. 
1447label(OPTION_APPEND)dit(bf(tt(append=<bool>)))
1448   Always writes data to the actual end of file.
1449   If the address is member of the OPEN option group, 
1450   socat() uses the code(O_APPEND) flag with the code(open()) system call
1451   (link(example)(EXAMPLE_OPTION_APPEND)).
1452   Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_APPEND)) call.
1453label(OPTION_NONBLOCK)dit(bf(tt(nonblock=<bool>)))
1454   Tries to open or use file in nonblocking mode. Its only effects are that the
1455   code(connect()) call of TCP addresses does not block, and that opening a
1456   named pipe for reading does not block.
1457   If the address is member of the OPEN option group,
1458   socat() uses the code(O_NONBLOCK) flag with the code(open()) system call.
1459   Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_NONBLOCK)) call.
1460COMMENT(label(OPTION_NDELAY)dit(bf(tt(ndelay=<bool>)))
1461   Tries to open or use file in nonblocking mode. Has no effect because socat()
1462   works with code(select()).) 
1463COMMENT(label(OPTION_ASYNC)dit(bf(tt(async=<bool>)))
1464   Enables SIGIO for this fd. Has no effect, because socat() ignores SIGIO.)
1465label(OPTION_O_BINARY)dit(bf(tt(binary)))
1466   Opens the file in binary mode to avoid implicit line terminator
1467   conversions (Cygwin).
1468label(OPTION_O_TEXT)dit(bf(tt(text)))
1469   Opens the file in text mode to force implicit line terminator conversions
1470   (Cygwin).
1471label(OPTION_O_NOINHERIT)dit(bf(tt(noinherit)))
1472   Does not keep this file open in a spawned process (Cygwin).
1473label(OPTION_COOL_WRITE)dit(bf(tt(cool-write)))
1474   Takes it easy when write fails with EPIPE or ECONNRESET and logs the message
1475   with em(notice) level instead of em(error).
1476   This prevents the log file from being filled with useless error messages
1477   when socat is used as a high volume server or proxy where clients often
1478   abort the connection.nl()
1479   This option is experimental.
1480label(OPTION_END_CLOSE)dit(bf(tt(end-close)))
1481   Changes the (address dependent) method of ending a connection to just close
1482   the file descriptors. This is useful when the connection is to be reused by
1483   or shared with other processes (link(example)(EXAMPLE_END_CLOSE)).nl()
1484   Normally, socket connections will be ended with tt(shutdown(2)) which
1485   terminates the socket even if it is shared by multiple processes. 
1486   tt(close(2)) "unlinks" the socket from the process but keeps it active as
1487   long as there are still links from other processes.nl()
1488   Similarly, when an address of type EXEC or SYSTEM is ended, socat usually
1489   will explicitely kill the sub process. With this option, it will just close
1490   the file descriptors.
1491label(OPTION_SHUT_NONE)dit(bf(tt(shut-none)))
1492   Changes the (address dependent) method of shutting down the write part of a
1493   connection to not do anything.
1494label(OPTION_SHUT_DOWN)dit(bf(tt(shut-down)))
1495   Changes the (address dependent) method of shutting down the write part of a
1496   connection to tt(shutdown\(fd, SHUT_WR)). Is only useful with sockets.
1497label(OPTION_SHUT_CLOSE)dit(bf(tt(shut-close)))
1498   Changes the (address dependent) method of shutting down the write part of a
1499   connection to tt(close\(fd)).
1500label(OPTION_SHUT_NULL)dit(bf(tt(shut-null)))
1501   When one address indicates EOF, socat() will send a zero sized packet to the
1502   write channel of the other address to transfer the EOF condition. This is
1503   useful with UDP and other datagram protocols. Has been tested against
1504   netcat and socat with option link(null-eof)(OPTION_NULL_EOF).
1505label(OPTION_NULL_EOF)dit(bf(tt(null-eof)))
1506   Normally socat() will ignore empty (zero size payload) packets arriving on
1507   datagram sockets, so it survives port scans. With this option socat()
1508   interprets empty datagram packets as EOF indicator (see
1509   link(shut-null)(OPTION_SHUT_NULL)).
1510label(OPTION_IOCTL_VOID)dit(bf(tt(ioctl-void=<request>)))
1511   Calls tt(ioctl()) with the request value as second argument and NULL as
1512   third argument. This option allows to utilize ioctls that are not
1513   explicitely implemented in socat.
1514label(OPTION_IOCTL_INT)dit(bf(tt(ioctl-int=<request>:<value>)))
1515   Calls tt(ioctl()) with the request value as second argument and the integer
1516   value as third argument.
1517label(OPTION_IOCTL_INTP)dit(bf(tt(ioctl-intp=<request>:<value>)))
1518   Calls tt(ioctl()) with the request value as second argument and a pointer to
1519   the integer value as third argument.
1520label(OPTION_IOCTL_BIN)dit(bf(tt(ioctl-bin=<request>:<value>)))
1521   Calls tt(ioctl()) with the request value as second argument and a pointer to
1522   the given data value as third argument. This data must be specified in
1523   link(<dalan>)(TYPE_DATA) form.
1524label(OPTION_IOCTL_STRING)dit(bf(tt(ioctl-string=<request>:<value>)))
1525   Calls tt(ioctl()) with the request value as second argument and a pointer to
1526   the given string as third argument.
1527   link(<dalan>)(TYPE_DATA) form.
1528enddit()
1529
1530startdit()enddit()nl()
1531
1532
1533label(GROUP_NAMED)em(bf(NAMED option group))
1534
1535These options work on file system entries.nl()
1536See also options link(user)(OPTION_USER), link(group)(OPTION_GROUP), and
1537link(mode)(OPTION_MODE).
1538
1539startdit()
1540label(OPTION_USER_EARLY)dit(bf(tt(user-early=<user>)))
1541   Changes the link(<user>)(TYPE_USER) (owner) of the file system entry before
1542   accessing it, using the 
1543   code(chown()) system call. This call might require root privilege.
1544label(OPTION_GROUP_EARLY)dit(bf(tt(group-early=<group>)))
1545   Changes the link(<group>)(TYPE_GROUP) of the file system entry before
1546   accessing it, using the 
1547   code(chown()) system call. This call might require group membership or root
1548   privilege. 
1549label(OPTION_PERM_EARLY)dit(bf(tt(perm-early=<mode>)))
1550   Changes the <mode> [link(mode_t)(TYPE_MODE_T)] of the file system entry
1551   before accessing it, using the 
1552   code(chmod()) system call. This call might require ownership or root
1553   privilege. 
1554label(OPTION_UMASK)dit(bf(tt(umask=<mode>)))
1555   Sets the umask of the process to <mode> [link(mode_t)(TYPE_MODE_T)] before
1556   accessing the file system entry (useful 
1557   with unixdomain() sockets!). This call might affect all further operations
1558   of the socat() process!  
1559label(OPTION_UNLINK_EARLY)dit(bf(tt(unlink-early)))
1560   Unlinks (removes) the file before opening it and even before applying
1561   user-early etc. 
1562label(OPTION_UNLINK)dit(bf(tt(unlink)))
1563   Unlinks (removes) the file before accessing it, but after user-early etc.
1564label(OPTION_UNLINK_LATE)dit(bf(tt(unlink-late)))
1565   Unlinks (removes) the file after opening it to make it inaccessible for
1566   other processes after a short race condition. 
1567label(OPTION_UNLINK_CLOSE)dit(bf(tt(unlink-close)))
1568   Removes the addresses file system entry when closing the address.
1569   For link(named pipes)(ADDRESS_NAMED_PIPE),
1570   link(listening unix domain sockets)(ADDRESS_UNIX_LISTEN),
1571   and the link(symbolic links)(OPTION_SYMBOLIC_LINK) of link(pty addresses)(ADDRESS_PTY),
1572   the default is 1; for link(created files)(ADDRESS_CREAT),
1573   link(opened files)(ADDRESS_OPEN),
1574   link(generic opened files)(ADDRESS_GOPEN), and
1575   link(client unix domain sockets)(ADDRESS_UNIX_CONNECT) the default is 0.
1576enddit()
1577
1578startdit()enddit()nl()
1579
1580
1581label(GROUP_OPEN)em(bf(OPEN option group))
1582
1583The OPEN group options allow to set flags with the code(open()) system call. 
1584E.g., option `creat' sets the code(O_CREAT) flag.nl()
1585See also options link(append)(OPTION_APPEND) and
1586link(nonblock)(OPTION_NONBLOCK).
1587startdit()
1588label(OPTION_O_CREAT)dit(bf(tt(creat=<bool>)))
1589   Creates the file if it does not exist (link(example)(EXAMPLE_OPTION_CREAT)).
1590label(OPTION_DSYNC)dit(bf(tt(dsync=<bool>)))
1591   Blocks code(write()) calls until metainfo is physically written to media.
1592label(OPTION_EXCL)dit(bf(tt(excl=<bool>)))
1593   With option creat, if file exists this is an error.
1594label(OPTION_LARGEFILE)dit(bf(tt(largefile=<bool>)))
1595   On 32 bit systems, allows a file larger than 2^31 bytes.
1596label(OPTION_O_NOATIME)dit(bf(tt(noatime)))
1597   Sets the O_NOATIME options, so reads do not change the access timestamp.
1598label(OPTION_NOCTTY)dit(bf(tt(noctty=<bool>)))
1599   Does not make this file the controlling terminal.
1600label(OPTION_NOFOLLOW)dit(bf(tt(nofollow=<bool>)))
1601   Does not follow symbolic links.
1602label(OPTION_NSHARE)dit(bf(tt(nshare=<bool>)))
1603   Does not allow to share this file with other processes.
1604label(OPTION_RSHARE)dit(bf(tt(rshare=<bool>)))
1605   Does not allow other processes to open this file for writing.
1606label(OPTION_RSYNC)dit(bf(tt(rsync=<bool>)))
1607   Blocks code(write()) until metainfo is physically written to media.
1608label(OPTION_SYNC)dit(bf(tt(sync=<bool>)))
1609   Blocks code(write()) until data is physically written to media.
1610COMMENT(label(OPTION_DEFER)dit(bf(tt(defer=<bool>)))
1611   Temporarily stores write data in paging space.)
1612COMMENT(label(OPTION_DELAY)dit(bf(tt(delay=<bool>)))
1613   Blocks code(open()) until share conditions are fulfilled.)
1614COMMENT(label(OPTION_DIRECT)dit(bf(tt(direct=<bool>))))	
1615COMMENT(label(OPTION_DIRECTORY)dit(bf(tt(directory=<bool>)))
1616   Fails if file is not a directory. Not useful with socat().)
1617label(OPTION_RDONLY)dit(bf(tt(rdonly=<bool>)))
1618   Opens the file for reading only.
1619COMMENT(label(OPTION_RDWR)dit(bf(tt(rdwr=<bool>)))
1620   Opens the file for reading and writing.)
1621label(OPTION_WRONLY)dit(bf(tt(wronly=<bool>)))
1622   Opens the file for writing only.
1623label(OPTION_O_TRUNC)dit(bf(tt(trunc)))
1624   Truncates the file to size 0 during opening it.
1625enddit()
1626
1627
1628startdit()enddit()nl()
1629
1630
1631label(GROUP_REG)em(bf(REG and BLK option group))
1632
1633These options are usually applied to a unix() file descriptor, but their
1634semantics make sense only on a file supporting random access.
1635startdit()
1636label(OPTION_SEEK)dit(bf(tt(seek=<offset>)))
1637   Applies the code(lseek(fd, <offset>, SEEK_SET)) (or code(lseek64)) system
1638   call, thus positioning the file pointer absolutely to <offset>
1639   [link(off_t)(TYPE_OFF) or link(off64_t)(TYPE_OFF64)]. Please note that a
1640   missing value defaults to 1, not 0.
1641label(OPTION_SEEK_CUR)dit(bf(tt(seek-cur=<offset>)))
1642   Applies the code(lseek(fd, <offset>, SEEK_CUR)) (or code(lseek64)) system
1643   call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or
1644   link(off64_t)(TYPE_OFF64)] bytes relatively to its current position (which
1645   is usually 0). Please note that a missing value defaults to 1, not 0.
1646label(OPTION_SEEK_END)dit(bf(tt(seek-end=<offset>)))
1647   Applies the code(lseek(fd, <offset>, SEEK_END)) (or code(lseek64)) system
1648   call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or
1649   link(off64_t)(TYPE_OFF64)] bytes relatively to the files current end. Please
1650   note that a missing value defaults to 1, not 0.  
1651label(OPTION_FTRUNCATE)dit(bf(tt(ftruncate=<offset>)))
1652   Applies the code(ftruncate(fd, <offset>))
1653   (or code(ftruncate64) if available) system call, thus
1654   truncating the file at the position <offset> [link(off_t)(TYPE_OFF) or 
1655   link(off64_t)(TYPE_OFF64)]. Please note that a missing value defaults to 1,
1656   not 0.
1657
1658label(OPTION_EXT2_SECRM_FL)dit(bf(tt(secrm=<bool>)))
1659label(OPTION_EXT2_UNRM)dit(bf(tt(unrm=<bool>)))
1660label(OPTION_EXT2_COMPR)dit(bf(tt(compr=<bool>)))
1661label(OPTION_EXT2_SYNC)dit(bf(tt(ext2-sync=<bool>)))
1662label(OPTION_EXT2_IMMUTABLE)dit(bf(tt(immutable=<bool>)))
1663label(OPTION_EXT2_APPEND)dit(bf(tt(ext2-append=<bool>)))
1664label(OPTION_EXT2_NODUMP)dit(bf(tt(nodump=<bool>)))
1665label(OPTION_EXT2_NOATIME)dit(bf(tt(ext2-noatime=<bool>)))
1666label(OPTION_EXT2_JOURNAL_DATA)dit(bf(tt(journal-data=<bool>)))
1667label(OPTION_EXT2_NOTAIL)dit(bf(tt(notail=<bool>)))
1668label(OPTION_EXT2_DIRSYNC)dit(bf(tt(dirsync=<bool>)))
1669   These options change non standard file attributes on operating systems and
1670   file systems that support these features, like Linux with ext2fs,
1671   ext3fs, or reiserfs. See man 1 chattr for information on these options.
1672   Please note that there might be a race condition between creating the file
1673   and applying these options.
1674enddit()
1675
1676startdit()enddit()nl()
1677
1678
1679label(GROUP_PROCESS)em(bf(PROCESS option group))
1680
1681Options of this group change the process properties instead of just affecting
1682one data channel.
1683For EXEC and SYSTEM addresses and for LISTEN and CONNECT type addresses with
1684option FORK, 
1685these options apply to the child processes instead of the main socat process.
1686startdit()
1687label(OPTION_CHROOT)dit(bf(tt(chroot=<directory>)))
1688   Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY)
1689   after processing the address (link(example)(EXAMPLE_OPTION_CHROOT)). This call might require root privilege.
1690label(OPTION_CHROOT_EARLY)dit(bf(tt(chroot-early=<directory>)))
1691   Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY)
1692   before opening the address. This call might require root privilege.
1693label(OPTION_SETGID)dit(bf(tt(setgid=<group>)))
1694   Changes the primary link(<group>)(TYPE_GROUP) of the process after
1695   processing the address. This call might require root privilege. Please note
1696   that this option does not drop other group related privileges.
1697label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=<group>)))
1698   Like link(setgit)(OPTION_SETGID) but is performed before opening the address.
1699label(OPTION_SETUID)dit(bf(tt(setuid=<user>)))
1700   Changes the link(<user>)(TYPE_USER) (owner) of the process after processing
1701   the address. This call might require root privilege. Please note that this
1702   option does not drop group related privileges. Check if option
1703   link(su)(OPTION_SUBSTUSER) better fits your needs.
1704label(OPTION_SETUID_EARLY)dit(bf(tt(setuid-early=<user>)))
1705   Like link(setuid)(OPTION_SETUID) but is performed before opening the
1706   address.
1707label(OPTION_SUBSTUSER)dit(bf(tt(su=<user>)))
1708   Changes the link(<user>)(TYPE_USER) (owner) and groups of the process after
1709   processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER)). This call might require root privilege. 
1710label(OPTION_SUBSTUSER_DELAYED)dit(bf(tt(su-d=<user>)))
1711   Short name for tt(substuser-delayed).
1712   COMMENT(Short name for bf(tt(substuser-delayed) ).)
1713   Changes the link(<user>)(TYPE_USER)
1714   (owner) and groups of the process after processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER_DELAYED)).
1715   The user and his groups are retrieved em(before) a possible
1716   code(chroot()). This call might require root privilege. 
1717label(OPTION_SETPGID)dit(bf(tt(setpgid=<pid_t>)))
1718   Makes the process a member of the specified process group
1719   link(<pid_t>)(TYPE_PID_T). If no value 
1720   is given, or if the value is 0 or 1, the process becomes leader of a new
1721   process group. 
1722label(OPTION_SETSID)dit(bf(tt(setsid)))
1723   Makes the process the leader of a new session (link(example)(EXAMPLE_OPTION_SETSID)).
1724enddit()
1725
1726startdit()enddit()nl()
1727
1728
1729label(GROUP_READLINE)em(bf(READLINE option group))
1730
1731These options apply to the readline address type.
1732startdit()
1733label(OPTION_HISTORY)dit(bf(tt(history=<filename>)))
1734   Reads and writes history from/to link(<filename>)(TYPE_FILENAME) (link(example)(EXAMPLE_OPTION_HISTORY)).
1735label(OPTION_NOPROMPT)dit(bf(tt(noprompt)))
1736   Since version 1.4.0, socat per default tries to determine a prompt - 
1737   that is then passed to the readline call - by remembering the last
1738   incomplete line of the output. With this option, socat does not pass a
1739   prompt to readline, so it begins line editing in the first column
1740   of the terminal. 
1741label(OPTION_NOECHO)dit(bf(tt(noecho=<pattern>)))
1742   Specifies a regular pattern for a prompt that prevents the following input
1743   line from being displayed on the screen and from being added to the history.
1744   The prompt is defined as the text that was output to the readline address 
1745   after the lastest newline character and before an input character was
1746   typed. The pattern is a regular expression, e.g.
1747   "^[Pp]assword:.*$" or "([Uu]ser:|[Pp]assword:)". See regex\(7) for details.
1748   (link(example)(EXAMPLE_OPTION_NOECHO))
1749label(OPTION_PROMPT)dit(bf(tt(prompt=<string>)))
1750   Passes the string as prompt to the readline function. readline prints this
1751   prompt when stepping through the history. If this string matches a constant
1752   prompt issued by an interactive program on the other socat address,
1753   consistent look and feel can be archieved.
1754enddit()
1755
1756startdit()enddit()nl()
1757
1758
1759label(GROUP_APPLICATION)em(bf(APPLICATION option group))
1760
1761This group contains options that work at data level.
1762Note that these options only apply to the "raw" data transferred by socat,
1763but not to protocol data used by addresses like
1764link(PROXY)(ADDRESS_PROXY_CONNECT).
1765startdit()
1766label(OPTION_CR)dit(bf(tt(cr)))
1767   Converts the default line termination character NL ('\n', 0x0a) to/from CR
1768   ('\r', 0x0d) when writing/reading on this channel. 
1769label(OPTION_CRNL)dit(bf(tt(crnl)))
1770   Converts the default line termination character NL ('\n', 0x0a) to/from CRNL
1771   ("\r\n", 0x0d0a) when writing/reading on this channel (link(example)(EXAMPLE_OPTION_CRNL)).
1772   Note: socat simply strips all CR characters.
1773label(OPTION_IGNOREEOF)dit(bf(tt(ignoreeof)))
1774   When EOF occurs on this channel, socat() ignores it and tries to read more
1775   data (like "tail -f") (link(example)(EXAMPLE_OPTION_IGNOREEOF)).
1776label(OPTION_READBYTES)dit(bf(tt(readbytes=<bytes>)))
1777   socat() reads only so many bytes from this address (the address provides
1778   only so many bytes for transfer and pretends to be at EOF afterwards).
1779   Must be greater than 0.
1780label(OPTION_LOCKFILE)dit(bf(tt(lockfile=<filename>)))
1781   If lockfile exists, exits with error. If lockfile does not exist, creates it
1782   and continues, unlinks lockfile on exit.
1783label(OPTION_WAITLOCK)dit(bf(tt(waitlock=<filename>)))
1784   If lockfile exists, waits until it disappears. When lockfile does not exist,
1785   creates it and continues, unlinks lockfile on exit.
1786label(OPTION_ESCAPE)dit(bf(tt(escape=<int>)))
1787   Specifies the numeric code of a character that triggers EOF on the input
1788   stream. It is useful with a terminal in raw mode
1789   (link(example)(EXAMPLE_OPTION_ESCAPE)).
1790enddit()
1791
1792startdit()enddit()nl()
1793
1794
1795label(GROUP_SOCKET)em(bf(SOCKET option group))
1796
1797These options are intended for all kinds of sockets, e.g. IP or unixdomain(). Most are applied with a code(setsockopt()) call.
1798startdit()
1799label(OPTION_BIND)dit(bf(tt(bind=<sockname>)))
1800   Binds the socket to the given socket address using the code(bind()) system
1801   call. The form of <sockname> is socket domain dependent:
1802   IP4 and IP6 allow the form [hostname|hostaddress][:(service|port)] (link(example)(EXAMPLE_OPTION_BIND_TCP4)),
1803   unixdomain() sockets require link(<filename>)(TYPE_FILENAME).
1804label(OPTION_CONNECT_TIMEOUT)dit(bf(tt(connect-timeout=<seconds>)))
1805   Abort the connection attempt after <seconds> [link(timeval)(TYPE_TIMEVAL)]
1806   with error status.
1807label(OPTION_SO_BINDTODEVICE)dit(bf(tt(so-bindtodevice=<interface>)))
1808   Binds the socket to the given link(<interface>)(TYPE_INTERFACE).
1809   This option might require root privilege.
1810label(OPTION_SO_BROADCAST)dit(bf(tt(broadcast)))
1811   For datagram sockets, allows sending to broadcast addresses and receiving
1812   packets addressed to broadcast addresses. 
1813COMMENT(label(OPTION_BSDCOMPAT)dit(bf(tt(bsdcompat)))
1814   Emulates some (old?) bugs of the BSD socket implementation.)
1815label(OPTION_DEBUG)dit(bf(tt(debug)))
1816   Enables socket debugging.
1817label(OPTION_DONTROUTE)dit(bf(tt(dontroute)))
1818   Only communicates with directly connected peers, does not use routers.
1819label(OPTION_KEEPALIVE)dit(bf(tt(keepalive)))
1820   Enables sending keepalives on the socket.
1821label(OPTION_LINGER)dit(bf(tt(linger=<seconds>)))
1822   Blocks code(shutdown()) or code(close()) until data transfers have finished
1823   or the given timeout [link(int)(TYPE_INT)] expired. 
1824COMMENT(label(OPTION_NOREUSEADDR)dit(bf(tt(noreuseaddr)))
1825   Set the code(SO_NOREUSEADDR) socket option.)
1826label(OPTION_OOBINLINE)dit(bf(tt(oobinline)))
1827   Places out-of-band data in the input data stream.
1828label(OPTION_PRIORITY)dit(bf(tt(priority=<priority>)))
1829   Sets the protocol defined <priority> [link(<int>)(TYPE_INT)] for outgoing
1830   packets. 
1831label(OPTION_RCVBUF)dit(bf(tt(rcvbuf=<bytes>)))
1832   Sets the size of the receive buffer after the code(socket()) call to
1833   <bytes> [link(int)(TYPE_INT)].  With TCP
1834   sockets, this value corresponds to the socket's maximal window size.
1835label(OPTION_RCVBUF_LATE)dit(bf(tt(rcvbuf-late=<bytes>)))
1836   Sets the size of the receive buffer when the socket is already
1837   connected to <bytes> [link(int)(TYPE_INT)]. 
1838   With TCP sockets, this value corresponds to the socket's 
1839   maximal window size. 
1840label(OPTION_RCVLOWAT)dit(bf(tt(rcvlowat=<bytes>)))
1841   Specifies the minimum number of received bytes [link(int)(TYPE_INT)] until
1842   the socket layer will pass the buffered data to socat(). 
1843label(OPTION_RCVTIMEO)dit(bf(tt(rcvtimeo=<seconds>)))
1844   Sets the receive timeout [link(timeval)(TYPE_TIMEVAL)]. 
1845label(OPTION_REUSEADDR)dit(bf(tt(reuseaddr)))
1846   Allows other sockets to bind to an address even if parts of it (e.g. the
1847   local port) are already in use by socat() (link(example)(EXAMPLE_OPTION_REUSEADDR)). 
1848label(OPTION_SNDBUF)dit(bf(tt(sndbuf=<bytes>)))
1849   Sets the size of the send buffer after the code(socket()) call to
1850   <bytes> [link(int)(TYPE_INT)].
1851label(OPTION_SNDBUF_LATE)dit(bf(tt(sndbuf-late=<bytes>)))
1852   Sets the size of the send buffer when the socket is connected to
1853   <bytes> [link(int)(TYPE_INT)].
1854label(OPTION_SNDLOWAT)dit(bf(tt(sndlowat=<bytes>)))
1855   Specifies the minimum number of bytes in the send buffer until the socket
1856   layer will send the data to <bytes> [link(int)(TYPE_INT)].
1857label(OPTION_SNDTIMEO)dit(bf(tt(sndtimeo=<seconds>)))
1858   Sets the send timeout to seconds [link(timeval)(TYPE_TIMEVAL)].
1859label(OPTION_PROTOCOL_FAMILY)dit(bf(tt(pf=<string>)))
1860   Forces the use of the specified IP version or protocol. <string> can be
1861   something like "ip4" or "ip6". The resulting value is
1862   used as first argument to the code(socket()) or code(socketpair()) calls.
1863   This option affects address resolution and the required syntax of bind and
1864   range options.
1865label(OPTION_SO_TYPE)dit(bf(tt(type=<type>)))
1866   Sets the type of the socket, specified as second argument to the
1867   code(socket()) or code(socketpair()) calls, to <type>
1868   [link(int)(TYPE_INT)]. Address resolution is not affected by this option.
1869   Under Linux, 1 means stream oriented socket, 2 means datagram socket, and 3
1870   means raw socket.
1871label(OPTION_SO_PROTOTYPE)dit(bf(tt(prototype)))
1872   Sets the protocol of the socket, specified as third argument to the
1873   code(socket()) or code(socketpair()) calls, to <prototype>
1874   [link(int)(TYPE_INT)]. Address resolution is not affected by this option.
1875   6 means TCP, 17 means UDP.
1876COMMENT(label(OPTION_USELOOPBACK)dit(bf(tt(useloopback)))
1877   Sets the code(SO_USELOOPBACK) socket option.)
1878COMMENT(label(OPTION_ACCEPTCONN)dit(bf(tt(acceptconn)))
1879   Tries to set the code(SO_ACCEPTCONN) socket option.)
1880COMMENT(label(OPTION_ATTACHFILTER)dit(bf(tt(attachfilter)))
1881   Tries to set the code(SO_ATTACH_FILTER) socket option.)
1882COMMENT(label(OPTION_AUDIT)dit(bf(tt(audit)))
1883   Sets the code(SO_AUDIT) socket option.)
1884COMMENT(label(OPTION_CHSUMRECV)dit(bf(tt(cksumrecv)))
1885   Sets the code(SO_CKSUMRECV) socket option.)
1886COMMENT(label(OPTION_DETACHFILTER)dit(bf(tt(detachfilter)))
1887   Tries to set the code(SO_DETACH_FILTER) socket option.)
1888COMMENT(label(OPTION_DGRAMERRIND)dit(bf(tt(dgramerrind)))
1889   Sets the code(SO_DGRAM_ERRIND) socket option.)
1890COMMENT(label(OPTION_DONTLINGER)dit(bf(tt(dontlinger)))
1891   Sets the code(SO_DONTLINGER) socket option.)
1892COMMENT(label(OPTION_ERROR)dit(bf(tt(error)))
1893   Tries to set this read only socket option.)
1894COMMENT(label(OPTION_FIOSETOWN)dit(bf(tt(fiosetown=<pid_t>)))
1895   Sets the receiver of SIGIO.)
1896COMMENT(label(OPTION_KERNACCEPT)dit(bf(tt(kernaccept)))
1897   Sets the code(SO_KERNACCEPT) socket option.)
1898COMMENT(label(OPTION_NOCHECK)dit(bf(tt(nocheck)))
1899   Sets the code(SO_NO_CHECK) socket option. Undocumented...)
1900COMMENT(label(OPTION_PASSCRED)dit(bf(tt(passcred)))
1901   Set the code(SO_PASSCRED) socket option.)
1902COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred)))
1903   This is a read-only socket option.)
1904COMMENT(label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
1905   Set the code(SO_REUSEPORT) socket option.)
1906COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication)))
1907   Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
1908COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
1909   Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
1910COMMENT(label(OPTION_SECURITYENCRYPTIONTRANSPORT)dit(bf(tt(securityencryptiontransport)))
1911   Set the code(SO_SECURITY_ENCRYPTION_TRANSPORT) socket option.)
1912COMMENT(label(OPTION_SIOCSPGRP)dit(bf(tt(siocspgrp=<pid_t>)))
1913   Set the SIOCSPGRP with code(ioclt()) to enable SIGIO.)
1914COMMENT(label(OPTION_USEIFBUFS)dit(bf(tt(useifbufs)))
1915   Set the code(SO_USE_IFBUFS) socket option.)
1916label(OPTION_SO_TIMESTAMP)dit(bf(tt(so-timestamp)))
1917   Sets the SO_TIMESTAMP socket option. This enables receiving and logging of
1918   timestamp ancillary messages.
1919label(OPTION_SETSOCKOPT_INT)dit(bf(tt(setsockopt-int=<level>:<optname>:<optval>)))
1920   Invokes tt(setsockopt()) for the socket with the given parameters. tt(level)
1921   [link(int)(TYPE_INT)] is used as second argument to tt(setsockopt()) and
1922   specifies the layer, e.g. SOL_TCP for TCP (6 on Linux), or SOL_SOCKET for
1923   the socket layer (1 on Linux). tt(optname) [link(int)(TYPE_INT)] is the
1924   third argument to tt(setsockopt()) and tells which socket option is to be
1925   set. For the actual numbers you might have to look up the appropriate include
1926   files of your system. The 4th tt(setsockopt()) parameter, tt(value)
1927   [link(int)(TYPE_INT)], is passed to the function per pointer, and for the
1928   length parameter sizeof\(int) is taken implicitely.
1929label(OPTION_SETSOCKOPT_BIN)dit(bf(tt(setsockopt-bin=<level>:<optname>:<optval>)))
1930   Like tt(setsockopt-int), but <optval> must be provided in
1931   link(dalan)(TYPE_DATA) format and specifies an arbitrary sequence of bytes;
1932   the length parameter is automatically derived from the data.
1933label(OPTION_SETSOCKOPT_STRING)dit(bf(tt(setsockopt-string=<level>:<optname>:<optval>)))
1934   Like tt(setsockopt-int), but <optval> must be a link(string)(TYPE_STRING).
1935   This string is passed to the function with trailing null character, and the
1936   length parameter is automatically derived from the data.
1937enddit()
1938
1939startdit()enddit()nl()
1940
1941
1942label(GROUP_SOCK_UNIX)em(bf(UNIX option group))
1943
1944These options apply to UNIX domain based addresses.
1945startdit()
1946label(OPTION_UNIX_TIGHTSOCKLEN)dit(bf(tt(unix-tightsocklen=[0|1])))
1947   On socket operations, pass a socket address length that does not include the
1948   whole code(struct sockaddr_un) record but (besides other components) only
1949   the relevant part of the filename or abstract string. Default is 1.
1950enddit()
1951
1952label(GROUP_IP4)
1953label(GROUP_IP)em(bf(IP4 and IP6 option groups))
1954
1955These options can be used with IPv4 and IPv6 based sockets.
1956startdit()
1957label(OPTION_TOS)dit(bf(tt(tos=<tos>)))
1958   Sets the TOS (type of service) field of outgoing packets to <tos>
1959   [link(byte)(TYPE_BYTE)] (see RFC 791).
1960label(OPTION_TTL)dit(bf(tt(ttl=<ttl>)))
1961   Sets the TTL (time to live) field of outgoing packets to <ttl>
1962   [link(byte)(TYPE_BYTE)].
1963label(OPTION_IPOPTIONS)dit(bf(tt(ip-options=<data>)))
1964   Sets IP options like source routing. Must be given in binary form,
1965   recommended format is a leading "x" followed by an even number of hex
1966   digits. This option may be used multiple times, data are appended.
1967   E.g., to connect to host 10.0.0.1 via some gateway using a loose source
1968   route, use the gateway as address parameter and set a loose source route
1969   using the option code(ip-options=x8307040a000001).nl()
1970   IP options are defined in RFC 791. COMMENT(, RFC 2113)nl()
1971COMMENT(   x00 end of option list
1972   x01 no operation (nop)
1973   x0211 security
1974   x03 loose source route
1975   x09 strict source route
1976   x07 record route
1977   x0804 stream ID
1978   x44 internet timestamp)
1979label(OPTION_MTUDISCOVER)dit(bf(tt(mtudiscover=<0|1|2>)))
1980   Takes 0, 1, 2 to never, want, or always use path MTU discover on this
1981   socket. 
1982COMMENT(label(OPTION_HRDINCL)dit(bf(tt(ip-hdrincl)))
1983   Tell the raw socket that the application data includes the IP header.)
1984COMMENT(label(OPTION_IP_MULTICAST_LOOP)dit(bf(tt(ip-multicastloop)))
1985   Allow looping back outgoing multicast to the local interface.)
1986COMMENT(label(OPTION_IP_MULTICAST_TTL)dit(bf(tt(ip-multicastttl)))
1987   Set the TTL for outgoing multicast packets.)
1988label(OPTION_IP_PKTINFO)dit(bf(tt(ip-pktinfo)))
1989   Sets the IP_PKTINFO socket option. This enables receiving and logging of
1990   ancillary messages containing destination address and interface (Linux)
1991   (link(example)(EXAMPLE_ANCILLARY)). 
1992COMMENT(label(OPTION_PKTOPTS)dit(bf(tt(ip-pktopts)))
1993   Set the IP_PKTOPTIONS socket option.)
1994label(OPTION_IP_RECVERR)dit(bf(tt(ip-recverr)))
1995   Sets the IP_RECVERR socket option. This enables receiving and logging of
1996   ancillary messages containing detailled error information.
1997label(OPTION_IP_RECVOPTS)dit(bf(tt(ip-recvopts)))
1998   Sets the IP_RECVOPTS socket option. This enables receiving and logging of IP
1999   options ancillary messages (Linux, *BSD).
2000label(OPTION_IP_RECVTOS)dit(bf(tt(ip-recvtos)))
2001   Sets the IP_RECVTOS socket option. This enables receiving and logging of TOS
2002   (type of service) ancillary messages (Linux).
2003label(OPTION_IP_RECVTTL)dit(bf(tt(ip-recvttl)))
2004   Sets the IP_RECVTTL socket option. This enables receiving and logging of TTL
2005   (time to live) ancillary messages (Linux, *BSD).
2006COMMENT(label(OPTION_RETOPTS)dit(bf(tt(ip-retopts)))
2007   Set the IP_RETOPTS socket option.)
2008label(OPTION_IP_RECVDSTADDR)dit(bf(tt(ip-recvdstaddr)))
2009   Sets the IP_RECVDSTADDR socket option. This enables receiving and logging of
2010   ancillary messages containing destination address (*BSD)
2011   (link(example)(EXAMPLE_ANCILLARY)).
2012label(OPTION_IP_RECVIF)dit(bf(tt(ip-recvif)))
2013   Sets the IP_RECVIF socket option. This enables receiving and logging of
2014   interface ancillary messages (*BSD) (link(example)(EXAMPLE_ANCILLARY)).
2015COMMENT(label(OPTION_ROUTERALERT)dit(bf(tt(routeralert)))
2016   Set the IP_ROUTER_ALERT socket option.)
2017label(OPTION_IP_ADD_MEMBERSHIP)
2018dit(bf(tt(ip-add-membership=<multicast-address:interface-address>)))
2019dit(bf(tt(ip-add-membership=<multicast-address:interface-name>)))
2020dit(bf(tt(ip-add-membership=<multicast-address:interface-index>)))
2021dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-name>)))
2022dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-index>)))
2023   Makes the socket member of the specified multicast group. This is currently
2024   only implemented for IPv4. The option takes the IP address of the multicast
2025   group and info about the desired network interface. The most common syntax
2026   is the first one, while the others are only available on systems that
2027   provide tt(struct mreqn) (Linux).nl()
2028   The indices of active network interfaces can be shown using the utility
2029   procan().
2030label(OPTION_IP_MULTICAST_IF)
2031dit(bf(tt(ip-multicast-if=<hostname>)))
2032   Specifies hostname or address of the network interface to be used for
2033   multicast traffic.
2034label(OPTION_IP_MULTICAST_LOOP)
2035dit(bf(tt(ip-multicast-loop=<bool>)))
2036   Specifies if outgoing multicast traffic should loop back to the interface.
2037label(OPTION_IP_MULTICAST_TTL)
2038dit(bf(tt(ip-multicast-ttl=<byte>)))
2039   Sets the TTL used for outgoing multicast traffic. Default is 1.
2040label(OPTION_RES_DEBUG)dit(bf(tt(res-debug)))
2041label(OPTION_RES_AAONLY)dit(bf(tt(res-aaonly)))
2042label(OPTION_RES_USEVC)dit(bf(tt(res-usevc)))
2043label(OPTION_RES_PRIMARY)dit(bf(tt(res-primary)))
2044label(OPTION_RES_IGNTC)dit(bf(tt(res-igntc)))
2045label(OPTION_RES_RECURSE)dit(bf(tt(res-recurse)))
2046label(OPTION_RES_DEFNAMES)dit(bf(tt(res-defnames)))
2047label(OPTION_RES_STAYOPEN)dit(bf(tt(res-stayopen)))
2048label(OPTION_RES_DNSRCH)dit(bf(tt(res-dnsrch)))
2049   These options set the corresponding resolver (name resolution) option flags.
2050   Append "=0" to clear a default option. See man resolver\(5) for more
2051   information on these options. Note: these options are valid only for the
2052   address they are applied to.
2053   
2054enddit()
2055
2056startdit()enddit()nl()
2057
2058
2059label(GROUP_IP6)em(bf(IP6 option group))
2060
2061These options can only be used on IPv6 based sockets. See link(IP
2062options)(GROUP_IP) for options that can be applied to both IPv4 and IPv6
2063sockets.
2064startdit()
2065label(OPTION_IPV6_V6ONLY)dit(bf(tt(ipv6only=<bool>)))
2066   Sets the IPV6_V6ONLY socket option. If 0, the TCP stack will also accept
2067   connections using IPv4 protocol on the same port. The default is system
2068   dependent.
2069label(OPTION_IPV6_RECVDSTOPTS)dit(bf(tt(ipv6-recvdstopts)))
2070   Sets the IPV6_RECVDSTOPTS socket option. This enables receiving and logging
2071   of ancillary messages containing the destination options.
2072label(OPTION_IPV6_RECVHOPLIMIT)dit(bf(tt(ipv6-recvhoplimit)))
2073   Sets the IPV6_RECVHOPLIMIT socket option. This enables receiving and logging
2074   of ancillary messages containing the hoplimit.
2075label(OPTION_IPV6_RECVHOPOPTS)dit(bf(tt(ipv6-recvhopopts)))
2076   Sets the IPV6_RECVHOPOPTS socket option. This enables receiving and logging
2077   of ancillary messages containing the hop options.
2078label(OPTION_IPV6_RECVPKTINFO)dit(bf(tt(ipv6-recvpktinfo)))
2079   Sets the IPV6_RECVPKTINFO socket option. This enables receiving and logging
2080   of ancillary messages containing destination address and interface.
2081label(OPTION_IPV6_UNICAST_HOPS)dit(bf(tt(ipv6-unicast-hops=link(TYPE_INT)(<int>))))
2082   Sets the IPV6_UNICAST_HOPS socket option. This sets the hop count limit
2083   (TTL) for outgoing unicast packets.
2084label(OPTION_IPV6_RECVRTHDR)dit(bf(tt(ipv6-recvrthdr)))
2085   Sets the IPV6_RECVRTHDR socket option. This enables receiving and logging
2086   of ancillary messages containing routing information.
2087label(OPTION_IPV6_TCLASS)dit(bf(tt(ipv6-tclass)))
2088   Sets the IPV6_TCLASS socket option. This sets the transfer class of outgoing
2089   packets.
2090label(OPTION_IPV6_RECVTCLASS)dit(bf(tt(ipv6-recvtclass)))
2091   Sets the IPV6_RECVTCLASS socket option. This enables receiving and logging
2092   of ancillary messages containing the transfer class.
2093enddit()
2094
2095startdit()enddit()nl()
2096
2097
2098label(GROUP_TCP)em(bf(TCP option group))
2099
2100These options may be applied to TCP sockets. They work by invoking code(setsockopt()) with the appropriate parameters.
2101startdit()
2102label(OPTION_CORK)dit(bf(tt(cork)))
2103   Doesn't send packets smaller than MSS (maximal segment size).
2104label(OPTION_DEFER-ACCEPT)dit(bf(tt(defer-accept)))
2105   While listening, accepts connections only when data from the peer arrived.
2106label(OPTION_KEEPCNT)dit(bf(tt(keepcnt=<count>)))
2107   Sets the number of keepalives before shutting down the socket to
2108   <count> [link(int)(TYPE_INT)].
2109label(OPTION_KEEPIDLE)dit(bf(tt(keepidle=<seconds>)))
2110   Sets the idle time before sending the first keepalive to <seconds>
2111   [link(int)(TYPE_INT)].
2112label(OPTION_KEEPINTVL)dit(bf(tt(keepintvl=<seconds>)))
2113   Sets the interval between two keepalives to <seconds>
2114   [link(int)(TYPE_INT)]. 
2115label(OPTION_LINGER2)dit(bf(tt(linger2=<seconds>)))
2116   Sets the time to keep the socket in FIN-WAIT-2 state to <seconds>
2117   [link(int)(TYPE_INT)].
2118label(OPTION_MSS)dit(bf(tt(mss=<bytes>)))
2119   Sets the MSS (maximum segment size) after the code(socket()) call to <bytes>
2120   [link(int)(TYPE_INT)]. This
2121   value is then proposed to the peer with the SYN or SYN/ACK packet
2122   (link(example)(EXAMPLE_OPTION_MSS)). 
2123label(OPTION_MSS_LATE)dit(bf(tt(mss-late=<bytes>)))
2124   Sets the MSS of the socket after connection has been established to <bytes>
2125   [link(int)(TYPE_INT)].
2126label(OPTION_NODELAY)dit(bf(tt(nodelay)))
2127   Turns off the Nagle algorithm for measuring the RTT (round trip time).
2128label(OPTION_RFC1323)dit(bf(tt(rfc1323)))
2129   Enables RFC1323 TCP options: TCP window scale, round-trip time measurement
2130   (RTTM), and protect against wrapped sequence numbers (PAWS) (AIX).
2131label(OPTION_STDURG)dit(bf(tt(stdurg)))
2132   Enables RFC1122 compliant urgent pointer handling (AIX).
2133label(OPTION_SYNCNT)dit(bf(tt(syncnt=<count>)))
2134   Sets the maximal number of SYN retransmits during connect to <count>
2135   [link(int)(TYPE_INT)].
2136COMMENT(label(OPTION_INFO)dit(bf(tt(info)))
2137   Tries to set the read-only TCP_INFO socket option.)
2138COMMENT(label(OPTION_WINDOW_CLAMP)dit(bf(tt(window-clamp)))
2139   Sets the TCP_WINDOW_CLAMP socket option.)
2140label(OPTION_TCP_MD5SIG)dit(bf(tt(md5sig)))
2141   Enables generation of MD5 digests on the packets (FreeBSD).
2142label(OPTION_TCP_NOOPT)dit(bf(tt(noopt)))
2143   Disables use of TCP options (FreeBSD, MacOSX).
2144label(OPTION_TCP_NOPUSH)dit(bf(tt(nopush)))
2145   sets the TCP_NOPUSH socket option (FreeBSD, MacOSX).
2146label(OPTION_TCP_SACK_DISABLE)dit(bf(tt(sack-disable)))
2147   Disables use the selective acknowledge feature (OpenBSD).
2148label(OPTION_TCP_SIGNATURE_ENABLE)dit(bf(tt(signature-enable)))
2149   Enables generation of MD5 digests on the packets (OpenBSD).
2150label(OPTION_TCP_ABORT_THRESHOLD)dit(bf(tt(abort-threshold=<milliseconds>)))
2151   Sets the time to wait for an answer of the peer on an established connection
2152   (HP-UX).
2153label(OPTION_TCP_CONN_ABORT_THRESHOLD)dit(bf(tt(conn-abort-threshold=<milliseconds>)))
2154   Sets the time to wait for an answer of the server during the initial connect
2155   (HP-UX).
2156label(OPTION_TCP_KEEPINIT)dit(bf(tt(keepinit)))
2157   Sets the time to wait for an answer of the server during connect\() before
2158   giving up. Value in half seconds, default is 150 (75s) (Tru64).
2159label(OPTION_TCP_PAWS)dit(bf(tt(paws)))
2160   Enables the "protect against wrapped sequence numbers" feature (Tru64).
2161label(OPTION_TCP_SACKENA)dit(bf(tt(sackena)))
2162   Enables selective acknowledge (Tru64).
2163label(OPTION_TCP_TSOPTENA)dit(bf(tt(tsoptena)))
2164   Enables the time stamp option that allows RTT recalculation on existing
2165   connections (Tru64).
2166enddit()
2167
2168startdit()enddit()nl()
2169
2170
2171label(GROUP_SCTP)em(bf(SCTP option group))
2172
2173These options may be applied to SCTP stream sockets.
2174startdit()
2175label(OPTION_SCTP_NODELAY)dit(bf(tt(sctp-nodelay)))
2176   Sets the SCTP_NODELAY socket option that disables the Nagle algorithm.
2177label(OPTION_SCTP_MAXSEG)dit(bf(tt(sctp-maxseg=<bytes>)))
2178   Sets the SCTP_MAXSEG socket option to <bytes> [link(int)(TYPE_INT)].  This
2179   value is then proposed to the peer with the SYN or SYN/ACK packet. 
2180enddit()
2181
2182startdit()enddit()nl()
2183
2184
2185em(bf(UDP, TCP, and SCTP option groups))
2186
2187Here we find options that are related to the network port mechanism and thus
2188can be used with UDP, TCP, and SCTP client and server addresses.
2189startdit()
2190label(OPTION_SOURCEPORT)dit(bf(tt(sourceport=<port>)))
2191   For outgoing (client) TCP and UDP connections, it sets the source
2192   link(<port>)(TYPE_PORT) using an extra code(bind()) call.
2193   With TCP or UDP listen addresses, socat immediately shuts down the
2194   connection if the client does not use this sourceport (link(example)(EXAMPLE_OPTION_SOURCEPORT)).
2195label(OPTION_LOWPORT)dit(bf(tt(lowport)))
2196   Outgoing (client) TCP and UDP connections with this option use
2197   an unused random source port between 640 and 1023 incl. On UNIX class operating
2198   systems, this requires root privilege, and thus indicates that the
2199   client process is authorized by local root.
2200   TCP and UDP listen addresses with this option immediately shut down the
2201   connection if the client does not use a sourceport <= 1023.
2202   This mechanism can provide limited authorization under some circumstances.
2203enddit()
2204
2205startdit()enddit()nl()
2206
2207
2208label(GROUP_SOCKS)em(bf(SOCKS option group))
2209
2210When using SOCKS type addresses, some socks specific options can be set.
2211startdit()
2212label(OPTION_SOCKSPORT)dit(bf(tt(socksport=<tcp service>)))
2213   Overrides the default "socks" service or port 1080 for the socks server
2214   port with link(<TCP service>)(TYPE_TCP_SERVICE).
2215label(OPTION_SOCKSUSER)dit(bf(tt(socksuser=<user>)))
2216   Sends the <user> [link(string)(TYPE_STRING)] in the username field to the
2217   socks server. Default is the actual user name ($LOGNAME or $USER) (link(example)(EXAMPLE_OPTION_SOCKSUSER)).
2218enddit()
2219
2220startdit()enddit()nl()
2221
2222
2223label(GROUP_HTTP)em(bf(HTTP option group))
2224
2225Options that can be provided with HTTP type addresses. The only HTTP address
2226currently implemented is link(proxy-connect)(ADDRESS_PROXY_CONNECT).
2227
2228startdit()
2229label(OPTION_PROXYPORT)dit(bf(tt(proxyport=<TCP service>)))
2230   Overrides the default HTTP proxy port 8080 with
2231   link(<TCP service>)(TYPE_TCP_SERVICE).
2232label(OPTION_IGNORECR)dit(bf(tt(ignorecr)))
2233   The HTTP protocol requires the use of CR+NL as line terminator. When a proxy
2234   server violates this standard, socat might not understand its answer. 
2235   This option directs socat to interprete NL as line terminator and
2236   to ignore CR in the answer. Nevertheless, socat sends CR+NL to the proxy.
2237label(OPTION_PROXY_AUTHORIZATION)dit(bf(tt(proxyauth=<username>:<password>)))
2238   Provide "basic" authentication to the proxy server. The argument to the
2239   option is used with a "Proxy-Authorization: Base" header in base64 encoded
2240   form.nl() 
2241   Note: username and password are visible for every user on the local machine
2242   in the process list; username and password are transferred to the proxy
2243   server unencrypted (base64 encoded) and might be sniffed.
2244label(OPTION_PROXY_RESOLVE)dit(bf(tt(resolve)))
2245   Per default, socat sends to the proxy a CONNECT request containing the
2246   target hostname. With this option, socat resolves the hostname locally and
2247   sends the IP address. Please note that, according to RFC 2396, only name
2248   resolution to IPv4 addresses is implemented.
2249enddit()
2250
2251startdit()enddit()nl()
2252
2253
2254label(GROUP_RANGE)em(bf(RANGE option group))
2255
2256These options check if a connecting client should be granted access. They can
2257be applied to listening and receiving network sockets. tcp-wrappers options
2258fall into this group.
2259startdit()
2260label(OPTION_RANGE)dit(bf(tt(range=<address-range>)))
2261   After accepting a connection, tests if the peer is within em(range). For
2262   IPv4 addresses, address-range takes the form address/bits, e.g.
2263   10.0.0.0/8, or address:mask, e.g. 10.0.0.0:255.0.0.0 (link(example)(EXAMPLE_OPTION_RANGE)); for IPv6, it is [ip6-address/bits], e.g. [::1/128].
2264   If the client address does not match, socat() issues a warning and keeps
2265   listening/receiving.
2266label(OPTION_TCPWRAPPERS)dit(bf(tt(tcpwrap[=<name>])))
2267   Uses Wietse Venema's libwrap (tcpd) library to determine
2268   if the client is allowed to connect. The configuration files are
2269   /etc/hosts.allow and /etc/hosts.deny per default, see "man 5 hosts_access"
2270   for more information. The optional <name> (type link(string)(TYPE_STRING))
2271   is passed to the wrapper functions as daemon process name (link(example)(EXAMPLE_OPTION_TCPWRAPPERS)). 
2272   If omitted, the basename of socats invocation (argv[0]) is passed. 
2273   If both tcpwrap and range options are applied to an address, both
2274   conditions must be fulfilled to allow the connection.
2275label(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE)dit(bf(tt(allow-table=<filename>)))
2276   Takes the specified file instead of /etc/hosts.allow.
2277label(OPTION_TCPWRAP_HOSTS_DENY_TABLE)dit(bf(tt(deny-table=<filename>)))
2278   Takes the specified file instead of /etc/hosts.deny.
2279label(OPTION_TCPWRAP_ETC)dit(bf(tt(tcpwrap-etc=<directoryname>)))
2280   Looks for hosts.allow and hosts.deny in the specified directory. Is
2281   overridden by options link(hosts-allow)(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE)
2282   and link(hosts-deny)(OPTION_TCPWRAP_HOSTS_DENY_TABLE).
2283enddit()
2284
2285startdit()enddit()nl()
2286
2287
2288label(GROUP_LISTEN)em(bf(LISTEN option group))
2289
2290Options specific to listening sockets.
2291startdit()
2292label(OPTION_BACKLOG)dit(bf(tt(backlog=<count>)))
2293   Sets the backlog value passed with the code(listen()) system call to <count>
2294   [link(int)(TYPE_INT)]. Default is 5. 
2295label(OPTION_MAX_CHILDREN)dit(bf(tt(max-children=<count>)))
2296   Limits the number of concurrent child processes [link(int)(TYPE_INT)].
2297    Default is no limit. 
2298enddit()
2299startdit()enddit()nl()
2300
2301
2302label(GROUP_CHILD)em(bf(CHILD option group))
2303
2304Options for addresses with multiple connections via child processes.
2305startdit()
2306label(OPTION_FORK)dit(bf(tt(fork)))
2307   After establishing a connection, handles its channel in a child process and
2308   keeps the parent process attempting to produce more connections, either by
2309   listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
2310   SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child:
2311SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks
2312em(afterwards).
2313   RETRY and FOREVER options are not inherited by the child process.nl()
2314   On some operating systems (e.g. FreeBSD) this option does not work for
2315   UDP-LISTEN addresses.nl()
2316enddit()
2317
2318startdit()enddit()nl()
2319
2320
2321label(GROUP_EXEC)em(bf(EXEC option group))
2322
2323Options for addresses that invoke a program.
2324startdit()
2325label(OPTION_PATH)dit(bf(tt(path=<string>)))
2326   Overrides the PATH environment variable for searching the program with
2327   link(<string>)(TYPE_STRING). This
2328   code($PATH) value is effective in the child process too.
2329label(OPTION_LOGIN)dit(bf(tt(login)))
2330   Prefixes code(argv[0]) for the code(execvp()) call with '-', thus making a
2331   shell behave as login shell.
2332enddit()
2333
2334startdit()enddit()nl()
2335
2336
2337label(GROUP_FORK)em(bf(FORK option group))
2338
2339EXEC or SYSTEM addresses invoke a program using a child process and transfer data between socat() and the program. The interprocess communication mechanism can be influenced with the following options. Per
2340default, a code(socketpair()) is created and assigned to stdin and stdout of
2341the child process, while stderr is inherited from the socat() process, and the
2342child process uses file descriptors 0 and 1 for communicating with the main
2343socat process.
2344startdit()
2345label(OPTION_NOFORK)dit(bf(tt(nofork)))
2346   Does not fork a subprocess for executing the program, instead calls execvp\()
2347   or system\() directly from the actual socat instance. This avoids the
2348   overhead of another process between the program and its peer,
2349   but introduces a lot of restrictions:
2350   startit()
2351   it() this option can only be applied to the second socat() address.
2352   it() it cannot be applied to a part of a link(dual)(ADDRESS_DUAL) address.
2353   it() the first socat address cannot be OPENSSL or READLINE
2354   it() socat options -b, -t, -D, -l, -v, -x become useless
2355   it() for both addresses, options ignoreeof, cr, and crnl become useless
2356   it() for the second address (the one with option nofork), options 
2357      append, metaCOMMENT(async,) cloexec, flock, user, group, mode, nonblock,
2358      perm-late, setlk, and setpgid cannot be applied. Some of these could be
2359      used on the first address though.
2360   endit()
2361label(OPTION_PIPES)dit(bf(tt(pipes)))
2362   Creates a pair of unnamed pipes for interprocess communication instead of a
2363   socket pair.
2364label(OPTION_OPENPTY)dit(bf(tt(openpty)))
2365   Establishes communication with the sub process using a pseudo terminal
2366   created with code(openpty()) instead of the default (socketpair or ptmx).
2367label(OPTION_PTMX)dit(bf(tt(ptmx)))
2368   Establishes communication with the sub process using a pseudo terminal
2369   created by opening file(/dev/ptmx) or file(/dev/ptc) instead of the default
2370   (socketpair).
2371label(OPTION_PTY)dit(bf(tt(pty)))
2372   Establishes communication with the sub process using a pseudo terminal
2373   instead of a socket pair. Creates the pty with an available mechanism. If
2374   openpty and ptmx are both available, it uses ptmx because this is POSIX
2375   compliant (link(example)(EXAMPLE_OPTION_PTY)).
2376label(OPTION_CTTY)dit(bf(tt(ctty)))
2377   Makes the pty the controlling tty of the sub process (link(example)(EXAMPLE_OPTION_CTTY)).
2378label(OPTION_STDERR)dit(bf(tt(stderr)))
2379   Directs stderr of the sub process to its output channel by making stderr a
2380   code(dup()) of stdout (link(example)(EXAMPLE_OPTION_STDERR)). 
2381label(OPTION_FDIN)dit(bf(tt(fdin=<fdnum>)))
2382   Assigns the sub processes input channel to its file descriptor
2383   link(<fdnum>)(TYPE_FDNUM) 
2384   instead of stdin (0). The program started from the subprocess has to use
2385   this fd for reading data from socat() (link(example)(EXAMPLE_OPTION_FDIN)). 
2386label(OPTION_FDOUT)dit(bf(tt(fdout=<fdnum>)))
2387   Assigns the sub processes output channel to its file descriptor
2388   link(<fdnum>)(TYPE_FDNUM) 
2389   instead of stdout (1). The program started from the subprocess has to use 
2390   this fd for writing data to socat() (link(example)(EXAMPLE_OPTION_FDOUT)).
2391label(OPTION_SIGHUP)label(OPTION_SIGINT)label(OPTION_SIGQUIT)dit(bf(tt(sighup)), bf(tt(sigint)), bf(tt(sigquit)))
2392   Has socat() pass signals of this type to the sub process.
2393   If no address has this option, socat terminates on these signals.
2394enddit()
2395
2396startdit()enddit()nl()
2397
2398
2399label(GROUP_TERMIOS)em(bf(TERMIOS option group))
2400
2401For addresses that work on a tty (e.g., stdio, file:/dev/tty, exec:...,pty), the terminal parameters defined in the unix() termios mechanism are made available as address option parameters.
2402Please note that changes of the parameters of your interactive terminal 
2403remain effective after socat()'s termination, so you might have to enter "reset"
2404or "stty sane" in your shell afterwards.
2405For EXEC and SYSTEM addresses with option PTY,
2406these options apply to the pty by the child processes.
2407
2408startdit()
2409label(OPTION_B0)dit(bf(tt(b0)))
2410   Disconnects the terminal.
2411label(OPTION_B19200)dit(bf(tt(b19200)))
2412   Sets the serial line speed to 19200 baud. Some other rates are possible; use
2413something like tt(socat -hh |grep ' b[1-9]') to find all speeds supported by
2414your implementation.nl()
2415Note: On some operating systems, these options may not be
2416available. Use link(ispeed)(OPTION_ISPEED) or link(ospeed)(OPTION_OSPEED)
2417instead.
2418label(OPTION_ECHO)dit(bf(tt(echo=<bool>)))
2419   Enables or disables local echo (link(example)(EXAMPLE_OPTION_ECHO)).
2420label(OPTION_ICANON)dit(bf(tt(icanon=<bool>)))
2421   Sets or clears canonical mode, enabling line buffering and some special
2422   characters. 
2423label(OPTION_RAW)dit(bf(tt(raw)))
2424   Sets raw mode, thus passing input and output almost unprocessed (link(example)(EXAMPLE_OPTION_RAW)).
2425label(OPTION_IGNBRK)dit(bf(tt(ignbrk=<bool>)))
2426   Ignores or interpretes the BREAK character (e.g., ^C)
2427label(OPTION_BRKINT)dit(bf(tt(brkint=<bool>)))
2428label(OPTION_BS0)dit(bf(tt(bs0)))
2429label(OPTION_BS1)dit(bf(tt(bs1)))
2430label(OPTION_BSDLY)dit(bf(tt(bsdly=<0|1>)))
2431label(OPTION_CLOCAL)dit(bf(tt(clocal=<bool>)))
2432
2433label(OPTION_CR0)label(OPTION_CR1)label(OPTION_CR2)label(OPTION_CR3)
2434mancommand(\.LP)
2435mancommand(\.nf)
2436mancommand(\fBcr0
2437cr1
2438cr2
2439cr3\fP)
2440mancommand(\.fi)
2441mancommand(\.IP)
2442htmlcommand(<dt><code><strong>cr0</strong><br>
2443<strong>cr1</strong><br>
2444<strong>cr2</strong><br>
2445<strong>cr3</strong></code><dd>)
2446   Sets the carriage return delay to 0, 1, 2, or 3, respectively.
2447   0 means no delay, the other values are terminal dependent.
2448
2449label(OPTION_CRDLY)dit(bf(tt(crdly=<0|1|2|3>)))
2450label(OPTION_CREAD)dit(bf(tt(cread=<bool>)))
2451label(OPTION_CRTSCTS)dit(bf(tt(crtscts=<bool>)))
2452
2453label(OPTION_CS5)label(OPTION_CS6)label(OPTION_CS7)label(OPTION_CS8)
2454mancommand(\.LP)
2455mancommand(\.nf)
2456mancommand(\fBcs5 
2457cs6 
2458cs7 
2459cs8\fP)
2460mancommand(\.fi)
2461mancommand(\.IP)
2462htmlcommand(<dt><code><strong>cs5</strong><br>
2463<strong>cs6</strong><br>
2464<strong>cs7</strong><br>
2465<strong>cs8</strong></code><dd>)
2466   Sets the character size to 5, 6, 7, or 8 bits, respectively.
2467
2468label(OPTION_CSIZE)dit(bf(tt(csize=<0|1|2|3>)))
2469label(OPTION_CSTOPB)dit(bf(tt(cstopb=<bool>)))
2470   Sets two stop bits, rather than one.
2471label(OPTION_VDSUSP)dit(bf(tt(dsusp=<byte>)))
2472   Sets the value for the VDSUSP character that suspends the current foreground
2473   process and reactivates the shell (all except Linux).
2474label(OPTION_ECHOCTL)dit(bf(tt(echoctl=<bool>)))
2475   Echos control characters in hat notation (e.g. ^A)
2476label(OPTION_ECHOE)dit(bf(tt(echoe=<bool>)))
2477label(OPTION_ECHOK)dit(bf(tt(echok=<bool>)))
2478label(OPTION_ECHOKE)dit(bf(tt(echoke=<bool>)))
2479label(OPTION_ECHONL)dit(bf(tt(echonl=<bool>)))
2480label(OPTION_ECHOPRT)dit(bf(tt(echoprt=<bool>)))
2481label(OPTION_EOF)dit(bf(tt(eof=<byte>)))
2482label(OPTION_EOL)dit(bf(tt(eol=<byte>)))
2483label(OPTION_EOL2)dit(bf(tt(eol2=<byte>)))
2484label(OPTION_ERASE)dit(bf(tt(erase=<byte>)))
2485label(OPTION_DISCARD)dit(bf(tt(discard=<byte>)))
2486label(OPTION_FF0)dit(bf(tt(ff0)))
2487label(OPTION_FF1)dit(bf(tt(ff1)))
2488label(OPTION_FFDLY)dit(bf(tt(ffdly=<bool>)))
2489label(OPTION_FLUSHO)dit(bf(tt(flusho=<bool>)))
2490label(OPTION_HUPCL)dit(bf(tt(hupcl=<bool>)))
2491label(OPTION_ICRNL)dit(bf(tt(icrnl=<bool>)))
2492label(OPTION_IEXTEN)dit(bf(tt(iexten=<bool>)))
2493label(OPTION_IGNCR)dit(bf(tt(igncr=<bool>)))
2494label(OPTION_IGNPAR)dit(bf(tt(ignpar=<bool>)))
2495label(OPTION_IMAXBEL)dit(bf(tt(imaxbel=<bool>)))
2496label(OPTION_INLCR)dit(bf(tt(inlcr=<bool>)))
2497label(OPTION_INPCK)dit(bf(tt(inpck=<bool>)))
2498label(OPTION_INTR)dit(bf(tt(intr=<byte>)))
2499label(OPTION_ISIG)dit(bf(tt(isig=<bool>)))
2500label(OPTION_ISPEED)dit(bf(tt(ispeed=<unsigned-int>)))
2501   Set the baud rate for incoming data on this line.nl()
2502   See also: link(ospeed)(OPTION_OSPEED), link(b19200)(OPTION_B19200)
2503label(OPTION_ISTRIP)dit(bf(tt(istrip=<bool>)))
2504label(OPTION_IUCLC)dit(bf(tt(iuclc=<bool>)))
2505label(OPTION_IXANY)dit(bf(tt(ixany=<bool>)))
2506label(OPTION_IXOFF)dit(bf(tt(ixoff=<bool>)))
2507label(OPTION_IXON)dit(bf(tt(ixon=<bool>)))
2508label(OPTION_KILL)dit(bf(tt(kill=<byte>)))
2509label(OPTION_LNEXT)dit(bf(tt(lnext=<byte>)))
2510label(OPTION_MIN)dit(bf(tt(min=<byte>)))
2511label(OPTION_NL0)dit(bf(tt(nl0)))
2512   Sets the newline delay to 0.
2513label(OPTION_NL1)dit(bf(tt(nl1)))
2514label(OPTION_NLDLY)dit(bf(tt(nldly=<bool>)))
2515label(OPTION_NOFLSH)dit(bf(tt(noflsh=<bool>)))
2516label(OPTION_OCRNL)dit(bf(tt(ocrnl=<bool>)))
2517label(OPTION_OFDEL)dit(bf(tt(ofdel=<bool>)))
2518label(OPTION_OFILL)dit(bf(tt(ofill=<bool>)))
2519label(OPTION_OLCUC)dit(bf(tt(olcuc=<bool>)))
2520label(OPTION_ONLCR)dit(bf(tt(onlcr=<bool>)))
2521label(OPTION_ONLRET)dit(bf(tt(onlret=<bool>)))
2522label(OPTION_ONOCR)dit(bf(tt(onocr=<bool>)))
2523label(OPTION_OPOST)dit(bf(tt(opost=<bool>)))
2524   Enables or disables output processing; e.g., converts NL to CR-NL.
2525label(OPTION_OSPEED)dit(bf(tt(ospeed=<unsigned-int>)))
2526   Set the baud rate for outgoing data on this line.nl()
2527   See also: link(ispeed)(OPTION_ISPEED), link(b19200)(OPTION_B19200)
2528label(OPTION_PARENB)dit(bf(tt(parenb=<bool>)))
2529   Enable parity generation on output and parity checking for input.
2530label(OPTION_PARMRK)dit(bf(tt(parmrk=<bool>)))
2531label(OPTION_PARODD)dit(bf(tt(parodd=<bool>)))
2532label(OPTION_PENDIN)dit(bf(tt(pendin=<bool>)))
2533label(OPTION_QUIT)dit(bf(tt(quit=<byte>)))
2534label(OPTION_REPRINT)dit(bf(tt(reprint=<byte>)))
2535label(OPTION_SANE)dit(bf(tt(sane)))
2536   Brings the terminal to something like a useful default state.
2537label(OPTION_START)dit(bf(tt(start=<byte>)))
2538label(OPTION_STOP)dit(bf(tt(stop=<byte>)))
2539label(OPTION_SUSP)dit(bf(tt(susp=<byte>)))
2540label(OPTION_SWTC)dit(bf(tt(swtc=<byte>)))
2541label(OPTION_TAB0)dit(bf(tt(tab0)))
2542label(OPTION_TAB1)dit(bf(tt(tab1)))
2543label(OPTION_TAB2)dit(bf(tt(tab2)))
2544label(OPTION_TAB3)dit(bf(tt(tab3)))
2545label(OPTION_TABDLY)dit(bf(tt(tabdly=<unsigned-int>)))
2546label(OPTION_TIME)dit(bf(tt(time=<byte>)))
2547label(OPTION_TOSTOP)dit(bf(tt(tostop=<bool>)))
2548label(OPTION_VT0)dit(bf(tt(vt0)))
2549label(OPTION_VT1)dit(bf(tt(vt1)))
2550label(OPTION_VTDLY)dit(bf(tt(vtdly=<bool>)))
2551label(OPTION_WERASE)dit(bf(tt(werase=<byte>)))
2552label(OPTION_XCASE)dit(bf(tt(xcase=<bool>)))
2553label(OPTION_XTABS)dit(bf(tt(xtabs)))
2554label(OPTION_I_POP_ALL)dit(bf(tt(i-pop-all)))
2555   With UNIX System V STREAMS, removes all drivers from the stack.
2556label(OPTION_I_PUSH)dit(bf(tt(i-push=<string>)))
2557   With UNIX System V STREAMS, pushes the driver (module) with the given name
2558   (link(string)(TYPE_STRING)) onto the stack. For example, to make sure that a
2559   character device on Solaris supports termios etc, use the following options:
2560   tt(i-pop-all,i-push=ptem,i-push=ldterm,i-push=ttcompat)
2561enddit()
2562
2563startdit()enddit()nl()
2564
2565
2566label(GROUP_PTY)em(bf(PTY option group))
2567
2568These options are intended for use with the link(pty)(ADDRESS_PTY) address
2569type.
2570
2571startdit()
2572label(OPTION_SYMBOLIC_LINK)dit(bf(tt(link=<filename>)))
2573   Generates a symbolic link that points to the actual pseudo terminal
2574   (pty). This might help 
2575   to solve the problem that ptys are generated with more or less
2576   unpredictable names, making it difficult to directly access the socat
2577   generated pty automatically. With this option, the user can specify a "fix"
2578   point in the file hierarchy that helps him to access the actual pty
2579   (link(example)(EXAMPLE_OPTION_SYMBOLIC_LINK)).
2580   Beginning with socat() version 1.4.3, the symbolic link is removed when
2581   the address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)).
2582label(OPTION_PTY_WAIT_SLAVE)dit(bf(tt(wait-slave)))
2583   Blocks the open phase until a process opens the slave side of the pty.
2584   Usually, socat continues after generating the pty with opening the next
2585   address or with entering the transfer loop. With the wait-slave option,
2586   socat waits until some process opens the slave side of the pty before
2587   continuing. 
2588   This option only works if the operating system provides the tt(poll())
2589   system call. And it depends on an undocumented behaviour of pty's, so it
2590   does not work on all operating systems. It has successfully been tested on
2591   Linux, FreeBSD, NetBSD, and on Tru64 with openpty. 
2592label(OPTION_PTY_INTERVAL)dit(bf(tt(pty-interval=<seconds>)))
2593   When the link(wait-slave)(OPTION_PTY_WAIT_SLAVE) option is set, socat
2594   periodically checks the HUP condition using tt(poll()) to find if the pty's
2595   slave side has been opened. The default polling interval is 1s. Use the
2596   pty-interval option [link(timeval)(TYPE_TIMEVAL)] to change this value.
2597enddit()
2598
2599
2600startdit()enddit()nl()
2601
2602
2603label(GROUP_OPENSSL)em(bf(OPENSSL option group))
2604
2605These options apply to the link(openssl)(ADDRESS_OPENSSL_CONNECT) and
2606link(openssl-listen)(ADDRESS_OPENSSL_LISTEN) address types.
2607
2608startdit()
2609label(OPTION_OPENSSL_CIPHERLIST)dit(bf(tt(cipher=<cipherlist>)))
2610   Selects the list of ciphers that may be used for the connection.
2611   See the man page of code(ciphers), section bf(CIPHER LIST FORMAT), for
2612   detailed information about syntax, values, and default of <cipherlist>.nl()
2613   Several cipher strings may be given, separated by ':'.
2614   Some simple cipher strings:
2615   startdit()
2616   dit(3DES) Uses a cipher suite with triple DES.
2617   dit(MD5) Uses a cipher suite with MD5.
2618   dit(aNULL) Uses a cipher suite without authentication.
2619   dit(NULL) Does not use encryption.
2620   dit(HIGH) Uses a cipher suite with "high" encryption.
2621   enddit()
2622   Note that the peer must support the selected property, or the negotiation
2623   will fail.
2624label(OPTION_OPENSSL_METHOD)dit(bf(tt(method=<ssl-method>)))
2625   Sets the protocol version to be used. Valid strings (not case sensitive)
2626   are:  
2627   startdit()
2628   dit(tt(SSLv2)) Select SSL protocol version 2.
2629   dit(tt(SSLv3)) Select SSL protocol version 3.
2630   dit(tt(SSLv23)) Select SSL protocol version 2 or 3. This is the default when
2631   this option is not provided.
2632   dit(tt(TLSv1)) Select TLS protocol version 1.
2633   enddit()
2634label(OPTION_OPENSSL_VERIFY)dit(bf(tt(verify=<bool>)))
2635   Controls check of the peer's certificate. Default is 1 (true). Disabling
2636   verify might open your socket for everyone, making the encryption useless!
2637label(OPTION_OPENSSL_CERTIFICATE)dit(bf(tt(cert=<filename>)))
2638   Specifies the file with the certificate and private key for authentication. 
2639   The certificate must be in OpenSSL format (*.pem). 
2640   With openssl-listen, use of this option is strongly
2641   recommended. Except with cipher aNULL, "no shared ciphers" error will
2642   occur when no certificate is given.
2643label(OPTION_OPENSSL_KEY)dit(bf(tt(key=<filename>)))
2644   Specifies the file with the private key. The private key may be in this
2645   file or in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE) option. The party that has
2646   to proof that it is the owner of a certificate needs the private key.
2647label(OPTION_OPENSSL_DHPARAMS)dit(bf(tt(dhparams=<filename>)))
2648   Specifies the file with the Diffie Hellman parameters. These parameters may
2649   also be in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE)
2650   option in which case the dhparams option is not needed.
2651label(OPTION_OPENSSL_CAFILE)dit(bf(tt(cafile=<filename>)))
2652   Specifies the file with the trusted (root) authority certificates. The file
2653   must be in PEM format and should contain one or more certificates. The party
2654   that checks the authentication of its peer trusts only certificates that are
2655   in this file.
2656label(OPTION_OPENSSL_CAPATH)dit(bf(tt(capath=<dirname>)))
2657   Specifies the directory with the trusted (root) certificates. The directory
2658   must contain certificates in PEM format and their hashes (see OpenSSL
2659   documentation) 
2660label(OPTION_OPENSSL_EGD)dit(bf(tt(egd=<filename>)))
2661   On some systems, openssl requires an explicit source of random data. Specify
2662   the socket name where an entropy gathering daemon like egd provides random
2663   data, e.g. /dev/egd-pool.
2664label(OPTION_OPENSSL_PSEUDO)dit(bf(tt(pseudo)))
2665   On systems where openssl cannot find an entropy source and where no entropy
2666   gathering daemon can be utilized, this option activates a mechanism for
2667   providing pseudo entropy. This is archieved by taking the current time in
2668   microseconds for feeding the libc pseudo random number generator with an
2669   initial value. openssl is then feeded with output from random\() calls.nl()
2670   NOTE:This mechanism is not sufficient for generation of secure keys!
2671label(OPTION_OPENSSL_COMPRESS)dit(bf(tt(compress)))
2672   Enable or disable the use of compression for a connection. Setting this to
2673   "none" disables compression, setting it to "auto" lets OpenSSL choose the best
2674   available algorithm supported by both parties. The default is to not touch any
2675   compression-related settings.
2676   NOTE: Requires OpenSSL 0.9.8 or higher and disabling compression with
2677   OpenSSL 0.9.8 affects all new connections in the process.
2678label(OPTION_OPENSSL_FIPS)dit(bf(tt(fips)))
2679   Enables FIPS mode if compiled in. For info about the FIPS encryption
2680   implementation standard see lurl(http://oss-institute.org/fips-faq.html). 
2681   This mode might require that the involved certificates are generated with a
2682   FIPS enabled version of openssl. Setting or clearing this option on one
2683   socat address affects all OpenSSL addresses of this process.
2684enddit()
2685
2686startdit()enddit()nl()
2687
2688
2689label(GROUP_RETRY)em(bf(RETRY option group))
2690
2691Options that control retry of some system calls, especially connection
2692attempts.
2693
2694startdit()
2695label(OPTION_RETRY)dit(bf(tt(retry=<num>)))
2696   Number of retries before the connection or listen attempt is aborted. 
2697   Default is 0, which means just one attempt. 
2698label(OPTION_INTERVAL)dit(bf(tt(interval=<timespec>)))
2699   Time between consecutive attempts (seconds, 
2700   [link(timespec)(TYPE_TIMESPEC)]). Default is 1 second.
2701label(OPTION_FOREVER)dit(bf(tt(forever)))
2702   Performs an unlimited number of retry attempts.
2703enddit()
2704
2705startdit()enddit()nl()
2706
2707
2708label(GROUP_TUN)em(bf(TUN option group))
2709
2710Options that control Linux TUN/TAP interface device addresses.
2711
2712startdit()
2713label(OPTION_TUN_DEVICE)dit(bf(tt(tun-device=<device-file>)))
2714   Instructs socat to take another path for the TUN clone device. Default is
2715   tt(/dev/net/tun).
2716label(OPTION_TUN_NAME)dit(bf(tt(tun-name=<if-name>)))
2717   Gives the resulting network interface a specific name instead of the system
2718   generated (tun0, tun1, etc.)
2719label(OPTION_TUN_TYPE)dit(bf(tt(tun-type=[tun|tap])))
2720   Sets the type of the TUN device; use this option to generate a TAP
2721   device. See the Linux docu for the difference between these types.
2722   When you try to establish a tunnel between two TUN devices, their types
2723   should be the same.
2724label(OPTION_IFF_NO_PI)dit(bf(tt(iff-no-pi)))
2725   Sets the IFF_NO_PI flag which controls if the device includes additional
2726   packet information in the tunnel.
2727   When you try to establish a tunnel between two TUN devices, these flags
2728   should have the same values.
2729label(OPTION_IFF_UP)dit(bf(tt(iff-up)))
2730   Sets the TUN network interface status UP. Strongly recommended.
2731label(OPTION_IFF_BROADCAST)dit(bf(tt(iff-broadcast)))
2732   Sets the BROADCAST flag of the TUN network interface.
2733label(OPTION_IFF_DEBUG)dit(bf(tt(iff-debug)))
2734   Sets the DEBUG flag of the TUN network interface.
2735label(OPTION_IFF_LOOPBACK)dit(bf(tt(iff-loopback)))
2736   Sets the LOOPBACK flag of the TUN network interface.
2737label(OPTION_IFF_POINTOPOINT)dit(bf(tt(iff-pointopoint)))
2738   Sets the POINTOPOINT flag of the TUN device.
2739label(OPTION_IFF_NOTRAILERS)dit(bf(tt(iff-notrailers)))
2740   Sets the NOTRAILERS flag of the TUN device.
2741label(OPTION_IFF_RUNNING)dit(bf(tt(iff-running)))
2742   Sets the RUNNING flag of the TUN device.
2743label(OPTION_IFF_NOARP)dit(bf(tt(iff-noarp)))
2744   Sets the NOARP flag of the TUN device.
2745label(OPTION_IFF_PROMISC)dit(bf(tt(iff-promisc)))
2746   Sets the PROMISC flag of the TUN device.
2747label(OPTION_IFF_ALLMULTI)dit(bf(tt(iff-allmulti)))
2748   Sets the ALLMULTI flag of the TUN device.
2749label(OPTION_IFF_MASTER)dit(bf(tt(iff-master)))
2750   Sets the MASTER flag of the TUN device.
2751label(OPTION_IFF_SLAVE)dit(bf(tt(iff-slave)))
2752   Sets the SLAVE flag of the TUN device.
2753label(OPTION_IFF_MULTICAST)dit(bf(tt(iff-multicast)))
2754   Sets the MULTICAST flag of the TUN device.
2755label(OPTION_IFFPORTSEL_)dit(bf(tt(iff-portsel)))
2756   Sets the PORTSEL flag of the TUN device.
2757label(OPTION_IFF_AUTOMEDIA)dit(bf(tt(iff-automedia)))
2758   Sets the AUTOMEDIA flag of the TUN device.
2759label(OPTION_IFF_DYNAMIC)dit(bf(tt(iff-dynamic)))
2760   Sets the DYNAMIC flag of the TUN device.
2761enddit()
2762
2763startdit()enddit()nl()
2764
2765
2766label(VALUES)
2767manpagesection(DATA VALUES)
2768
2769This section explains the different data types that address parameters and
2770address options can take.
2771
2772startdit()
2773label(TYPE_ADDRESS_RANGE)dit(address-range)
2774   Is currently only implemented for IPv4 and IPv6. See address-option
2775   link(`range')(OPTION_RANGE) 
2776label(TYPE_BOOL)dit(bool)
2777   "0" or "1"; if value is omitted, "1" is taken.
2778label(TYPE_BYTE)dit(byte)
2779   An unsigned int number, read with code(strtoul()), lower or equal to
2780   code(UCHAR_MAX).
2781label(TYPE_COMMAND_LINE)dit(command-line)
2782   A string specifying a program name and its arguments, separated by single
2783   spaces. 
2784label(TYPE_DATA)dit(data)
2785   A raw data specification following em(dalan) syntax. Currently the only
2786   valid form is a string starting with 'x' followed by an even number of hex
2787   digits, specifying a sequence of bytes.
2788label(TYPE_DIRECTORY)dit(directory)
2789   A string with usual unix() directory name semantics.
2790label(TYPE_FACILITY)dit(facility)
2791   The name of a syslog facility in lower case characters.
2792label(TYPE_FDNUM)dit(fdnum)
2793   An unsigned int type, read with code(strtoul()), specifying a unix() file
2794   descriptor. 
2795label(TYPE_FILENAME)dit(filename)
2796   A string with usual unix() filename semantics.
2797label(TYPE_GROUP)dit(group)
2798   If the first character is a decimal digit, the value is read with
2799   code(strtoul()) as unsigned integer specifying a group id. Otherwise, it
2800   must be an existing group name.
2801label(TYPE_INT)dit(int)
2802   A number following the rules of the code(strtol()) function with base
2803   "0", i.e. decimal number, octal number with leading "0", or hexadecimal
2804   number with leading "0x". The value must fit into a C int.
2805label(TYPE_INTERFACE)dit(interface)
2806   A string specifying the device name of a network interface
2807   as shown by ifconfig or procan, e.g. "eth0".
2808label(TYPE_IP_ADDRESS)dit(IP address)
2809   An IPv4 address in numbers-and-dots notation, an IPv6 address in hex
2810   notation enclosed in brackets, or a hostname that resolves to an IPv4 or an
2811   IPv6 address.nl()
2812   Examples: 127.0.0.1, [::1], www.dest-unreach.org, dns1
2813label(TYPE_IPV4_ADDRESS)dit(IPv4 address)
2814   An IPv4 address in numbers-and-dots notation or a hostname that resolves to
2815   an IPv4 address.nl()
2816   Examples: 127.0.0.1, www.dest-unreach.org, dns2
2817label(TYPE_IPV6_ADDRESS)dit(IPv6 address)
2818   An iPv6 address in hexnumbers-and-colons notation enclosed in brackets, or a
2819   hostname that resolves to an IPv6 address.nl()
2820   Examples: [::1], [1234:5678:9abc:def0:1234:5678:9abc:def0],
2821   ip6name.domain.org 
2822label(TYPE_LONG)dit(long)
2823   A number read with code(strtol()). The value must fit into a C long.
2824label(TYPE_LONGLONG)dit(long long)
2825   A number read with code(strtoll()). The value must fit into a C long long.
2826label(TYPE_OFF)dit(off_t)
2827   An implementation dependend signed number, usually 32 bits, read with strtol
2828   or strtoll.
2829label(TYPE_OFF64)dit(off64_t)
2830   An implementation dependend signed number, usually 64 bits, read with strtol
2831   or strtoll.
2832label(TYPE_MODE_T)dit(mode_t)
2833   An unsigned integer, read with code(strtoul()), specifying mode (permission)
2834   bits. 
2835label(TYPE_PID_T)dit(pid_t)
2836   A number, read with code(strtol()), specifying a process id.
2837label(TYPE_PORT)dit(port)
2838   A uint16_t (16 bit unsigned number) specifying a TCP or UDP port, read
2839   with code(strtoul()).
2840label(TYPE_PROTOCOL)dit(protocol)
2841   An unsigned 8 bit number, read with code(strtoul()).
2842label(TYPE_SIZE_T)dit(size_t)
2843   An unsigned number with size_t limitations, read with code(strtoul).
2844label(TYPE_SOCKNAME)dit(sockname)
2845   A socket address. See address-option link(`bind')(OPTION_BIND)
2846label(TYPE_STRING)dit(string)
2847   A sequence of characters, not containing '\0' and, depending on
2848   the position within the command line, ':', ',', or "!!". Note
2849   that you might have to escape shell meta characters in the command line.
2850label(TYPE_TCP_SERVICE)dit(TCP service)
2851   A service name, not starting with a digit, that is resolved by
2852   code(getservbyname()), or an unsigned int 16 bit number read with
2853   code(strtoul()).
2854label(TYPE_TIMEVAL)dit(timeval)
2855   A double float specifying seconds; the number is mapped into a
2856   struct timeval, consisting of seconds and microseconds.
2857label(TYPE_TIMESPEC)dit(timespec)
2858   A double float specifying seconds; the number is mapped into a
2859   struct timespec, consisting of seconds and nanoseconds.
2860label(TYPE_UDP_SERVICE)dit(UDP service)
2861   A service name, not starting with a digit, that is resolved by
2862   code(getservbyname()), or an unsigned int 16 bit number read with
2863   code(strtoul()).
2864label(TYPE_UNSIGNED_INT)dit(unsigned int)
2865   A number read with code(strtoul()). The value must fit into a C unsigned
2866   int. 
2867label(TYPE_USER)dit(user)
2868   If the first character is a decimal digit, the value is read with
2869   code(strtoul()) as unsigned integer specifying a user id. Otherwise, it must
2870   be an existing user name.
2871enddit()
2872
2873
2874label(EXAMPLES)
2875manpagesection(EXAMPLES)
2876
2877
2878startdit()
2879
2880label(EXAMPLE_ADDRESS_TCP4_CONNECT)
2881dit(bf(tt(socat - TCP4:www.domain.org:80)))
2882
2883transfers data between link(STDIO)(ADDRESS_STDIO) (-) and a
2884link(TCP4)(ADDRESS_TCP4_CONNECT) connection to port 80 of host 
2885www.domain.org. This example results in an interactive connection similar to
2886telnet or netcat. The stdin terminal parameters are not changed, so you may
2887close the relay with ^D or abort it with ^C.
2888
2889label(EXAMPLE_ADDRESS_READLINE)
2890label(EXAMPLE_OPTION_HISTORY)
2891mancommand(\.LP)
2892mancommand(\.nf)
2893mancommand(\fBsocat -d -d READLINE,history=$HOME/.http_history \\ 
2894TCP4:www.domain.org:www,crnl\fP)
2895mancommand(\.fi)
2896
2897htmlcommand(<dt><code><strong>socat -d -d  READLINE,history=$HOME/.http_history \</strong><br>
2898<strong>TCP4:www.domain.org:www,crnl</strong></code><dd>)
2899
2900this is similar to the previous example, but you can edit the current line in a
2901bash like manner (link(READLINE)(ADDRESS_READLINE)) and use the
2902link(history)(OPTION_HISTORY) file .http_history; socat() prints messages about
2903progress (link(-d -d)(option_d_d)). The  port is specified by service name
2904(www), and correct network line termination characters
2905(link(crnl)(OPTION_CRNL)) instead of NL are used.
2906
2907
2908label(EXAMPLE_ADDRESS_TCP4_LISTEN)
2909dit(bf(tt(socat TCP4-LISTEN:www TCP4:www.domain.org:www)))
2910
2911installs a simple TCP port forwarder. With
2912link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN) it listens on local port "www" until a
2913connection comes in, accepts it, then connects to the remote host
2914(link(TCP4)(ADDRESS_TCP4_CONNECT)) and starts data transfer. It will not accept
2915a econd connection. 
2916
2917label(EXAMPLE_OPTION_BIND_TCP4)
2918label(EXAMPLE_OPTION_REUSEADDR)
2919label(EXAMPLE_OPTION_FORK)
2920label(EXAMPLE_OPTION_SUBSTUSER)
2921label(EXAMPLE_OPTION_RANGE)
2922mancommand(\.LP)
2923mancommand(\.nf)
2924mancommand(\fBsocat -d -d -lmlocal2 \\ 
2925TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \\ 
2926TCP4:www.domain.org:80,bind=myaddr2\fP)
2927mancommand(\.fi)
2928
2929htmlcommand(<dt><code><strong>socat -d -d -lmlocal2 \</strong><br>
2930<strong>TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \</strong><br>
2931<strong>TCP4:www.domain.org:80,bind=myaddr2</strong></code><dd>)
2932
2933TCP port forwarder, each side bound to another local IP address
2934(link(bind)(OPTION_BIND)). This example handles an almost
2935arbitrary number of parallel or consecutive connections by
2936link(fork)(OPTION_FORK)'ing a new 
2937process after each code(accept()). It provides a little security by
2938link(su)(OPTION_SUBSTUSER)'ing to user 
2939nobody after forking; it only permits connections from the private 10 network
2940(link(range)(OPTION_RANGE)); due to link(reuseaddr)(OPTION_REUSEADDR), it
2941allows immediate restart after master process's termination, even if some child
2942sockets are not completely shut down.
2943With link(-lmlocal2)(option_lm), socat logs to stderr until successfully
2944reaching the accept loop. Further logging is directed to syslog with facility
2945local2.
2946
2947label(EXAMPLE_ADDRESS_EXEC)
2948label(EXAMPLE_OPTION_TCPWRAPPERS)
2949label(EXAMPLE_OPTION_CHROOT)
2950label(EXAMPLE_OPTION_SUBSTUSER_DELAYED)
2951label(EXAMPLE_OPTION_PTY)
2952label(EXAMPLE_OPTION_STDERR)
2953mancommand(\.LP)
2954mancommand(\.nf)
2955mancommand(\fBsocat TCP4-LISTEN:5555,fork,tcpwrap=script \\ 
2956EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr\fP)
2957mancommand(\.fi)
2958
2959htmlcommand(<dt><code><strong>socat TCP4-LISTEN:5555,fork,tcpwrap=script \</strong><br>
2960<strong>EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr</strong></code><dd>)
2961
2962a simple server that accepts connections
2963(link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN)) and link(fork)(OPTION_FORK)'s a new
2964child process for each connection; every child acts as single relay. 
2965The client must match the rules for daemon process name "script" in
2966/etc/hosts.allow and /etc/hosts.deny, otherwise it is refused access (see "man
29675 hosts_access").
2968For link(EXEC)(ADDRESS_EXEC)'uting the program, the child process
2969link(chroot)(OPTION_CHROOT)'s 
2970to file(/home/sandbox), link(su)(OPTION_SUBSTUSER)'s to user sandbox, and then starts 
2971the program file(/home/sandbox/bin/myscript). Socat() and
2972myscript communicate via a pseudo tty (link(pty)(OPTION_PTY)); myscript's
2973link(stderr)(OPTION_STDERR) is redirected to stdout,
2974so its error messages are transferred via socat() to the connected client. 
2975
2976label(EXAMPLE_OPTION_FDIN)
2977label(EXAMPLE_OPTION_FDOUT)
2978label(EXAMPLE_OPTION_CRNL)
2979label(EXAMPLE_OPTION_MSS)
2980mancommand(\.LP)
2981mancommand(\.nf)
2982mancommand(\fBsocat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \\ 
2983TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512\fP)
2984mancommand(\.fi)
2985
2986htmlcommand(<dt><code><strong>socat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \</strong><br>
2987<strong>TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512</strong></code><dd>)
2988
2989file(mail.sh) is a shell script, distributed with socat(), that implements a
2990simple 
2991SMTP client. It is programmed to "speak" SMTP on its FDs 3 (in) and 4 (out).
2992The link(fdin)(OPTION_FDIN) and link(fdout)(OPTION_FDOUT) options tell socat()
2993to use these FDs for communication with 
2994the program. Because mail.sh inherits stdin and stdout while socat() does not
2995use them, the script can read a
2996mail body from stdin. Socat() makes alias1 your local source address
2997(link(bind)(OPTION_BIND)), cares for correct network line termination
2998(link(crnl)(OPTION_CRNL)) and sends  
2999at most 512 data bytes per packet (link(mss)(OPTION_MSS)). 
3000
3001
3002label(EXAMPLE_ADDRESS_GOPEN)
3003label(EXAMPLE_OPTION_RAW)
3004label(EXAMPLE_OPTION_ECHO)
3005label(EXAMPLE_OPTION_ESCAPE)
3006dit(bf(tt(socat -,raw,echo=0,escape=0x0f /dev/ttyS0,raw,echo=0,crnl)))
3007
3008opens an interactive connection via the serial line, e.g. for talking with a
3009modem. link(raw)(OPTION_RAW) and link(echo)(OPTION_ECHO) set the console's and
3010ttyS0's terminal parameters to practicable values, link(crnl)(OPTION_CRNL) 
3011converts to correct newline characters. link(escape)(OPTION_ESCAPE) allows to
3012terminate the socat process with character control-O. 
3013Consider using link(READLINE)(ADDRESS_READLINE) instead of the first address.
3014
3015
3016label(EXAMPLE_ADDRESS_UNIX_LISTEN)
3017label(EXAMPLE_ADDRESS_SOCKS4)
3018label(EXAMPLE_OPTION_SOCKSUSER)
3019label(EXAMPLE_OPTION_SOURCEPORT)
3020mancommand(\.LP)
3021mancommand(\.nf)
3022mancommand(\fBsocat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \\ 
3023SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20\fP)
3024mancommand(\.fi)
3025
3026htmlcommand(<dt><code><strong>socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \</strong><br>
3027<strong>SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20</strong></code><dd>)
3028
3029with link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), socat() opens a listening
3030unixdomain() socket file(/tmp/.X11-unix/X1). This path corresponds 
3031to local XWindow display :1 on your machine, so XWindow client connections to
3032DISPLAY=:1 are accepted. Socat() then speaks with
3033the link(SOCKS4)(ADDRESS_SOCKS4) server host.victim.org that might permit 
3034link(sourceport)(OPTION_SOURCEPORT) 20 based connections due to an FTP related
3035weakness in its static IP filters. Socat()
3036pretends to be invoked by link(socksuser)(OPTION_SOCKSUSER) nobody, and
3037requests to be connected to 
3038loopback port 6000 (only weak sockd configurations will allow this). So we get
3039a connection to the victims XWindow server and, if it does not require MIT
3040cookies or Kerberos authentication, we can start work. Please note that there
3041can only be one connection at a time, because TCP can establish only one
3042session with a given set of addresses and ports.
3043
3044
3045label(EXAMPLE_option_u)
3046label(EXAMPLE_OPTION_IGNOREEOF)
3047dit(bf(tt(socat -u /tmp/readdata,seek-end=0,ignoreeof -)))
3048
3049this is an example for unidirectional data transfer
3050(link(-u)(option_u)). Socat() transfers data 
3051from file /tmp/readdata (implicit address link(GOPEN)(ADDRESS_GOPEN)), starting
3052at its current end (link(seek-end)(OPTION_SEEK_END)=0 lets socat() start 
3053reading at current end of file; use link(seek)(OPTION_SEEK)=0 or no
3054seek option to first read the existing data) in a "tail -f" like mode
3055(link(ignoreeof)(OPTION_IGNOREEOF)). The "file" 
3056might also be a listening unixdomain() socket (do not use a seek option then). 
3057
3058
3059label(EXAMPLE_OPTION_SETSID)
3060label(EXAMPLE_OPTION_CTTY)
3061mancommand(\.LP)
3062mancommand(\.nf)
3063mancommand(\fB(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) | 
3064socat - EXEC:'ssh -l user server',pty,setsid,ctty\fP)
3065mancommand(\.fi)
3066
3067htmlcommand(<dt><code><strong>(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |</strong><br>
3068<strong>socat - EXEC:'ssh -l user server',pty,setsid,ctty</strong></code><dd>)
3069
3070link(EXEC)(ADDRESS_EXEC)'utes an ssh session to server. Uses a link(pty)(OPTION_PTY) for communication between socat() and
3071ssh, makes it ssh's controlling tty (link(ctty)(OPTION_CTTY)), 
3072and makes this pty the owner of
3073a new process group (link(setsid)(OPTION_SETSID)), so ssh accepts the password from socat().
3074
3075
3076label(EXAMPLE_ADDRESS_OPEN)
3077label(EXAMPLE_OPTION_CREAT)
3078label(EXAMPLE_OPTION_APPEND)
3079mancommand(\.LP)
3080mancommand(\.nf)
3081mancommand(\fBsocat -u TCP4-LISTEN:3334,reuseaddr,fork \\ 
3082OPEN:/tmp/in.log,creat,append\fP)
3083mancommand(\.fi)
3084
3085htmlcommand(<dt><code><strong>socat -u TCP4-LISTEN:3334,reuseaddr,fork \</strong><br>
3086<strong>OPEN:/tmp/in.log,creat,append</strong></code><dd>)
3087
3088implements a simple network based message collector. 
3089For each client connecting to port 3334, a new child process is generated (option link(fork)(OPTION_FORK)).
3090All data sent by the clients are link(append)(OPTION_APPEND)'ed to the file /tmp/in.log.
3091If the file does not exist, socat link(creat)(OPTION_O_CREAT)'s it. 
3092Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server
3093process. 
3094
3095COMMENT(
3096dit(bf(tt(socat TCP4-LISTEN:3335,reuseaddr,fork OPEN:/tmp/motd,rdonly)))
3097
3098implements a simple network based motd server.
3099For each client connecting to port 3335, a new child process is generated
3100(option link(fork)(OPTION_FORK)).
3101The contents of the file /tmp/motd is sent to each client.
3102Messages sent by clients result in an error due to option link(rdonly)(OPTION_RDONLY).
3103Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server
3104process.  
3105)
3106COMMENT(
3107dit(bf(tt(socat - TCP4-LISTEN:8080,mtudiscover=0,rcvbuf=2048)))
3108
3109changes some socket parameters to confuse active OS fingerprinting methods.
3110link(mtudiscover)(OPTION_MTUDISCOVER)=0 sets the DF (don'ft fragment flag) in
3111the IP packets to 0 and link(rcvbuf)(OPTION_RCVBUF) changes the initial TCP
3112window size.
3113)
3114
3115label(EXAMPLE_OPTION_NOECHO)
3116dit(bf(tt(socat READLINE,noecho='[Pp]assword:' EXEC:'ftp ftp.server.com',pty,setsid,ctty)))
3117
3118wraps a command line history (link(READLINE)(ADDRESS_READLINE)) around the link(EXEC)(ADDRESS_EXEC)'uted ftp client utility.
3119This allows editing and reuse of FTP commands for relatively comfortable
3120browsing through the ftp directory hierarchy. The password is echoed!
3121 link(pty)(OPTION_PTY) is required to have ftp issue a prompt.
3122Nevertheless, there may occur some confusion with the password and FTP
3123prompts.
3124
3125
3126label(EXAMPLE_ADDRESS_PTY)
3127label(EXAMPLE_OPTION_SYMBOLIC_LINK)
3128label(EXAMPLE_OPTION_WAIT_SLAVE)
3129label(EXAMPLE_OPTION_NONBLOCK)
3130(bf(tt(socat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"')))
3131
3132generates a pseudo terminal 
3133device (link(PTY)(ADDRESS_PTY)) on the client that can be reached under the
3134symbolic link(link)(OPTION_SYMBOLIC_LINK) file($HOME/dev/vmodem0). 
3135An application that expects a serial line or modem
3136can be configured to use file($HOME/dev/vmodem0); its traffic will be directed
3137to a modemserver via ssh where another socat instance links it with
3138file(/dev/ttyS0).
3139
3140
3141mancommand(\.LP)
3142mancommand(\.nf)
3143mancommand(\fBsocat TCP4-LISTEN:2022,reuseaddr,fork \\ 
3144PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass\fP)
3145mancommand(\.fi)
3146
3147htmlcommand(<dt><code><strong>socat TCP4-LISTEN:2022,reuseaddr,fork \</strong><br>
3148<strong>PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass</strong></code><dd>)
3149
3150starts a forwarder that accepts connections on port 2022, and directs them 
3151through the link(proxy)(ADDRESS_PROXY_CONNECT) daemon listening on port 3128
3152(link(proxyport)(OPTION_PROXYPORT)) on host proxy, using the
3153CONNECT method, where they are authenticated as "user" with "pass" (link(proxyauth)(OPTION_PROXY_AUTHORIZATION)). The proxy 
3154should establish connections to host www.domain.org on port 22 then.
3155
3156
3157label(EXAMPLE_ADDRESS_OPENSSL_CONNECT)
3158dit(bf(tt(socat - SSL:server:4443,cafile=server.crt,cert=client.pem)))
3159
3160is an OpenSSL client that tries to establish a secure connection to an SSL
3161server. Option link(cafile)(OPTION_OPENSSL_CAFILE) specifies a file that
3162contains trust certificates: we trust the server only when it presents one of
3163these certificates and proofs that it owns the related private key. 
3164Otherwise the connection is terminated.
3165With link(cert)(OPTION_OPENSSL_CERTIFICATE) a file containing the client certificate
3166and the associated private key is specified. This is required in case the
3167server wishes a client authentication; many Internet servers do not.nl()
3168The first address ('-') can be replaced by almost any other socat address.
3169
3170
3171label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
3172dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
3173
3174is an OpenSSL server that accepts TCP connections, presents the certificate
3175from the file server.pem and forces the client to present a certificate that is
3176verified against cafile.crt.nl()
3177The second address ('PIPE') can be replaced by almost any other socat
3178address.nl()
3179For instructions on generating and distributing OpenSSL keys and certificates
3180see the additional socat docu tt(socat-openssl.txt).
3181
3182
3183dit(bf(tt(echo |socat -u - file:/tmp/bigfile,create,largefile,seek=100000000000)))
3184
3185creates a 100GB sparse file; this requires a file system type that
3186supports this (ext2, ext3, reiserfs, jfs; not minix, vfat). The operation of
3187writing 1 byte might take long (reiserfs: some minutes; ext2: "no" time), and
3188the resulting file can consume some disk space with just its inodes (reiserfs:
31892MB; ext2: 16KB). 
3190
3191
3192dit(bf(tt(socat tcp-l:7777,reuseaddr,fork system:'filan -i 0 -s >&2',nofork)))
3193
3194listens for incoming TCP connections on port 7777. For each accepted
3195connection, invokes a shell. This shell has its stdin and stdout directly
3196connected to the TCP socket (link(nofork)(OPTION_NOFORK)).  The shell starts filan and lets it print the socket addresses to
3197stderr (your terminal window).
3198
3199
3200dit(bf(tt(echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420)))
3201
3202functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
3203the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
3204to make the squid executable from Cygwin run under Windows, actual per May 2004).
3205
3206
3207dit(bf(tt(socat - tcp:www.blackhat.org:31337,readbytes=1000)))
3208
3209connects to an unknown service and prevents being flooded.
3210
3211
3212label(EXAMPLE_END_CLOSE)
3213dit(bf(tt(socat -U TCP:target:9999,end-close TCP-L:8888,reuseaddr,fork)))
3214
3215merges data arriving from different TCP streams on port 8888 to just one stream
3216to target:9999. The link(end-close)(OPTION_END_CLOSE) option prevents the child
3217processes forked off by the second address from terminating the shared
3218connection to 9999 (close\(2) just unlinks the inode which stays active as long
3219as the parent process lives; shutdown\(2) would actively terminate the
3220connection).
3221
3222
3223label(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT)
3224dit(bf(tt(socat - UDP4-DATAGRAM:192.168.1.0:123,sp=123,broadcast,range=192.168.1.0/24)))
3225
3226sends a broadcast to the network 192.168.1.0/24 and receives the replies of the
3227timeservers there. Ignores NTP packets from hosts outside this network.
3228
3229
3230label(EXAMPLE_ADDRESS_GENERIC_CLIENT)
3231dit(bf(tt(socat - SOCKET-DATAGRAM:2:2:17:x007bxc0a80100x0000000000000000,bind=x007bx00000000x0000000000000000,setsockopt-int=1:6:1,range=x0000xc0a80100x0000000000000000:x0000xffffff00x0000000000000000)))
3232
3233is semantically equivalent to the link(previous
3234example)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT), but all parameters are
3235specified in generic form. the value 6 of setsockopt-int is the Linux value for
3236tt(SO_BROADCAST).
3237
3238
3239label(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT)
3240dit(bf(tt(socat - IP4-DATAGRAM:255.255.255.255:44,broadcast,range=10.0.0.0/8)))
3241
3242sends a broadcast to the local network\(s) using protocol 44. Accepts replies
3243from the private address range only.
3244
3245
3246label(EXAMPLE_ADDRESS_UDP4_MULTICAST)
3247dit(bf(tt(socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0)))
3248
3249transfers data from stdin to the specified multicast address using UDP. Both
3250local and remote ports are 6666. Tells the interface eth0 to also accept
3251multicast packets of the given group. Multiple hosts on the local network can
3252run this command, so all data sent by any of the hosts will be received
3253by all the other ones. Note that there are many possible reasons for failure,
3254including IP-filters, routing issues, wrong interface selection by the
3255operating system, bridges, or a badly configured switch.
3256
3257
3258label(EXAMPLE_ADDRESS_TUN)
3259dit(bf(tt(socat TCP:host2:4443 TUN:192.168.255.1/24,up)))
3260
3261establishes one side of a virtual (but not private!) network with host2 where a
3262similar process might run, with UDP-L and tun address 192.168.255.2. They can
3263reach each other using the addresses 192.168.255.1 and 192.168.255.2. Note that
3264streaming eg. via TCP or SSL does not guarantee to retain packet boundaries and
3265may thus cause packet loss.
3266
3267
3268label(EXAMPLE_INTERFACE)
3269dit(bf(tt(socat PTY,link=/var/run/ppp,raw,echo=0 INTERFACE:hdlc0)))
3270
3271circumvents the problem that pppd requires a serial device and thus might not
3272be able to work on a synchronous line that is represented by a network device.
3273socat creates a PTY to make pppd happy, binds to the network
3274link(interface)(ADDRESS_INTERFACE) tt(hdlc0), and can transfer data between
3275both devices. Use pppd on device tt(/var/run/ppp) then.
3276
3277
3278label(EXAMPLE_HTTPECHO)
3279dit(bf(tt(socat -T 1 -d -d TCP-L:10081,reuseaddr,fork,crlf SYSTEM:"echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\ndate: \$\(date\)\\\nserver:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT\\\nclient: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n\\\"\"; cat; echo -e \"\\\"\\\n\\\"\"")))
3280
3281creates a simple HTTP echo server: each HTTP client that connects gets a valid
3282HTTP reply that contains information about the client address and port as it is
3283seen by the server host, the host address (which might vary on multihomed
3284servers), and the original client request.
3285
3286
3287label(EXAMPLE_ANCILLARY)
3288dit(bf(tt(socat -d -d UDP4-RECVFROM:9999,so-broadcast,so-timestamp,ip-pktinfo,ip-recverr,ip-recvopts,ip-recvtos,ip-recvttl!!- SYSTEM:'export; sleep 1' |grep SOCAT)))
3289
3290waits for an incoming UDP packet on port 9999 and prints the environment 
3291variables provided by socat. On BSD based systems you have to replace
3292link(tt(ip-pktinfo))(OPTION_IP_PKTINFO) with link(tt(ip-recvdstaddr))(OPTION_IP_RECVDSTADDR),link(tt(ip-recvif))(OPTION_IP_RECVIF). Especially interesting is
3293SOCAT_IP_DSTADDR: it contains the target address of the packet which may be a
3294unicast, multicast, or broadcast address.
3295
3296
3297dit(bf(tt()))
3298
3299
3300
3301enddit()
3302
3303
3304label(DIAGNOSTICS)
3305manpagediagnostics()
3306
3307Socat() uses a logging mechanism that allows to filter messages by severity. The
3308severities provided are more or less compatible to the appropriate syslog
3309priority. With one or up to four occurrences of the -d command line option, the
3310lowest priority of messages that are issued can be selected. Each message
3311contains a single uppercase character specifying the messages severity (one of
3312F, E, W, N, I, or D)
3313
3314description(
3315dit(FATAL:) Conditions that require unconditional and immediate program termination.
3316dit(ERROR:) Conditions that prevent proper program processing. Usually the
3317program is terminated (see link(option -s)(option_s)).
3318dit(WARNING:) Something did not function correctly or is in a state where
3319correct further processing cannot be guaranteed, but might be possible.
3320dit(NOTICE:) Interesting actions of the program, e.g. for supervising socat() in some kind of server mode.
3321dit(INFO:) Description of what the program does, and maybe why it
3322happens. Allows to monitor the lifecycles of file descriptors.
3323dit(DEBUG:) Description of how the program works, all system or library calls and their results.
3324)
3325
3326Log messages can be written to stderr, to a file, or to syslog.
3327
3328On exit, socat() gives status 0 if it terminated due to EOF or inactivity
3329timeout, with a positive value on error, and with a negative value on fatal
3330error. 
3331
3332
3333label(FILES)
3334manpagefiles()
3335
3336/usr/bin/socat nl()
3337/usr/bin/filan nl()
3338/usr/bin/procan
3339
3340
3341label(ENVIRONMENT_VARIABLES)
3342manpagesection(ENVIRONMENT VARIABLES)
3343
3344Input variables carry information from the environment to socat, output
3345variables are set by socat for use in executed scripts and programs.
3346
3347In the output variables beginning with "SOCAT" this prefix is actually replaced
3348by the upper case name of the executable or the value of option
3349link(-lp)(option_lp).
3350
3351startdit()
3352label(ENV_SOCAT_DEFAULT_LISTEN_IP)
3353dit(bf(SOCAT_DEFAULT_LISTEN_IP) (input)) (Values 4 or 6) Sets the IP version to
3354be used for listen, recv, and recvfrom addresses if no
3355link(pf)(OPTION_PROTOCOL_FAMILY) (protocol-family) option is given. Is
3356overridden by socat options link(-4)(option_4) or link(-6)(option_6).
3357
3358dit(bf(SOCAT_PREFERRED_RESOLVE_IP) (input)) (Values 0, 4, or 6) Sets the IP
3359version to 
3360be used when resolving target host names when version is not specified by
3361address type, option link(pf)(OPTION_PROTOCOL_FAMILY) (protocol-family), or
3362address format. If name resolution does not return a matching entry, the first
3363result (with differing IP version) is taken. With value 0, socat always selects
3364the first record and its IP version. 
3365
3366dit(bf(SOCAT_FORK_WAIT) (input)) Specifies the time (seconds) to sleep the
3367parent and child processes after successful fork\(). Useful for debugging.
3368
3369dit(bf(SOCAT_VERSION) (output)) Socat sets this variable to its version string,
3370e.g. tt("1.7.0.0") for released versions or e.g. tt("1.6.0.1+envvar") for
3371temporary versions; can be used in scripts invoked by socat. 
3372
3373dit(bf(SOCAT_PID) (output)) Socat sets this variable to its process id. In case
3374of link(fork)(OPTION_FORK) address option, SOCAT_PID gets the child processes
3375id. Forking for link(exec)(ADDRESS_EXEC) and link(system)(ADDRESS_SYSTEM) does
3376not change SOCAT_PID.
3377
3378dit(bf(SOCAT_PPID) (output)) Socat sets this variable to its process id. In
3379case of link(fork)(OPTION_FORK), SOCAT_PPID keeps the pid of the master process.
3380
3381dit(bf(SOCAT_PEERADDR) (output)) With passive socket addresses (all LISTEN and
3382RECVFROM addresses), this variable is set to a string describing the peers
3383socket address. Port information is not included.
3384
3385dit(bf(SOCAT_PEERPORT) (output)) With appropriate passive socket addresses
3386(TCP, UDP, and SCTP - LISTEN and RECVFROM), this variable is set to a string containing the
3387number of the peer port.
3388
3389dit(bf(SOCAT_SOCKADDR) (output)) With all LISTEN addresses, this variable is
3390set to a string describing the local socket address. Port information is not
3391included link(example)(EXAMPLE_HTTPECHO)
3392
3393dit(bf(SOCAT_SOCKPORT) (output)) With link(TCP-LISTEN)(ADDRESS_TCP_LISTEN),
3394link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), and
3395link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN) addresses, this variable is set to the
3396local port.
3397
3398dit(bf(SOCAT_TIMESTAMP) (output)) With all RECVFROM addresses where address
3399option link(so-timestamp)(OPTION_SO_TIMESTAMP) is applied, socat sets this
3400variable to the resulting timestamp.
3401
3402dit(bf(SOCAT_IP_OPTIONS) (output)) With all IPv4 based RECVFROM addresses where 
3403address option link(ip-recvopts)(OPTION_IP_RECVOPTS) is applied, socat fills
3404this variable with the IP options of the received packet.
3405
3406dit(bf(SOCAT_IP_DSTADDR) (output)) With all IPv4 based RECVFROM addresses where
3407address option link(ip-recvdstaddr)(OPTION_IP_RECVDSTADDR) (BSD) or
3408link(ip-pktinfo)(OPTION_IP_PKTINFO) (other platforms) is applied, socat sets
3409this variable to the destination address of the received packet. This is
3410particularly useful to identify broadcast and multicast addressed packets.
3411
3412dit(bf(SOCAT_IP_IF) (output)) With all IPv4 based RECVFROM addresses where
3413address option link(ip-recvif)(OPTION_IP_RECVIF) (BSD) or
3414link(ip-pktinfo)(OPTION_IP_PKTINFO) (other platforms) is applied, socat sets 
3415this variable to the name of the interface where the packet was received.
3416
3417dit(bf(SOCAT_IP_LOCADDR) (output)) With all IPv4 based RECVFROM
3418addresses where address option link(ip-pktinfo)(OPTION_IP_PKTINFO) is applied,
3419socat sets this variable to the address of the interface where the packet was
3420received.
3421
3422dit(bf(SOCAT_IP_TOS) (output)) With all IPv4 based RECVFROM addresses where
3423address option link(ip-recvtos)(OPTION_IP_RECVTOS) is applied, socat sets this
3424variable to the TOS (type of service) of the received packet.
3425
3426dit(bf(SOCAT_IP_TTL) (output)) With all IPv4 based RECVFROM addresses where
3427address option link(ip-recvttl)(OPTION_IP_RECVTTL) is applied, socat sets this
3428variable to the TTL (time to live) of the received packet.
3429
3430dit(bf(SOCAT_IPV6_HOPLIMIT) (output)) With all IPv6 based RECVFROM addresses
3431where address option link(ipv6-recvhoplimit)(OPTION_IPV6_RECVHOPLIMIT) is
3432applied, socat sets this variable to the hoplimit value of the received packet.
3433
3434dit(bf(SOCAT_IPV6_DSTADDR) (output)) With all IPv6 based RECVFROM
3435addresses where address option link(ipv6-recvpktinfo)(OPTION_IPV6_RECVPKTINFO)
3436is applied, socat sets this variable to the destination address of the received
3437packet.
3438
3439dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses
3440where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied,
3441socat sets this variable to the transfer class of the received packet.
3442
3443dit(bf(HOSTNAME) (input)) Is used to determine the hostname for logging (see
3444link(-lh)(option_lh)).
3445
3446dit(bf(LOGNAME) (input)) Is used as name for the socks client user name if no
3447link(socksuser)(OPTION_SOCKSUSER) is given.nl()
3448With options link(su)(OPTION_SUBSTUSER) and
3449link(su-d)(OPTION_SUBSTUSER_DELAYED), LOGNAME is set to the given user name.
3450
3451dit(bf(USER) (input)) Is used as name for the socks client user name if no
3452link(socksuser)(OPTION_SOCKSUSER) is given and LOGNAME is empty.nl()
3453With options link(su)(OPTION_SUBSTUSER) and
3454link(su-d)(OPTION_SUBSTUSER_DELAYED), USER is set to the given user name.
3455
3456dit(bf(SHELL) (output))
3457With options link(su)(OPTION_SUBSTUSER) and
3458link(su-d)(OPTION_SUBSTUSER_DELAYED), SHELL is set to the login shell of the
3459given user.
3460
3461dit(bf(PATH) (output))
3462Can be set with option link(path)(OPTION_PATH) for link(exec)(ADDRESS_EXEC) and
3463link(system)(ADDRESS_SYSTEM) addresses.
3464
3465dit(bf(HOME) (output))
3466With options link(su)(OPTION_SUBSTUSER) and
3467link(su-d)(OPTION_SUBSTUSER_DELAYED), HOME is set to the home directory of the
3468given user.
3469
3470enddit()
3471
3472label(CREDITS)
3473manpagesection(CREDITS)
3474
3475The work of the following groups and organizations was invaluable for this
3476project:
3477
3478The em(FSF) (GNU, lurl(http://www.fsf.org/) project 
3479with their free and portable development software and
3480lots of other useful tools and libraries.
3481
3482The em(Linux developers community) (lurl(http://www.linux.org/)) for providing a free, open source operating
3483system.
3484
3485The em(Open Group) (lurl(http://www.unix-systems.org/)) for making their
3486standard specifications available on the Internet for free.
3487
3488
3489label(VERSION)
3490manpagesection(VERSION)
3491
3492This man page describes version 1.7.2 of socat().
3493
3494
3495label(BUGS)
3496manpagebugs()
3497
3498Addresses cannot be nested, so a single socat process cannot, e.g., drive ssl
3499over socks.
3500
3501Address option ftruncate without value uses default 1 instead of 0.
3502
3503Verbose modes (-x and/or -v) display line termination characters inconsistently
3504when address options cr or crnl are used: They show the data em(after)
3505conversion in either direction.
3506
3507The data transfer blocksize setting (-b) is ignored with address readline.
3508 
3509Send bug reports to <socat@dest-unreach.org>
3510
3511
3512label(SEEALSO)
3513manpageseealso()
3514
3515COMMENT(procan\(1), filan\(1), )
3516nc\(1), netcat6\(1), sock\(1), rinetd\(8), cage\(1), socks.conf\(5), openssl\(1),
3517stunnel\(8), pty\(1), rlwrap\(1), setsid\(1)
3518
3519Socat() home page lurl(http://www.dest-unreach.org/socat/)
3520
3521label(AUTHOR)
3522manpageauthor()
3523
3524Gerhard Rieger <rieger@dest-unreach.org>