/doc/socat.yo
Unknown | 3524 lines | 3187 code | 337 blank | 0 comment | 0 complexity | 1f86a98476e59b506dc7f2cc74b82fcc MD5 | raw file
1COMMENT(source: socat.yo) 2mailto(socat@dest-unreach.org) 3 4def(unix)(0)(UN*X) 5def(unixdomain)(0)(UNIX domain) 6def(socat)(0)(bf(socat)) 7def(Socat)(0)(bf(Socat)) 8def(filan)(0)(bf(filan)) 9def(Filan)(0)(bf(Filan)) 10def(procan)(0)(bf(procan)) 11def(Procan)(0)(bf(Procan)) 12 13manpage(socat)(1)(Mar 2014)()() 14 15whenhtml( 16label(CONTENTS) 17manpagesection(CONTENTS) 18link(NAME)(NAME)nl() 19link(SYNOPSIS)(SYNOPSIS)nl() 20link(DESCRIPTION)(DESCRIPTION)nl() 21link(OPTIONS)(OPTIONS)nl() 22link(ADDRESS SPECIFICATIONS)(ADDRESS_SPECIFICATIONS)nl() 23link(ADDRESS TYPES)(ADDRESS_TYPES)nl() 24link(ADDRESS OPTIONS)(ADDRESS_OPTIONS)nl() 25link(DATA VALUES)(VALUES)nl() 26link(EXAMPLES)(EXAMPLES)nl() 27link(DIAGNOSTICS)(DIAGNOSTICS)nl() 28link(FILES)(FILES)nl() 29link(ENVIRONMENT VARIABLES)(ENVIRONMENT_VARIABLES)nl() 30link(CREDITS)(CREDITS)nl() 31link(VERSION)(VERSION)nl() 32link(BUGS)(BUGS)nl() 33link(SEE ALSO)(SEEALSO)nl() 34) 35 36label(NAME) 37manpagename(socat) (Multipurpose relay (SOcket CAT)) 38 39label(SYNOPSIS) 40manpagesynopsis() 41tt(socat [options] <address> <address>)nl() 42tt(socat -V)nl() 43tt(socat -h[h[h]] | -?[?[?]])nl() 44tt(filan)nl() 45tt(procan) 46 47label(DESCRIPTION) 48manpagedescription() 49 50Socat() is a command line based utility that establishes two bidirectional byte 51streams and transfers data between them. Because the streams can be constructed 52from a large set of different types of data sinks and sources 53(see link(address types)(ADDRESS_TYPES)), and because lots of 54link(address options)(ADDRESS_OPTIONS) may be applied to the streams, socat can 55be used for many different purposes. 56 57Filan() is a utility that prints information about its active file 58descriptors to stdout. It has been written for debugging socat(), but might be 59useful for other purposes too. Use the -h option to find more infos. 60 61Procan() is a utility that prints information about process parameters to 62stdout. It has been written to better understand 63some UNIX process properties and for debugging socat(), but might be 64useful for other purposes too. 65 66The life cycle of a socat() instance typically consists of four phases. 67 68In the em(init) phase, the command line options are parsed and logging is 69initialized. 70 71During the em(open) phase, socat() opens the first address and afterwards the 72second address. These steps are usually blocking; thus, especially for complex address types like socks, 73connection requests or authentication dialogs must be completed before the next 74step is started. 75 76In the em(transfer) phase, socat() watches both streams' read and write file 77descriptors via code(select()), and, when data is available on one side em(and) 78can be written to the other side, socat reads it, performs newline 79character conversions if required, and writes the data to the write file 80descriptor of the other stream, then continues waiting for more data in both 81directions. 82 83When one of the streams effectively reaches EOF, the em(closing) phase 84begins. Socat() transfers the EOF condition to the other stream, 85i.e. tries to shutdown only its write stream, giving it a chance to 86terminate gracefully. For a defined time socat() continues to transfer data in 87the other direction, but then closes all remaining channels and terminates. 88 89 90label(OPTIONS) 91manpageoptions() 92 93Socat() provides some command line options that modify the behaviour of the 94program. They have nothing to do with so called 95link(address options)(ADDRESS_OPTIONS) that are used as parts of link(address specifications)(ADDRESS_SPECIFICATIONS). 96 97startdit() 98dit(bf(tt(-V))) 99 Print version and available feature information to stdout, and exit. 100dit(bf(tt(-h | -?))) 101 Print a help text to stdout describing command line options and available address 102 types, and exit. 103dit(bf(tt(-hh | -??))) 104 Like -h, plus a list of the short names of all available address options. Some options are 105 platform dependend, so this output is helpful for checking the particular 106 implementation. 107dit(bf(tt(-hhh | -???))) 108 Like -hh, plus a list of all available address option names. 109label(option_d)dit(bf(tt(-d))) 110 Without this option, only fatal and error messages are generated; applying 111 this option also prints warning messages. See link(DIAGNOSTICS)(DIAGNOSTICS) 112 for more information. 113label(option_d_d)dit(bf(tt(-d -d))) Prints fatal, error, warning, and notice messages. 114dit(bf(tt(-d -d -d))) Prints fatal, error, warning, notice, and info messages. 115dit(bf(tt(-d -d -d -d))) Prints fatal, error, warning, notice, info, and debug 116 messages. 117dit(bf(tt(-D))) 118 Logs information about file descriptors before starting the transfer phase. 119dit(bf(tt(-ly[<facility>]))) 120 Writes messages to syslog instead of stderr; severity as defined with -d 121 option. With optional link(<facility>)(TYPE_FACILITY), the syslog type can 122 be selected, default is "daemon". Third party libraries might not obey this 123 option. 124dit(bf(tt(-lf))tt( <logfile>)) 125 Writes messages to <logfile> [link(filename)(TYPE_FILENAME)] instead of 126 stderr. Some third party libraries, in particular libwrap, might not obey 127 this option. 128dit(bf(tt(-ls))) 129 Writes messages to stderr (this is the default). Some third party libraries 130 might not obey this option, in particular libwrap appears to only log to 131 syslog. 132label(option_lp)dit(bf(tt(-lp))tt(<progname>)) 133 Overrides the program name printed in error messages and used for 134 constructing environment variable names. 135dit(bf(tt(-lu))) 136 Extends the timestamp of error messages to microsecond resolution. Does not 137 work when logging to syslog. 138label(option_lm)dit(bf(tt(-lm[<facility>]))) 139 Mixed log mode. During startup messages are printed to stderr; when socat() 140 starts the transfer phase loop or daemon mode (i.e. after opening all 141 streams and before starting data transfer, or, with listening sockets with 142 fork option, before the first accept call), it switches logging to syslog. 143 With optional link(<facility>)(TYPE_FACILITY), the syslog type can be 144 selected, default is "daemon". 145label(option_lh)dit(bf(tt(-lh))) 146 Adds hostname to log messages. Uses the value from environment variable 147 HOSTNAME or the value retrieved with tt(uname()) if HOSTNAME is not set. 148dit(bf(tt(-v))) 149 Writes the transferred data not only to their target streams, but also to 150 stderr. The output format is text with some conversions for readability, and 151 prefixed with "> " or "< " indicating flow directions. 152dit(bf(tt(-x))) 153 Writes the transferred data not only to their target streams, but also to 154 stderr. The output format is hexadecimal, prefixed with "> " or "< " 155 indicating flow directions. Can be combined with code(-v). 156label(option_b)dit(bf(tt(-b))tt(<size>)) 157 Sets the data transfer block <size> [link(size_t)(TYPE_SIZE_T)]. 158 At most <size> bytes are transferred per step. Default is 8192 bytes. 159label(option_s)dit(bf(tt(-s))) 160 By default, socat() terminates when an error occurred to prevent the process 161 from running when some option could not be applied. With this 162 option, socat() is sloppy with errors and tries to continue. Even with this 163 option, socat will exit on fatals, and will abort connection attempts when 164 security checks failed. 165label(option_t)dit(bf(tt(-t))tt(<timeout>)) 166 When one channel has reached EOF, the write part of the other channel is shut 167 down. Then, socat() waits <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds 168 before terminating. Default is 0.5 seconds. This timeout only applies to 169 addresses where write and read part can be closed independently. When during 170 the timeout interval the read part gives EOF, socat terminates without 171 awaiting the timeout. 172label(option_T)dit(bf(tt(-T))tt(<timeout>)) 173 Total inactivity timeout: when socat is already in the transfer loop and 174 nothing has happened for <timeout> [link(timeval)(TYPE_TIMEVAL)] seconds 175 (no data arrived, no interrupt occurred...) then it terminates. 176 Useful with protocols like UDP that cannot transfer EOF. 177label(option_u)dit(bf(tt(-u))) 178 Uses unidirectional mode. The first address is only used for reading, and the 179 second address is only used for writing (link(example)(EXAMPLE_option_u)). 180label(option_U)dit(bf(tt(-U))) 181 Uses unidirectional mode in reverse direction. The first address is only 182 used for writing, and the second address is only used for reading. 183label(option_g)dit(bf(tt(-g))) 184 During address option parsing, don't check if the option is considered 185 useful in the given address environment. Use it if you want to force, e.g., 186 appliance of a socket option to a serial device. 187label(option_L)dit(bf(tt(-L))tt(<lockfile>)) 188 If lockfile exists, exits with error. If lockfile does not exist, creates it 189 and continues, unlinks lockfile on exit. 190label(option_W)dit(bf(tt(-W))tt(<lockfile>)) 191 If lockfile exists, waits until it disappears. When lockfile does not exist, 192 creates it and continues, unlinks lockfile on exit. 193label(option_4)dit(bf(tt(-4))) 194 Use IP version 4 in case that the addresses do not implicitly or explicitly 195 specify a version; this is the default. 196label(option_6)dit(bf(tt(-6))) 197 Use IP version 6 in case that the addresses do not implicitly or explicitly 198 specify a version. 199enddit() 200 201 202label(ADDRESS_SPECIFICATIONS) 203manpagesection(ADDRESS SPECIFICATIONS) 204 205With the address command line arguments, the user gives socat() instructions and 206the necessary information for establishing the byte streams. 207 208An address specification usually consists of an address type 209keyword, zero or more required address parameters separated by ':' from the keyword and 210from each 211other, and zero or more address options separated by ','. 212 213The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For some 214keywords there exist synonyms ('-' for STDIO, TCP for TCP4). Keywords are case 215insensitive. 216For a few special address types, the keyword may be omitted: 217Address specifications starting with a number are assumed to be FD (raw file 218descriptor) addresses; 219if a '/' is found before the first ':' or ',', GOPEN (generic file open) is 220assumed. 221 222The required number and type of address parameters depend on the address 223type. E.g., TCP4 requires a server specification (name or address), and a port 224specification (number or service name). 225 226Zero or more address options may be given with each address. They influence the 227address in some ways. 228Options consist of an option keyword or an option keyword and a value, 229separated by '='. Option keywords are case insensitive. 230For filtering the options that are useful with an address 231type, each option is member of one option group. For 232each address type there is a set of option groups allowed. Only options 233belonging to one of these address groups may be used (except with link(option -g)(option_g)). 234 235label(ADDRESS_DUAL) 236Address specifications following the above schema are also called em(single) 237address specifications. 238Two single addresses can be combined with "!!" to form a em(dual) type 239address for one channel. Here, the first address is used by socat() for reading 240data, and the 241second address for writing data. There is no way to specify an option only once 242for being applied to both single addresses. 243 244Usually, addresses are opened in read/write 245mode. When an address is part of a dual address specification, or when 246link(option -u)(option_u) or link(-U)(option_U) is used, an address might be 247used only for reading or for writing. Considering this is important with some 248address types. 249 250With socat version 1.5.0 and higher, the lexical analysis tries to handle 251quotes and parenthesis meaningfully and allows escaping of special characters. 252If one of the characters ( { [ ' is found, the corresponding closing 253character - ) } ] ' - is looked for; they may also be nested. Within these 254constructs, socats special characters and strings : , !! are not handled 255specially. All those characters and strings can be escaped with \ or within "" 256 257label(ADDRESS_TYPES) 258manpagesection(ADDRESS TYPES) 259 260This section describes the available address types with their keywords, 261parameters, and semantics. 262 263startdit() 264label(ADDRESS_CREAT)dit(bf(tt(CREATE:<filename>))) 265 Opens link(<filename>)(TYPE_FILENAME) with code(creat()) and uses the file 266 descriptor for writing. 267 This address type requires write-only context, because a file opened with 268 code(creat) cannot be read from. nl() 269 Flags like O_LARGEFILE cannot be applied. If you need them use 270 link(OPEN)(ADDRESS_OPEN) with options 271 link(create)(OPTION_O_CREAT),link(create)(OPTION_O_TRUNC). nl() 272 <filename> must be a valid existing or not existing path. 273 If <filename> is a named pipe, code(creat()) might block; 274 if <filename> refers to a socket, this is an error.nl() 275 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED) nl() 276 Useful options: 277 link(mode)(OPTION_MODE), 278 link(user)(OPTION_USER), 279 link(group)(OPTION_GROUP), 280 link(unlink-early)(OPTION_UNLINK_EARLY), 281 link(unlink-late)(OPTION_UNLINK_LATE), 282 link(append)(OPTION_APPEND)nl() 283 See also: link(OPEN)(ADDRESS_OPEN), link(GOPEN)(ADDRESS_GOPEN) 284label(ADDRESS_EXEC)dit(bf(tt(EXEC:<command-line>))) 285 Forks a sub process that establishes communication with its parent process 286 and invokes the specified program with code(execvp()). 287 link(<command-line>)(TYPE_COMMAND_LINE) is a simple command 288 with arguments separated by single spaces. If the program name 289 contains a '/', the part after the last '/' is taken as ARGV[0]. If the 290 program name is a relative 291 path, the code(execvp()) semantics for finding the program via 292 code($PATH) 293 apply. After successful program start, socat() writes data to stdin of the 294 process and reads from its stdout using a unixdomain() socket generated by 295 code(socketpair()) per default. (link(example)(EXAMPLE_ADDRESS_EXEC)) nl() 296 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl() 297 Useful options: 298 link(path)(OPTION_PATH), 299 link(fdin)(OPTION_FDIN), 300 link(fdout)(OPTION_FDOUT), 301 link(chroot)(OPTION_CHROOT), 302 link(su)(OPTION_SUBSTUSER), 303 link(su-d)(OPTION_SUBSTUSER_DELAYED), 304 link(nofork)(OPTION_NOFORK), 305 link(pty)(OPTION_PTY), 306 link(stderr)(OPTION_STDERR), 307 link(ctty)(OPTION_CTTY), 308 link(setsid)(OPTION_SETSID), 309 link(pipes)(OPTION_PIPES), 310 link(login)(OPTION_LOGIN), 311 link(sigint)(OPTION_SIGINT), 312 link(sigquit)(OPTION_SIGQUIT)nl() 313 See also: link(SYSTEM)(ADDRESS_SYSTEM) 314label(ADDRESS_FD)dit(bf(tt(FD:<fdnum>))) 315 Uses the file descriptor link(<fdnum>)(TYPE_FDNUM). It must already exist as 316 valid unix() file descriptor.nl() 317 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl() 318 See also: 319 link(STDIO)(ADDRESS_STDIO), 320 link(STDIN)(ADDRESS_STDIN), 321 link(STDOUT)(ADDRESS_STDOUT), 322 link(STDERR)(ADDRESS_STDERR) 323label(ADDRESS_GOPEN)dit(bf(tt(GOPEN:<filename>))) 324 (Generic open) This address type tries to handle any file system entry 325 except directories usefully. link(<filename>)(TYPE_FILENAME) may be a 326 relative or absolute path. If it already exists, its type is checked. 327 In case of a unixdomain() socket, socat() connects; if connecting fails, 328 socat() assumes a datagram socket and uses code(sendto()) calls. 329 If the entry is not a socket, socat() opens it applying the code(O_APPEND) 330 flag. 331 If it does not exist, it is opened with flag 332 code(O_CREAT) as a regular file (link(example)(EXAMPLE_ADDRESS_GOPEN)).nl() 333 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl() 334 See also: 335 link(OPEN)(ADDRESS_OPEN), 336 link(CREATE)(ADDRESS_CREAT), 337 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT) 338 339label(ADDRESS_IP_SENDTO)dit(bf(tt(IP-SENDTO:<host>:<protocol>))) 340 Opens a raw IP socket. Depending on host specification or option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version 341 4 or 6 is used. It uses link(<protocol>)(TYPE_PROTOCOL) to send packets 342 to <host> [link(IP address)(TYPE_IP_ADDRESS)] and receives packets from 343 host, ignores packets from other hosts. 344 Protocol 255 uses the raw socket with the IP header being part of the 345 data.nl() 346 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl() 347 Useful options: 348 link(pf)(OPTION_PROTOCOL_FAMILY), 349 link(ttl)(OPTION_TTL) nl() 350 See also: 351 link(IP4-SENDTO)(ADDRESS_IP4_SENDTO), 352 link(IP6-SENDTO)(ADDRESS_IP6_SENDTO), 353 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), 354 link(IP-RECV)(ADDRESS_IP_RECV), 355 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 356 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO) 357label(ADDRESS_INTERFACE)dit(bf(tt(INTERFACE:<interface>))) 358 Communicates with a network connected on an interface using raw packets 359 including link level data. link(<interface>)(TYPE_INTERFACE) is the name of 360 the network interface. Currently only available on Linux. 361 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET) nl() 362 Useful options: 363 link(pf)(OPTION_PROTOCOL_FAMILY), 364 link(type)(OPTION_SO_TYPE)nl() 365 See also: link(ip-recv)(ADDRESS_IP_RECV) 366label(ADDRESS_IP4_SENDTO)dit(bf(tt(IP4-SENDTO:<host>:<protocol>))) 367 Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv4.nl() 368 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl() 369label(ADDRESS_IP6_SENDTO)dit(bf(tt(IP6-SENDTO:<host>:<protocol>))) 370 Like link(IP-SENDTO)(ADDRESS_IP_SENDTO), but always uses IPv6.nl() 371 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl() 372 373label(ADDRESS_IP_DATAGRAM)dit(bf(tt(IP-DATAGRAM:<address>:<protocol>))) 374 Sends outgoing data to the specified address which may in particular be a 375 broadcast or multicast address. Packets arriving on the local socket are 376 checked if their source addresses match 377 link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS) 378 options. This address type can for example be used for implementing 379 symmetric or asymmetric broadcast or multicast communications.nl() 380 Option groups: link(FD)(GROUP_FD), link(SOCKET)(GROUP_SOCKET), 381 link(IP4)(GROUP_IP4), link(IP6)(GROUP_IP6), link(RANGE)(GROUP_RANGE) nl() 382 Useful options: 383 link(bind)(OPTION_BIND), 384 link(range)(OPTION_RANGE), 385 link(tcpwrap)(OPTION_TCPWRAPPERS), 386 link(broadcast)(OPTION_SO_BROADCAST), 387 link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP), 388 link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL), 389 link(ip-multicast-if)(OPTION_IP_MULTICAST_IF), 390 link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP), 391 link(ttl)(OPTION_TTL), 392 link(tos)(OPTION_TOS), 393 link(pf)(OPTION_PROTOCOL_FAMILY)nl() 394 See also: 395 link(IP4-DATAGRAM)(ADDRESS_IP4_DATAGRAM), 396 link(IP6-DATAGRAM)(ADDRESS_IP6_DATAGRAM), 397 link(IP-SENDTO)(ADDRESS_IP_SENDTO), 398 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), 399 link(IP-RECV)(ADDRESS_IP_RECV), 400 link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM) 401label(ADDRESS_IP4_DATAGRAM)dit(bf(tt(IP4-DATAGRAM:<host>:<protocol>))) 402 Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv4. 403 (link(example)(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT))nl() 404 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl() 405label(ADDRESS_IP6_DATAGRAM)dit(bf(tt(IP6-DATAGRAM:<host>:<protocol>))) 406 Like link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), but always uses IPv6. Please 407 note that IPv6 does not know broadcasts.nl() 408 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl() 409 410label(ADDRESS_IP_RECVFROM)dit(bf(tt(IP-RECVFROM:<protocol>))) 411 Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version 412 4 or 6 is used. It receives one packet from an unspecified peer and may send one or more answer packets to that peer. 413 This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process. 414 This allows a behaviour similar to typical UDP based servers like ntpd or 415 named.nl() 416 Please note that the reply packets might be fetched as incoming traffic when 417 sender and receiver IP address are identical because there is no port number 418 to distinguish the sockets.nl() 419 This address works well with IP-SENDTO address peers (see above). 420 Protocol 255 uses the raw socket with the IP header being part of the 421 data.nl() 422 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl() 423 Useful options: 424 link(pf)(OPTION_PROTOCOL_FAMILY), 425 link(fork)(OPTION_FORK), 426 link(range)(OPTION_RANGE), 427 link(ttl)(OPTION_TTL), 428 link(broadcast)(OPTION_SO_BROADCAST)nl() 429 See also: 430 link(IP4-RECVFROM)(ADDRESS_IP4_RECVFROM), 431 link(IP6-RECVFROM)(ADDRESS_IP6_RECVFROM), 432 link(IP-SENDTO)(ADDRESS_IP_SENDTO), 433 link(IP-RECV)(ADDRESS_IP_RECV), 434 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 435 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM) 436label(ADDRESS_IP4_RECVFROM)dit(bf(tt(IP4-RECVFROM:<protocol>))) 437 Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv4.nl() 438 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl() 439label(ADDRESS_IP6_RECVFROM)dit(bf(tt(IP6-RECVFROM:<protocol>))) 440 Like link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), but always uses IPv6.nl() 441 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl() 442 443label(ADDRESS_IP_RECV)dit(bf(tt(IP-RECV:<protocol>))) 444 Opens a raw IP socket of link(<protocol>)(TYPE_PROTOCOL). Depending on option link(pf)(OPTION_PROTOCOL_FAMILY), IP protocol version 445 4 or 6 is used. It receives packets from multiple unspecified peers and merges the data. 446 No replies are possible. 447 It can be, e.g., addressed by socat IP-SENDTO address peers. 448 Protocol 255 uses the raw socket with the IP header being part of the 449 data.nl() 450 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl() 451 Useful options: 452 link(pf)(OPTION_PROTOCOL_FAMILY), 453 link(range)(OPTION_RANGE)nl() 454 See also: 455 link(IP4-RECV)(ADDRESS_IP4_RECV), 456 link(IP6-RECV)(ADDRESS_IP6_RECV), 457 link(IP-SENDTO)(ADDRESS_IP_SENDTO), 458 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), 459 link(UDP-RECV)(ADDRESS_UDP_RECV), 460 link(UNIX-RECV)(ADDRESS_UNIX_RECV) 461label(ADDRESS_IP4_RECV)dit(bf(tt(IP4-RECV:<protocol>))) 462 Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv4.nl() 463 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) nl() 464label(ADDRESS_IP6_RECV)dit(bf(tt(IP6-RECV:<protocol>))) 465 Like link(IP-RECV)(ADDRESS_IP_RECV), but always uses IPv6.nl() 466 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl() 467 468label(ADDRESS_OPEN)dit(bf(tt(OPEN:<filename>))) 469 Opens link(<filename>)(TYPE_FILENAME) using the code(open()) system call 470 (link(example)(EXAMPLE_ADDRESS_OPEN)). 471 This operation fails on unixdomain() sockets. nl() 472 Note: This address type is rarly useful in bidirectional mode.nl() 473 Option groups: link(FD)(GROUP_FD),link(REG)(GROUP_REG),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl() 474 Useful options: 475 link(creat)(OPTION_O_CREAT), 476 link(excl)(OPTION_EXCL), 477 link(noatime)(OPTION_O_NOATIME), 478 link(nofollow)(OPTION_NOFOLLOW), 479 link(append)(OPTION_APPEND), 480 link(rdonly)(OPTION_RDONLY), 481 link(wronly)(OPTION_WRONLY), 482 link(lock)(OPTION_LOCK), 483 link(readbytes)(OPTION_READBYTES), 484 link(ignoreeof)(OPTION_IGNOREEOF)nl() 485 See also: 486 link(CREATE)(ADDRESS_CREAT), 487 link(GOPEN)(ADDRESS_GOPEN), 488 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT) 489label(ADDRESS_OPENSSL_CONNECT)dit(bf(tt(OPENSSL:<host>:<port>))) 490 Tries to establish a SSL connection to <port> [link(TCP 491 service)(TYPE_TCP_SERVICE)] on 492 <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6 493 depending on address specification, name resolution, or option 494 link(pf)(OPTION_PROTOCOL_FAMILY).nl() 495 NOTE: The server certificate is only checked for validity against 496 link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH), 497 but not for match with the server's name or its IP address!nl() 498 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(OPENSSL)(GROUP_OPENSSL),link(RETRY)(GROUP_RETRY) nl() 499 Useful options: 500 link(cipher)(OPTION_OPENSSL_CIPHERLIST), 501 link(method)(OPTION_OPENSSL_METHOD), 502 link(verify)(OPTION_OPENSSL_VERIFY), 503 link(cafile)(OPTION_OPENSSL_CAFILE), 504 link(capath)(OPTION_OPENSSL_CAPATH), 505 link(certificate)(OPTION_OPENSSL_CERTIFICATE), 506 link(key)(OPTION_OPENSSL_KEY), 507 link(compress)(OPTION_OPENSSL_COMPRESS), 508 link(bind)(OPTION_BIND), 509 link(pf)(OPTION_PROTOCOL_FAMILY), 510 link(connect-timeout)(OPTION_CONNECT_TIMEOUT), 511 link(sourceport)(OPTION_SOURCEPORT), 512 link(retry)(OPTION_RETRY)nl() 513 See also: 514 link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN), 515 link(TCP)(ADDRESS_TCP_CONNECT) 516label(ADDRESS_OPENSSL_LISTEN)dit(bf(tt(OPENSSL-LISTEN:<port>))) 517 Listens on tcp <port> [link(TCP service)(TYPE_TCP_SERVICE)]. 518 The IP version is 4 or the one specified with 519 link(pf)(OPTION_PROTOCOL_FAMILY). When a 520 connection is accepted, this address behaves as SSL server.nl() 521 Note: You probably want to use the link(certificate)(OPTION_OPENSSL_CERTIFICATE) option with this address.nl() 522 NOTE: The client certificate is only checked for validity against 523 link(cafile)(OPTION_OPENSSL_CAFILE) or link(capath)(OPTION_OPENSSL_CAPATH), 524 but not for match with the client's name or its IP address!nl() 525 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(LISTEN)(GROUP_LISTEN),link(OPENSSL)(GROUP_OPENSSL),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(RETRY)(GROUP_RETRY) nl() 526 Useful options: 527 link(pf)(OPTION_PROTOCOL_FAMILY), 528 link(cipher)(OPTION_OPENSSL_CIPHERLIST), 529 link(method)(OPTION_OPENSSL_METHOD), 530 link(verify)(OPTION_OPENSSL_VERIFY), 531 link(cafile)(OPTION_OPENSSL_CAFILE), 532 link(capath)(OPTION_OPENSSL_CAPATH), 533 link(certificate)(OPTION_OPENSSL_CERTIFICATE), 534 link(key)(OPTION_OPENSSL_KEY), 535 link(compress)(OPTION_OPENSSL_COMPRESS), 536 link(fork)(OPTION_FORK), 537 link(bind)(OPTION_BIND), 538 link(range)(OPTION_RANGE), 539 link(tcpwrap)(OPTION_TCPWRAPPERS), 540 link(su)(OPTION_SUBSTUSER), 541 link(reuseaddr)(OPTION_REUSEADDR), 542 link(retry)(OPTION_RETRY)nl() 543 See also: 544 link(OPENSSL)(ADDRESS_OPENSSL_CONNECT), 545 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN) 546label(ADDRESS_NAMED_PIPE)dit(bf(tt(PIPE:<filename>))) 547 If link(<filename>)(TYPE_FILENAME) already exists, it is opened. 548 If it does not exist, a named pipe is created and opened. Beginning with 549 socat version 1.4.3, the named pipe is removed when the address is closed 550 (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)nl() 551 Note: When a pipe is used for both reading and writing, it works 552 as echo service.nl() 553 Note: When a pipe is used for both reading and writing, and socat tries 554 to write more bytes than the pipe can buffer (Linux 2.4: 2048 bytes), socat 555 might block. Consider using socat option, e.g., code(-b 2048) nl() 556 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN) nl() 557 Useful options: 558 link(rdonly)(OPTION_RDONLY), 559 link(nonblock)(OPTION_NONBLOCK), 560 link(group)(OPTION_GROUP), 561 link(user)(OPTION_USER), 562 link(mode)(OPTION_MODE), 563 link(unlink-early)(OPTION_UNLINK_EARLY)nl() 564 See also: link(unnamed pipe)(ADDRESS_UNNAMED_PIPE) 565label(ADDRESS_UNNAMED_PIPE)dit(bf(tt(PIPE))) 566 Creates an unnamed pipe and uses it for reading and writing. It works as an 567 echo, because everything written 568 to it appeares immediately as read data.nl() 569 Note: When socat tries to write more bytes than the pipe can queue (Linux 570 2.4: 2048 bytes), socat might block. Consider, e.g., using 571 option code(-b 2048) nl() 572 Option groups: link(FD)(GROUP_FD) nl() 573 See also: link(named pipe)(ADDRESS_NAMED_PIPE) 574label(ADDRESS_PROXY_CONNECT)dit(bf(tt(PROXY:<proxy>:<hostname>:<port>))) 575 Connects to an HTTP proxy server on port 8080 using TCP/IP version 4 or 6 576 depending on address specification, name resolution, or option 577 link(pf)(OPTION_PROTOCOL_FAMILY), and sends a CONNECT 578 request for hostname:port. If the proxy grants access and succeeds to 579 connect to the target, data transfer between socat and the target can 580 start. Note that the traffic need not be HTTP but can be an arbitrary 581 protocol. nl() 582 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(HTTP)(GROUP_HTTP),link(RETRY)(GROUP_RETRY) nl() 583 Useful options: 584 link(proxyport)(OPTION_PROXYPORT), 585 link(ignorecr)(OPTION_IGNORECR), 586 link(proxyauth)(OPTION_PROXY_AUTHORIZATION), 587 link(resolve)(OPTION_PROXY_RESOLVE), 588 link(crnl)(OPTION_CRNL), 589 link(bind)(OPTION_BIND), 590 link(connect-timeout)(OPTION_CONNECT_TIMEOUT), 591 link(mss)(OPTION_MSS), 592 link(sourceport)(OPTION_SOURCEPORT), 593 link(retry)(OPTION_RETRY) nl() 594 See also: link(SOCKS)(ADDRESS_SOCKS4), link(TCP)(ADDRESS_TCP_CONNECT) 595label(ADDRESS_PTY)dit(bf(tt(PTY))) 596 Generates a pseudo terminal (pty) and uses its master side. Another process 597 may open the pty's slave side using it like a serial line or terminal. 598 (link(example)(EXAMPLE_ADDRESS_PTY)). If 599 both the ptmx and the openpty mechanisms are available, ptmx is used 600 (POSIX).nl() 601 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(PTY)(GROUP_PTY),link(TERMIOS)(GROUP_TERMIOS) nl() 602 Useful options: 603 link(link)(OPTION_SYMBOLIC_LINK), 604 link(openpty)(OPTION_OPENPTY), 605 link(wait-slave)(OPTION_PTY_WAIT_SLAVE), 606 link(mode)(OPTION_MODE), 607 link(user)(OPTION_USER), 608 link(group)(OPTION_GROUP)nl() 609 See also: 610 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), 611 link(PIPE)(ADDRESS_NAMED_PIPE), 612 link(EXEC)(ADDRESS_EXEC), link(SYSTEM)(ADDRESS_SYSTEM) 613label(ADDRESS_READLINE)dit(bf(tt(READLINE))) 614 Uses GNU readline and history on stdio to allow editing and reusing input 615 lines (link(example)(EXAMPLE_ADDRESS_READLINE)). This requires the GNU readline and 616 history libraries. Note that stdio should be a (pseudo) terminal device, 617 otherwise readline does not seem to work.nl() 618 Option groups: link(FD)(GROUP_FD),link(READLINE)(GROUP_READLINE),link(TERMIOS)(GROUP_TERMIOS) nl() 619 Useful options: 620 link(history)(OPTION_HISTORY), 621 link(noecho)(OPTION_NOECHO)nl() 622 See also: 623 link(STDIO)(ADDRESS_STDIO) 624label(ADDRESS_SCTP_CONNECT)dit(bf(tt(SCTP-CONNECT:<host>:<port>))) 625 Establishes an SCTP stream connection to the specified <host> [link(IP 626 address)(TYPE_IP_ADDRESS)] and <port> [link(TCP service)(TYPE_TCP_SERVICE)] 627 using TCP/IP version 4 or 6 depending on address specification, name 628 resolution, or option link(pf)(OPTION_PROTOCOL_FAMILY).nl() 629 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl() 630 Useful options: 631 link(bind)(OPTION_BIND), 632 link(pf)(OPTION_PROTOCOL_FAMILY), 633 link(connect-timeout)(OPTION_CONNECT_TIMEOUT), 634 link(tos)(OPTION_TOS), 635 link(mtudiscover)(OPTION_MTUDISCOVER), 636 link(sctp-maxseg)(OPTION_SCTP_MAXSEG), 637 link(sctp-nodelay)(OPTION_SCTP_NODELAY), 638 link(nonblock)(OPTION_NONBLOCK), 639 link(sourceport)(OPTION_SOURCEPORT), 640 link(retry)(OPTION_RETRY), 641 link(readbytes)(OPTION_READBYTES)nl() 642 See also: 643 link(SCTP4-CONNECT)(ADDRESS_SCTP4_CONNECT), 644 link(SCTP6-CONNECT)(ADDRESS_SCTP6_CONNECT), 645 link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), 646 link(TCP-CONNECT)(ADDRESS_TCP_CONNECT) 647label(ADDRESS_SCTP4_CONNECT)dit(bf(tt(SCTP4-CONNECT:<host>:<port>))) 648 Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv4 protocol.nl() 649 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl() 650label(ADDRESS_SCTP6_CONNECT)dit(bf(tt(SCTP6-CONNECT:<host>:<port>))) 651 Like link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), but only supports IPv6 protocol.nl() 652 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY) nl() 653label(ADDRESS_SCTP_LISTEN)dit(bf(tt(SCTP-LISTEN:<port>))) 654 Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a 655 TCP/IP connection. The IP version is 4 or the one specified with 656 address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option 657 (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP). 658 Note that opening 659 this address usually blocks until a client connects.nl() 660 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl() 661 Useful options: 662 link(crnl)(OPTION_CRNL), 663 link(fork)(OPTION_FORK), 664 link(bind)(OPTION_BIND), 665 link(range)(OPTION_RANGE), 666 link(tcpwrap)(OPTION_TCPWRAPPERS), 667 link(pf)(OPTION_PROTOCOL_FAMILY), 668 link(max-children)(OPTION_MAX_CHILDREN), 669 link(backlog)(OPTION_BACKLOG), 670 link(sctp-maxseg)(OPTION_SCTP_MAXSEG), 671 link(sctp-nodelay)(OPTION_SCTP_NODELAY), 672 link(su)(OPTION_SUBSTUSER), 673 link(reuseaddr)(OPTION_REUSEADDR), 674 link(retry)(OPTION_RETRY), 675 link(cool-write)(OPTION_COOL_WRITE)nl() 676 See also: 677 link(SCTP4-LISTEN)(ADDRESS_SCTP4_LISTEN), 678 link(SCTP6-LISTEN)(ADDRESS_SCTP6_LISTEN), 679 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), 680 link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT) 681label(ADDRESS_SCTP4_LISTEN)dit(bf(tt(SCTP4-LISTEN:<port>))) 682 Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv4 683 protocol.nl() 684 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl() 685label(ADDRESS_SCTP6_LISTEN)dit(bf(tt(SCTP6-LISTEN:<port>))) 686 Like link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), but only supports IPv6 687 protocol.nl() 688 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(SCTP)(GROUP_SCTP),link(RETRY)(GROUP_RETRY) nl() 689label(ADDRESS_SOCKET_CONNECT)dit(bf(tt(SOCKET-CONNECT:<domain>:<protocol>:<remote-address>))) 690 Creates a stream socket using the first and second given socket parameters 691 and tt(SOCK_STREAM) (see man socket\(2)) and connects to the remote-address. 692 The two socket parameters have to be specified by link(int)(TYPE_INT) 693 numbers. Consult your OS documentation and include files to find the 694 appropriate values. The remote-address must be the link(data)(TYPE_DATA) 695 representation of a sockaddr structure without sa_family and (BSD) sa_len 696 components.nl() 697 Please note that you can - beyond the options of the specified groups - also 698 use options of higher level protocols when you apply socat option 699 link(-g)(option_g).nl() 700 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl() 701 Useful options: 702 link(bind)(OPTION_BIND), 703 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 704 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 705 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 706 nl() 707 See also: 708 link(TCP)(ADDRESS_TCP_CONNECT), 709 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT), 710 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT), 711 link(SOCKET-LISTEN)(ADDRESS_SOCKET_LISTEN), 712 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO) 713label(ADDRESS_SOCKET_DATAGRAM)dit(bf(tt(SOCKET-DATAGRAM:<domain>:<type>:<protocol>:<remote-address>))) 714 Creates a datagram socket using the first three given socket parameters (see 715 man socket\(2)) and sends outgoing data to the remote-address. The three 716 socket parameters have to be specified by link(int)(TYPE_INT) 717 numbers. Consult your OS documentation and include files to find the 718 appropriate values. The remote-address must be the link(data)(TYPE_DATA) 719 representation of a sockaddr structure without sa_family and (BSD) sa_len 720 components.nl() 721 Please note that you can - beyond the options of the specified groups - also 722 use options of higher level protocols when you apply socat option 723 link(-g)(option_g).nl() 724 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl() 725 Useful options: 726 link(bind)(OPTION_BIND), 727 link(range)(OPTION_RANGE), 728 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 729 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 730 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 731 nl() 732 See also: 733 link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), 734 link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM), 735 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO), 736 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV), 737 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM) 738label(ADDRESS_SOCKET_LISTEN)dit(bf(tt(SOCKET-LISTEN:<domain>:<protocol>:<local-address>))) 739 Creates a stream socket using the first and second given socket parameters 740 and tt(SOCK_STREAM) (see man socket\(2)) and waits for incoming connections 741 on local-address. The two socket parameters have to be specified by 742 link(int)(TYPE_INT) numbers. Consult your OS documentation and include files 743 to find the appropriate values. The local-address must be the 744 link(data)(TYPE_DATA) representation of a sockaddr structure without 745 sa_family and (BSD) sa_len components.nl() 746 Please note that you can - beyond the options of the specified groups - also 747 use options of higher level protocols when you apply socat option 748 link(-g)(option_g).nl() 749 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(RANGE)(GROUP_RANGE),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY)nl() 750 Useful options: 751 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 752 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 753 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 754 nl() 755 See also: 756 link(TCP)(ADDRESS_TCP_LISTEN), 757 link(UDP-CONNECT)(ADDRESS_UDP_LISTEN), 758 link(UNIX-CONNECT)(ADDRESS_UNIX_LISTEN), 759 link(SOCKET-LISTEN)(ADDRESS_SOCKET_CONNECT), 760 link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECVFROM), 761 link(SOCKET-SENDTO)(ADDRESS_SOCKET_RECV) 762label(ADDRESS_SOCKET_RECV)dit(bf(tt(SOCKET-RECV:<domain>:<type>:<protocol>:<local-address>))) 763 Creates a socket using the three given socket parameters (see man socket\(2)) 764 and binds it to <local-address>. Receives arriving data. The three 765 parameters have to be specified by link(int)(TYPE_INT) numbers. Consult your 766 OS documentation and include files to find the appropriate values. The 767 local-address must be the link(data)(TYPE_DATA) representation of a sockaddr 768 structure without sa_family and (BSD) sa_len components.nl() 769 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(RANGE)(GROUP_RANGE)nl() 770 Useful options: 771 link(range)(OPTION_RANGE), 772 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 773 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 774 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 775 nl() 776 See also: 777 link(UDP-RECV)(ADDRESS_UDP_RECV), 778 link(IP-RECV)(ADDRESS_IP_RECV), 779 link(UNIX-RECV)(ADDRESS_UNIX_RECV), 780 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM), 781 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO), 782 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM) 783label(ADDRESS_SOCKET_RECVFROM)dit(bf(tt(SOCKET-RECVFROM:<domain>:<type>:<protocol>:<local-address>))) 784 Creates a socket using the three given socket parameters (see man socket\(2)) 785 and binds it to <local-address>. Receives arriving data and sends replies 786 back to the sender. The first three parameters have to be specified as 787 link(int)(TYPE_INT) numbers. Consult your OS documentation and include files 788 to find the appropriate values. The local-address must be the 789 link(data)(TYPE_DATA) representation of a sockaddr structure without 790 sa_family and (BSD) sa_len components.nl() 791 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE)nl() 792 Useful options: 793 link(fork)(OPTION_FORK), 794 link(range)(OPTION_RANGE), 795 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 796 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 797 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 798 nl() 799 See also: 800 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 801 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), 802 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM), 803 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM), 804 link(SOCKET-SENDTO)(ADDRESS_SOCKET_SENDTO), 805 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV) 806label(ADDRESS_SOCKET_SENDTO)dit(bf(tt(SOCKET-SENDTO:<domain>:<type>:<protocol>:<remote-address>))) 807 Creates a socket using the three given socket parameters (see man 808 socket\(2)). Sends outgoing data to the given address and receives replies. 809 The three parameters have to be specified as link(int)(TYPE_INT) 810 numbers. Consult your OS documentation and include files to find the 811 appropriate values. The remote-address must be the link(data)(TYPE_DATA) 812 representation of a sockaddr structure without sa_family and (BSD) sa_len 813 components.nl() 814 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET)nl() 815 Useful options: 816 link(bind)(OPTION_BIND), 817 link(setsockopt-int)(OPTION_SETSOCKOPT_INT), 818 link(setsockopt-bin)(OPTION_SETSOCKOPT_BIN), 819 link(setsockopt-string)(OPTION_SETSOCKOPT_STRING) 820 nl() 821 See also: 822 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 823 link(IP-SENDTO)(ADDRESS_IP_SENDTO), 824 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO), 825 link(SOCKET-DATAGRAM)(ADDRESS_SOCKET_DATAGRAM), 826 link(SOCKET-RECV)(ADDRESS_SOCKET_RECV) 827 link(SOCKET-RECVFROM)(ADDRESS_SOCKET_RECVFROM) 828label(ADDRESS_SOCKS4)dit(bf(tt(SOCKS4:<socks-server>:<host>:<port>))) 829 Connects via <socks-server> [link(IP address)(TYPE_IP_ADDRESS)] 830 to <host> [link(IPv4 address)(TYPE_IPV4_ADDRESS)] 831 on <port> [link(TCP service)(TYPE_TCP_SERVICE)], 832 using socks version 4 protocol over IP version 4 or 6 depending on address specification, name resolution, or option 833 link(pf)(OPTION_PROTOCOL_FAMILY) (link(example)(EXAMPLE_ADDRESS_SOCKS4)).nl() 834 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl() 835 Useful options: 836 link(socksuser)(OPTION_SOCKSUSER), 837 link(socksport)(OPTION_SOCKSPORT), 838 link(sourceport)(OPTION_SOURCEPORT), 839 link(pf)(OPTION_PROTOCOL_FAMILY), 840 link(retry)(OPTION_RETRY)nl() 841 See also: 842 link(SOCKS4A)(ADDRESS_SOCKS4A), 843 link(PROXY)(ADDRESS_PROXY_CONNECT), 844 link(TCP)(ADDRESS_TCP_CONNECT) 845label(ADDRESS_SOCKS4A)dit(bf(tt(SOCKS4A:<socks-server>:<host>:<port>))) 846 like link(SOCKS4)(ADDRESS_SOCKS4), but uses socks protocol version 4a, thus 847 leaving host name resolution to the socks server.nl() 848 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(SOCKS4)(GROUP_SOCKS),link(RETRY)(GROUP_RETRY) nl() 849label(ADDRESS_STDERR)dit(bf(tt(STDERR))) 850 Uses file descriptor 2.nl() 851 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl() 852 See also: link(FD)(ADDRESS_FD) 853label(ADDRESS_STDIN)dit(bf(tt(STDIN))) 854 Uses file descriptor 0.nl() 855 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl() 856 Useful options: 857 link(readbytes)(OPTION_READBYTES)nl() 858 See also: link(FD)(ADDRESS_FD) 859label(ADDRESS_STDIO)dit(bf(tt(STDIO))) 860 Uses file descriptor 0 for reading, and 1 for writing.nl() 861 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl() 862 Useful options: 863 link(readbytes)(OPTION_READBYTES)nl() 864 See also: link(FD)(ADDRESS_FD) 865label(ADDRESS_STDOUT)dit(bf(tt(STDOUT))) 866 Uses file descriptor 1.nl() 867 Option groups: link(FD)(GROUP_FD) (link(TERMIOS)(GROUP_TERMIOS),link(REG)(GROUP_REG),link(SOCKET)(GROUP_SOCKET)) nl() 868 See also: link(FD)(ADDRESS_FD) 869label(ADDRESS_SYSTEM)dit(bf(tt(SYSTEM:<shell-command>))) 870 Forks a sub process that establishes communication with its parent process 871 and invokes the specified program with code(system()). Please note that 872 <shell-command> [link(string)(TYPE_STRING)] must 873 not contain ',' or "!!", and that shell meta characters may have to be 874 protected. 875 After successful program start, socat() writes data to stdin of the 876 process and reads from its stdout.nl() 877 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(EXEC)(GROUP_EXEC),link(FORK)(GROUP_FORK),link(TERMIOS)(GROUP_TERMIOS) nl() 878 Useful options: 879 link(path)(OPTION_PATH), 880 link(fdin)(OPTION_FDIN), 881 link(fdout)(OPTION_FDOUT), 882 link(chroot)(OPTION_CHROOT), 883 link(su)(OPTION_SUBSTUSER), 884 link(su-d)(OPTION_SUBSTUSER_DELAYED), 885 link(nofork)(OPTION_NOFORK), 886 link(pty)(OPTION_PTY), 887 link(stderr)(OPTION_STDERR), 888 link(ctty)(OPTION_CTTY), 889 link(setsid)(OPTION_SETSID), 890 link(pipes)(OPTION_PIPES), 891 link(sigint)(OPTION_SIGINT), 892 link(sigquit)(OPTION_SIGQUIT)nl() 893 See also: link(EXEC)(ADDRESS_EXEC) 894label(ADDRESS_TCP_CONNECT)dit(bf(tt(TCP:<host>:<port>))) 895 Connects to <port> [link(TCP service)(TYPE_TCP_SERVICE)] on 896 <host> [link(IP address)(TYPE_IP_ADDRESS)] using TCP/IP version 4 or 6 897 depending on address specification, name resolution, or option 898 link(pf)(OPTION_PROTOCOL_FAMILY).nl() 899 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 900 Useful options: 901 link(crnl)(OPTION_CRNL), 902 link(bind)(OPTION_BIND), 903 link(pf)(OPTION_PROTOCOL_FAMILY), 904 link(connect-timeout)(OPTION_CONNECT_TIMEOUT), 905 link(tos)(OPTION_TOS), 906 link(mtudiscover)(OPTION_MTUDISCOVER), 907 link(mss)(OPTION_MSS), 908 link(nodelay)(OPTION_NODELAY), 909 link(nonblock)(OPTION_NONBLOCK), 910 link(sourceport)(OPTION_SOURCEPORT), 911 link(retry)(OPTION_RETRY), 912 link(readbytes)(OPTION_READBYTES)nl() 913 See also: 914 link(TCP4)(ADDRESS_TCP4_CONNECT), 915 link(TCP6)(ADDRESS_TCP6_CONNECT), 916 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), 917 link(UDP)(ADDRESS_UDP_CONNECT), 918 link(SCTP-CONNECT)(ADDRESS_SCTP_CONNECT), 919 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT) 920label(ADDRESS_TCP4_CONNECT)dit(bf(tt(TCP4:<host>:<port>))) 921 Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv4 protocol (link(example)(EXAMPLE_ADDRESS_TCP4_CONNECT)).nl() 922 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 923label(ADDRESS_TCP6_CONNECT)dit(bf(tt(TCP6:<host>:<port>))) 924 Like link(TCP)(ADDRESS_TCP_CONNECT), but only supports IPv6 protocol.nl() 925 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 926label(ADDRESS_TCP_LISTEN)dit(bf(tt(TCP-LISTEN:<port>))) 927 Listens on <port> [link(TCP service)(TYPE_TCP_SERVICE)] and accepts a 928 TCP/IP connection. The IP version is 4 or the one specified with 929 address option link(pf)(OPTION_PROTOCOL_FAMILY), socat option 930 (link(-4)(option_4), link(-6)(option_6)), or environment variable link(SOCAT_DEFAULT_LISTEN_IP)(ENV_SOCAT_DEFAULT_LISTEN_IP). 931 Note that opening 932 this address usually blocks until a client connects.nl() 933 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 934 Useful options: 935 link(crnl)(OPTION_CRNL), 936 link(fork)(OPTION_FORK), 937 link(bind)(OPTION_BIND), 938 link(range)(OPTION_RANGE), 939 link(tcpwrap)(OPTION_TCPWRAPPERS), 940 link(pf)(OPTION_PROTOCOL_FAMILY), 941 link(max-children)(OPTION_MAX_CHILDREN), 942 link(backlog)(OPTION_BACKLOG), 943 link(mss)(OPTION_MSS), 944 link(su)(OPTION_SUBSTUSER), 945 link(reuseaddr)(OPTION_REUSEADDR), 946 link(retry)(OPTION_RETRY), 947 link(cool-write)(OPTION_COOL_WRITE)nl() 948 See also: 949 link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN), 950 link(TCP6-LISTEN)(ADDRESS_TCP6_LISTEN), 951 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 952 link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN), 953 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), 954 link(OPENSSL-LISTEN)(ADDRESS_OPENSSL_LISTEN), 955 link(TCP-CONNECT)(ADDRESS_TCP_CONNECT) 956label(ADDRESS_TCP4_LISTEN)dit(bf(tt(TCP4-LISTEN:<port>))) 957 Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv4 958 protocol (link(example)(EXAMPLE_ADDRESS_TCP4_LISTEN)).nl() 959 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 960label(ADDRESS_TCP6_LISTEN)dit(bf(tt(TCP6-LISTEN:<port>))) 961 Like link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), but only supports IPv6 962 protocol.nl() 963 Additional useful option: 964 link(ipv6only)(OPTION_IPV6_V6ONLY)nl() 965 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl() 966label(ADDRESS_TUN)dit(bf(tt(TUN[:<if-addr>/<bits>]))) 967 Creates a Linux TUN/TAP device and optionally assignes it the address and 968 netmask given by the parameters. The resulting network interface is almost 969 ready for use by other processes; socat serves its "wire side". This address 970 requires read and write access to the tunnel cloning device, usually 971 code(/dev/net/tun), as well as permission to set some tt(ioctl()s). 972 bf(Option iff-up is required to immediately activate the interface!)nl() 973 Option groups: link(FD)(GROUP_FD),link(NAMED)(GROUP_NAMED),link(OPEN)(GROUP_OPEN),link(TUN)(GROUP_TUN) nl() 974 Useful options: 975 link(iff-up)(OPTION_IFF_UP), 976 link(tun-device)(OPTION_TUN_DEVICE), 977 link(tun-name)(OPTION_TUN_NAME), 978 link(tun-type)(OPTION_TUN_TYPE), 979 link(iff-no-pi)(OPTION_IFF_NO_PI) nl() 980 See also: 981 link(ip-recv)(ADDRESS_IP_RECV) 982label(ADDRESS_UDP_CONNECT)dit(bf(tt(UDP:<host>:<port>))) 983 Connects to <port> [link(UDP service)(TYPE_UDP_SERVICE)] on 984 <host> [link(IP address)(TYPE_IP_ADDRESS)] using UDP/IP version 4 or 6 985 depending on address specification, name resolution, or option 986 link(pf)(OPTION_PROTOCOL_FAMILY).nl() 987 Please note that, 988 due to UDP protocol properties, no real connection is established; data has 989 to be sent for `connecting' to the server, and no end-of-file condition can 990 be transported.nl() 991 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl() 992 Useful options: 993 link(ttl)(OPTION_TTL), 994 link(tos)(OPTION_TOS), 995 link(bind)(OPTION_BIND), 996 link(sourceport)(OPTION_SOURCEPORT), 997 link(pf)(OPTION_PROTOCOL_FAMILY)nl() 998 See also: 999 link(UDP4)(ADDRESS_UDP4_CONNECT), 1000 link(UDP6)(ADDRESS_UDP6_CONNECT), 1001 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 1002 link(TCP)(ADDRESS_TCP_CONNECT), 1003 link(IP)(ADDRESS_IP_SENDTO) 1004label(ADDRESS_UDP4_CONNECT)dit(bf(tt(UDP4:<host>:<port>))) 1005 Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv4 protocol.nl() 1006 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) nl() 1007label(ADDRESS_UDP6_CONNECT)dit(bf(tt(UDP6:<host>:<port>))) 1008 Like link(UDP)(ADDRESS_UDP_CONNECT), but only supports IPv6 protocol.nl() 1009 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) nl() 1010label(ADDRESS_UDP_DATAGRAM)dit(bf(tt(UDP-DATAGRAM:<address>:<port>))) 1011 Sends outgoing data to the specified address which may in particular be a 1012 broadcast or multicast address. Packets arriving on the local socket are 1013 checked for the correct remote port and if their source addresses match 1014 link(RANGE)(OPTION_RANGE) or link(TCPWRAP)(OPTION_TCPWRAPPERS) 1015 options. This address type can for example be used for implementing 1016 symmetric or asymmetric broadcast or multicast communications.nl() 1017 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl() 1018 Useful options: 1019 link(bind)(OPTION_BIND), 1020 link(range)(OPTION_RANGE), 1021 link(tcpwrap)(OPTION_TCPWRAPPERS), 1022 link(broadcast)(OPTION_SO_BROADCAST), 1023 link(ip-multicast-loop)(OPTION_IP_MULTICAST_LOOP), 1024 link(ip-multicast-ttl)(OPTION_IP_MULTICAST_TTL), 1025 link(ip-multicast-if)(OPTION_IP_MULTICAST_IF), 1026 link(ip-add-membership)(OPTION_IP_ADD_MEMBERSHIP), 1027 link(ttl)(OPTION_TTL), 1028 link(tos)(OPTION_TOS), 1029 link(sourceport)(OPTION_SOURCEPORT), 1030 link(pf)(OPTION_PROTOCOL_FAMILY)nl() 1031 See also: 1032 link(UDP4-DATAGRAM)(ADDRESS_UDP4_DATAGRAM), 1033 link(UDP6-DATAGRAM)(ADDRESS_UDP6_DATAGRAM), 1034 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 1035 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 1036 link(UDP-RECV)(ADDRESS_UDP_RECV), 1037 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT), 1038 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 1039 link(IP-DATAGRAM)(ADDRESS_IP_DATAGRAM) 1040label(ADDRESS_UDP4_DATAGRAM)dit(bf(tt(UDP4-DATAGRAM:<address>:<port>))) 1041 Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv4 1042 protocol (link(example1)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT), 1043 link(example2)(EXAMPLE_ADDRESS_UDP4_MULTICAST)).nl() 1044 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4), link(RANGE)(GROUP_RANGE) 1045label(ADDRESS_UDP6_DATAGRAM)dit(bf(tt(UDP6-DATAGRAM:<address>:<port>))) 1046 Like link(UDP-DATAGRAM)(ADDRESS_UDP_DATAGRAM), but only supports IPv6 1047 protocol.nl() 1048 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) 1049label(ADDRESS_UDP_LISTEN)dit(bf(tt(UDP-LISTEN:<port>))) 1050 Waits for a UDP/IP packet arriving on <port> 1051 [link(UDP service)(TYPE_UDP_SERVICE)] and `connects' back to sender. 1052 The accepted IP version is 4 or the one specified with option 1053 link(pf)(OPTION_PROTOCOL_FAMILY). 1054 Please note that, 1055 due to UDP protocol properties, no real connection is established; data has 1056 to arrive from the peer first, and no end-of-file condition can be 1057 transported. Note that opening 1058 this address usually blocks until a client connects.nl() 1059 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl() 1060 Useful options: 1061 link(fork)(OPTION_FORK), 1062 link(bind)(OPTION_BIND), 1063 link(range)(OPTION_RANGE), 1064 link(pf)(OPTION_PROTOCOL_FAMILY) nl() 1065 See also: 1066 link(UDP)(ADDRESS_UDP_CONNECT), 1067 link(UDP4-LISTEN)(ADDRESS_UDP4_LISTEN), 1068 link(UDP6-LISTEN)(ADDRESS_UDP6_LISTEN), 1069 link(TCP-LISTEN)(ADDRESS_TCP_LISTEN) 1070label(ADDRESS_UDP4_LISTEN)dit(bf(tt(UDP4-LISTEN:<port>))) 1071 Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv4 1072 protocol.nl() 1073 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP4)(GROUP_IP4) nl() 1074label(ADDRESS_UDP6_LISTEN)dit(bf(tt(UDP6-LISTEN:<port>))) 1075 Like link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), but only support IPv6 1076 protocol.nl() 1077 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6) nl() 1078label(ADDRESS_UDP_SENDTO)dit(bf(tt(UDP-SENDTO:<host>:<port>))) 1079 Communicates with the specified peer socket, defined by <port> [link(UDP 1080 service)(TYPE_UDP_SERVICE)] on 1081 <host> [link(IP address)(TYPE_IP_ADDRESS)], using UDP/IP version 4 or 6 1082 depending on address specification, name resolution, or option 1083 link(pf)(OPTION_PROTOCOL_FAMILY). It sends packets to and receives packets 1084 from that peer socket only. 1085 This address effectively implements a datagram client. 1086 It works well with socat UDP-RECVFROM and UDP-RECV address peers.nl() 1087 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6) nl() 1088 Useful options: 1089 link(ttl)(OPTION_TTL), 1090 link(tos)(OPTION_TOS), 1091 link(bind)(OPTION_BIND), 1092 link(sourceport)(OPTION_SOURCEPORT), 1093 link(pf)(OPTION_PROTOCOL_FAMILY)nl() 1094 See also: 1095 link(UDP4-SENDTO)(ADDRESS_UDP4_SENDTO), 1096 link(UDP6-SENDTO)(ADDRESS_UDP6_SENDTO), 1097 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 1098 link(UDP-RECV)(ADDRESS_UDP_RECV), 1099 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT), 1100 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 1101 link(IP-SENDTO)(ADDRESS_IP_SENDTO) 1102label(ADDRESS_UDP4_SENDTO)dit(bf(tt(UDP4-SENDTO:<host>:<port>))) 1103 Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv4 1104 protocol.nl() 1105 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4) 1106label(ADDRESS_UDP6_SENDTO)dit(bf(tt(UDP6-SENDTO:<host>:<port>))) 1107 Like link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), but only supports IPv6 1108 protocol.nl() 1109 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6) 1110 1111label(ADDRESS_UDP_RECVFROM)dit(bf(tt(UDP-RECVFROM:<port>))) 1112 Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using 1113 UDP/IP version 4 or 6 1114 depending on option link(pf)(OPTION_PROTOCOL_FAMILY). 1115 It receives one packet from an unspecified peer and may send one or more 1116 answer packets to that peer. This mode is particularly useful with fork 1117 option 1118 where each arriving packet - from arbitrary peers - is handled by its own sub 1119 process. This allows a behaviour similar to typical UDP based servers like ntpd 1120 or named. This address works well with socat UDP-SENDTO address peers.nl() 1121 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) nl() 1122 Useful options: 1123 link(fork)(OPTION_FORK), 1124 link(ttl)(OPTION_TTL), 1125 link(tos)(OPTION_TOS), 1126 link(bind)(OPTION_BIND), 1127 link(sourceport)(OPTION_SOURCEPORT), 1128 link(pf)(OPTION_PROTOCOL_FAMILY)nl() 1129 See also: 1130 link(UDP4-RECVFROM)(ADDRESS_UDP4_RECVFROM), 1131 link(UDP6-RECVFROM)(ADDRESS_UDP6_RECVFROM), 1132 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 1133 link(UDP-RECV)(ADDRESS_UDP_RECV), 1134 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT), 1135 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 1136 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM), 1137 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM) 1138label(ADDRESS_UDP4_RECVFROM)dit(bf(tt(UDP4-RECVFROM:<port>))) 1139 Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv4 protocol.nl() 1140 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) 1141label(ADDRESS_UDP6_RECVFROM)dit(bf(tt(UDP6-RECVFROM:<port>))) 1142 Like link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), but only supports IPv6 protocol.nl() 1143 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE) 1144 1145label(ADDRESS_UDP_RECV)dit(bf(tt(UDP-RECV:<port>))) 1146 Creates a UDP socket on <port> [link(UDP service)(TYPE_UDP_SERVICE)] using UDP/IP version 4 or 6 1147 depending on option link(pf)(OPTION_PROTOCOL_FAMILY). 1148 It receives packets from multiple unspecified peers and merges the data. 1149 No replies are possible. It works well with, e.g., socat UDP-SENDTO address peers; it behaves similar to a syslog server.nl() 1150 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) nl() 1151 Useful options: 1152 link(fork)(OPTION_FORK), 1153 link(pf)(OPTION_PROTOCOL_FAMILY), 1154 link(bind)(OPTION_BIND), 1155 link(sourceport)(OPTION_SOURCEPORT), 1156 link(ttl)(OPTION_TTL), 1157 link(tos)(OPTION_TOS)nl() 1158 See also: 1159 link(UDP4-RECV)(ADDRESS_UDP4_RECV), 1160 link(UDP6-RECV)(ADDRESS_UDP6_RECV), 1161 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 1162 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 1163 link(UDP-CONNECT)(ADDRESS_UDP_CONNECT), 1164 link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), 1165 link(IP-RECV)(ADDRESS_IP_RECV), 1166 link(UNIX-RECV)(ADDRESS_UNIX_RECV) 1167label(ADDRESS_UDP4_RECV)dit(bf(tt(UDP4-RECV:<port>))) 1168 Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv4 protocol.nl() 1169 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP4)(GROUP_IP4),link(RANGE)(GROUP_RANGE) 1170label(ADDRESS_UDP6_RECV)dit(bf(tt(UDP6-RECV:<port>))) 1171 Like link(UDP-RECV)(ADDRESS_UDP_RECV), but only supports IPv6 protocol.nl() 1172 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(IP6)(GROUP_IP6),link(RANGE)(GROUP_RANGE) 1173 1174label(ADDRESS_UNIX_CONNECT)dit(bf(tt(UNIX-CONNECT:<filename>))) 1175 Connects to link(<filename>)(TYPE_FILENAME) assuming it is a unixdomain() 1176 socket. 1177 If <filename> does not exist, this is an error; 1178 if <filename> is not a unixdomain() socket, this is an error; 1179 if <filename> is a unixdomain() socket, but no process is listening, this is 1180 an error.nl() 1181 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl()) 1182 Useful options: 1183 link(bind)(OPTION_BIND)nl() 1184 See also: 1185 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), 1186 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO), 1187 link(TCP)(ADDRESS_TCP_CONNECT) 1188 1189label(ADDRESS_UNIX_LISTEN)dit(bf(tt(UNIX-LISTEN:<filename>))) 1190 Listens on link(<filename>)(TYPE_FILENAME) using a unixdomain() stream 1191 socket and accepts a connection. 1192 If <filename> exists and is not a socket, this is an error. 1193 If <filename> exists and is a unixdomain() socket, binding to the address 1194 fails (use option link(unlink-early)(OPTION_UNLINK_EARLY)!). 1195 Note that opening this address usually blocks until a client connects. 1196 Beginning with socat version 1.4.3, the file system entry is removed when 1197 this address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)) (link(example)(EXAMPLE_ADDRESS_UNIX_LISTEN)).nl() 1198 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RETRY)(GROUP_RETRY),link(UNIX)(GROUP_SOCK_UNIX) nl() 1199 Useful options: 1200 link(fork)(OPTION_FORK), 1201 link(umask)(OPTION_UMASK), 1202 link(mode)(OPTION_MODE), 1203 link(user)(OPTION_USER), 1204 link(group)(OPTION_GROUP), 1205 link(unlink-early)(OPTION_UNLINK_EARLY)nl() 1206 See also: 1207 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT), 1208 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM), 1209 link(UNIX-RECV)(ADDRESS_UNIX_RECV), 1210 link(TCP-LISTEN)(ADDRESS_TCP4_LISTEN) 1211 1212label(ADDRESS_UNIX_SENDTO)dit(bf(tt(UNIX-SENDTO:<filename>))) 1213 Communicates with the specified peer socket, defined by [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() datagram socket. 1214 It sends packets to and receives packets from that peer socket only. 1215 Please note that it might be neccessary to link(bind)(OPTION_BIND) the 1216 local socket to an address (e.g. tt(/tmp/sock1), which must not exist 1217 before). 1218 This address type works well with socat UNIX-RECVFROM and UNIX-RECV address 1219 peers.nl() 1220 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX)nl() 1221 Useful options: 1222 link(bind)(OPTION_BIND)nl() 1223 See also: 1224 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM), 1225 link(UNIX-RECV)(ADDRESS_UNIX_RECV), 1226 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT), 1227 link(UDP-SENDTO)(ADDRESS_UDP_SENDTO), 1228 link(IP-SENDTO)(ADDRESS_IP_SENDTO) 1229 1230label(ADDRESS_UNIX_RECVFROM)dit(bf(tt(UNIX-RECVFROM:<filename>))) 1231 Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)]. 1232 Receives one packet and may send one or more answer packets to that peer. 1233 This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process. 1234 This address works well with socat UNIX-SENDTO address peers.nl() 1235 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(CHILD)(GROUP_CHILD),link(UNIX)(GROUP_SOCK_UNIX) nl() 1236 Useful options: 1237 link(fork)(OPTION_FORK)nl() 1238 See also: 1239 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO), 1240 link(UNIX-RECV)(ADDRESS_UNIX_RECV), 1241 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), 1242 link(UDP-RECVFROM)(ADDRESS_UDP_RECVFROM), 1243 link(IP-RECVFROM)(ADDRESS_IP_RECVFROM) 1244 1245label(ADDRESS_UNIX_RECV)dit(bf(tt(UNIX-RECV:<filename>))) 1246 Creates a unixdomain() datagram socket [link(<filename>)(TYPE_FILENAME)]. 1247 Receives packets from multiple unspecified peers and merges the data. 1248 No replies are possible. It can be, e.g., addressed by socat UNIX-SENDTO address peers. 1249 It behaves similar to a syslog server. 1250 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl() 1251 See also: 1252 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO), 1253 link(UNIX-RECVFROM)(ADDRESS_UNIX_RECVFROM), 1254 link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), 1255 link(UDP-RECV)(ADDRESS_UDP_RECV), 1256 link(IP-RECV)(ADDRESS_IP_RECV) 1257 1258label(ADDRESS_UNIX_CLIENT)dit(bf(tt(UNIX-CLIENT:<filename>))) 1259 Communicates with the specified peer socket, defined by 1260 [link(<filename>)(TYPE_FILENAME)] assuming it is a unixdomain() socket. 1261 It first tries to connect and, if that fails, assumes it is a datagram 1262 socket, thus supporting both types.nl() 1263 Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(NAMED)(GROUP_NAMED),link(UNIX)(GROUP_SOCK_UNIX) nl() 1264 Useful options: 1265 link(bind)(OPTION_BIND)nl() 1266 See also: 1267 link(UNIX-CONNECT)(ADDRESS_UNIX_CONNECT), 1268 link(UNIX-SENDTO)(ADDRESS_UNIX_SENDTO), 1269 link(GOPEN)(ADDRESS_GOPEN) 1270 1271dit(bf(tt(ABSTRACT-CONNECT:<string>))) 1272dit(bf(tt(ABSTRACT-LISTEN:<string>))) 1273dit(bf(tt(ABSTRACT-SENDTO:<string>))) 1274dit(bf(tt(ABSTRACT-RECVFROM:<string>))) 1275dit(bf(tt(ABSTRACT-RECV:<string>))) 1276dit(bf(tt(ABSTRACT-CLIENT:<string>))) 1277 The ABSTRACT addresses are almost identical to the related UNIX addresses 1278 except that they do not address file system based sockets but an alternate 1279 unixdomain() address space. To archieve this the socket address strings are 1280 prefixed with "\0" internally. This feature is available (only?) on Linux. 1281 Option groups are the same as with the related UNIX addresses, except that 1282 the ABSTRACT addresses are not member of the NAMED group. 1283enddit() 1284 1285 1286label(ADDRESS_OPTIONS) 1287manpagesection(ADDRESS OPTIONS) 1288 1289Address options can be applied to address specifications to influence the 1290process of opening the addresses and the 1291properties of the resulting data channels. 1292 1293For technical reasons not every option can be 1294applied to every address type; e.g., applying a socket option to a regular file 1295will fail. To catch most useless combinations as early as in the open phase, 1296the concept of em(option groups) was introduced. Each option belongs to one 1297or more option groups. Options can be used only with address types that support 1298at least one of their option groups (but see link(option -g)(option_g)). 1299 1300Address options have data types that their values must conform to. 1301Every address option consists of just a keyword or a keyword followed by 1302"=value", where value must conform to the options type. 1303COMMENT(Options that trigger a call with 1304trivial parameters are described with type BOOL which might be misleading.) 1305Some address options manipulate parameters of system calls; 1306e.g., option sync sets the code(O_SYNC) flag with the code(open()) call. 1307Other options cause a system or library call; e.g., with option `ttl=value' 1308the code(setsockopt(fd, SOL_IP, IP_TTL, value, sizeof(int))) call is applied. 1309Other 1310options set internal socat() variables that are used during data transfer; 1311e.g., `crnl' causes explicit character conversions. 1312A few options have more complex implementations; e.g., su-d 1313(substuser-delayed) inquires some user and group infos, stores them, and 1314applies them later after a possible code(chroot()) call. 1315 1316If multiple options are given to an address, their sequence in the address specification has (almost) no 1317effect on the sequence of their execution/application. Instead, socat() has 1318built in an em(option phase) model that tries to bring the options in a useful 1319order. Some options exist in different forms (e.g., 1320unlink, unlink-early, unlink-late) to control the time of their execution. 1321 1322If the same option is specified more than once within one address 1323specification, with equal or different values, the effect depends on the kind of option. Options 1324resulting in function calls like code(setsockopt()) cause multiple 1325invocations. With options that set parameters for a required call like 1326code(open()) 1327or set internal flags, the value of the last option occurrence is effective. 1328 1329The existence or semantics of many options are system dependent. Socat() 1330usually does NOT try to emulate missing libc or kernel features, it just 1331provides an 1332interface to the underlying system. So, if an operating system lacks a feature, 1333the related option is simply not available on this platform. 1334 1335The following paragraphs introduce just the more common address options. For 1336a more comprehensive reference and to find information about canonical option 1337names, alias names, option phases, and platforms see file file(xio.help). 1338nl() nl() 1339 1340startdit()enddit()nl() 1341 1342 1343label(GROUP_FD)em(bf(FD option group)) 1344 1345This option group contains options that are applied to a unix() 1346style file descriptor, no matter how it was generated. 1347Because all current socat() address types are file descriptor based, these 1348options may be applied to any address. nl() 1349Note: Some of these options are also member of another option group, that 1350provides an other, non-fd based mechanism. 1351For these options, it depends on the actual address type and its option groups 1352which mechanism is used. The second, non-fd based mechanism is prioritized. 1353startdit() 1354label(OPTION_CLOEXEC)dit(bf(tt(cloexec=<bool>))) 1355 Sets the code(FD_CLOEXEC) flag with the code(fcntl()) system call to value 1356 link(<bool>)(TYPE_BOOL). If set, 1357 the file descriptor is closed on code(exec()) family function calls. Socat() 1358 internally handles 1359 this flag for the fds it controls, so in most cases there will be no need to 1360 apply this option. 1361label(OPTION_SETLK_WR)dit(bf(tt(setlk))) 1362 Tries to set a discretionary write lock to the whole file using the code(fcntl(fd, 1363 F_SETLK, ...)) system call. If the file is already locked, this call results 1364 in an error. 1365 On Linux, when the file permissions for group are "S" (g-x,g+s), and the 1366 file system is locally mounted with the "mand" option, the lock is 1367 mandatory, i.e. prevents other processes from opening the file. 1368label(OPTION_SETLKW_WR)dit(bf(tt(setlkw))) 1369 Tries to set a discretionary waiting write lock to the whole file using the 1370 code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already locked, 1371 this call blocks. 1372 See option link(setlk)(OPTION_SETLK_WR) for information about making this 1373 lock mandatory. 1374label(OPTION_SETLK_RD)dit(bf(tt(setlk-rd))) 1375 Tries to set a discretionary read lock to the whole file using the code(fcntl(fd, 1376 F_SETLK, ...)) system call. If the file is already write locked, this call 1377 results in an error. 1378 See option link(setlk)(OPTION_SETLK_WR) for information about making this 1379 lock mandatory. 1380label(OPTION_SETLKW_RD)dit(bf(tt(setlkw-rd))) 1381 Tries to set a discretionary waiting read lock to the whole file using the 1382 code(fcntl(fd, F_SETLKW, ...)) system call. If the file is already write 1383 locked, this call blocks. 1384 See option link(setlk)(OPTION_SETLK_WR) for information about making this 1385 lock mandatory. 1386label(OPTION_FLOCK_EX)dit(bf(tt(flock-ex))) 1387 Tries to set a blocking exclusive advisory lock to the file using the 1388 code(flock(fd, LOCK_EX)) system call. Socat() hangs in this call if the file 1389 is locked by another process. 1390label(OPTION_FLOCK_EX_NB)dit(bf(tt(flock-ex-nb))) 1391 Tries to set a nonblocking exclusive advisory lock to the file using the 1392 code(flock(fd, LOCK_EX|LOCK_NB)) system call. If the file is already locked, 1393 this option results in an error. 1394label(OPTION_FLOCK_SH)dit(bf(tt(flock-sh))) 1395 Tries to set a blocking shared advisory lock to the file using the 1396 code(flock(fd, LOCK_SH)) system call. Socat() hangs in this call if the file 1397 is locked by another process. 1398label(OPTION_FLOCK_SH_NB)dit(bf(tt(flock-sh-nb))) 1399 Tries to set a nonblocking shared advisory lock to the file using the 1400 code(flock(fd, LOCK_SH|LOCK_NB)) system call. If the file is already locked, 1401 this option results in an error. 1402label(OPTION_LOCK)dit(bf(tt(lock))) 1403 Sets a blocking lock on the file. Uses the setlk or flock mechanism 1404 depending on availability on the particular platform. If both are available, 1405 the POSIX variant (setlkw) is used. 1406label(OPTION_USER)dit(bf(tt(user=<user>))) 1407 Sets the link(<user>)(TYPE_USER) (owner) of the stream. 1408 If the address is member of the NAMED option group, 1409 socat() uses the code(chown()) system call after opening the 1410 file or binding to the unixdomain() socket (race condition!). 1411 Without filesystem entry, socat() sets the user of the stream 1412 using the code(fchown()) system call. 1413 These calls might require root privilege. 1414label(OPTION_USER_LATE)dit(bf(tt(user-late=<user>))) 1415 Sets the owner of the fd to link(<user>)(TYPE_USER) with the code(fchown()) 1416 system call after opening 1417 or connecting the channel. 1418 This is useful only on file system entries. 1419label(OPTION_GROUP)dit(bf(tt(group=<group>))) 1420 Sets the link(<group>)(TYPE_GROUP) of the stream. 1421 If the address is member of the NAMED option group, 1422 socat() uses the code(chown()) system call after opening the 1423 file or binding to the unixdomain() socket (race condition!). 1424 Without filesystem entry, socat() sets the group of the stream 1425 with the code(fchown()) system call. 1426 These calls might require group membership or root privilege. 1427label(OPTION_GROUP_LATE)dit(bf(tt(group-late=<group>))) 1428 Sets the group of the fd to link(<group>)(TYPE_GROUP) with the 1429 code(fchown()) system call after opening 1430 or connecting the channel. 1431 This is useful only on file system entries. 1432label(OPTION_MODE)dit(bf(tt(mode=<mode>))) 1433 Sets the <mode> [link(mode_t)(TYPE_MODE_T)] (permissions) of the stream. 1434 If the address is member of the NAMED option group and 1435 uses the code(open()) or code(creat()) call, the mode is applied with these. 1436 If the address is member of the NAMED option group without using these 1437 system calls, socat() uses the code(chmod()) system call after opening the 1438 filesystem entry or binding to the unixdomain() socket (race condition!). 1439 Otherwise, socat() sets the mode of the stream 1440 using code(fchmod()). 1441 These calls might require ownership or root privilege. 1442label(OPTION_PERM_LATE)dit(bf(tt(perm-late=<mode>))) 1443 Sets the permissions of the fd to value <mode> 1444 [link(mode_t)(TYPE_MODE_T)] using the code(fchmod()) system call after 1445 opening or connecting the channel. 1446 This is useful only on file system entries. 1447label(OPTION_APPEND)dit(bf(tt(append=<bool>))) 1448 Always writes data to the actual end of file. 1449 If the address is member of the OPEN option group, 1450 socat() uses the code(O_APPEND) flag with the code(open()) system call 1451 (link(example)(EXAMPLE_OPTION_APPEND)). 1452 Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_APPEND)) call. 1453label(OPTION_NONBLOCK)dit(bf(tt(nonblock=<bool>))) 1454 Tries to open or use file in nonblocking mode. Its only effects are that the 1455 code(connect()) call of TCP addresses does not block, and that opening a 1456 named pipe for reading does not block. 1457 If the address is member of the OPEN option group, 1458 socat() uses the code(O_NONBLOCK) flag with the code(open()) system call. 1459 Otherwise, socat() applies the code(fcntl(fd, F_SETFL, O_NONBLOCK)) call. 1460COMMENT(label(OPTION_NDELAY)dit(bf(tt(ndelay=<bool>))) 1461 Tries to open or use file in nonblocking mode. Has no effect because socat() 1462 works with code(select()).) 1463COMMENT(label(OPTION_ASYNC)dit(bf(tt(async=<bool>))) 1464 Enables SIGIO for this fd. Has no effect, because socat() ignores SIGIO.) 1465label(OPTION_O_BINARY)dit(bf(tt(binary))) 1466 Opens the file in binary mode to avoid implicit line terminator 1467 conversions (Cygwin). 1468label(OPTION_O_TEXT)dit(bf(tt(text))) 1469 Opens the file in text mode to force implicit line terminator conversions 1470 (Cygwin). 1471label(OPTION_O_NOINHERIT)dit(bf(tt(noinherit))) 1472 Does not keep this file open in a spawned process (Cygwin). 1473label(OPTION_COOL_WRITE)dit(bf(tt(cool-write))) 1474 Takes it easy when write fails with EPIPE or ECONNRESET and logs the message 1475 with em(notice) level instead of em(error). 1476 This prevents the log file from being filled with useless error messages 1477 when socat is used as a high volume server or proxy where clients often 1478 abort the connection.nl() 1479 This option is experimental. 1480label(OPTION_END_CLOSE)dit(bf(tt(end-close))) 1481 Changes the (address dependent) method of ending a connection to just close 1482 the file descriptors. This is useful when the connection is to be reused by 1483 or shared with other processes (link(example)(EXAMPLE_END_CLOSE)).nl() 1484 Normally, socket connections will be ended with tt(shutdown(2)) which 1485 terminates the socket even if it is shared by multiple processes. 1486 tt(close(2)) "unlinks" the socket from the process but keeps it active as 1487 long as there are still links from other processes.nl() 1488 Similarly, when an address of type EXEC or SYSTEM is ended, socat usually 1489 will explicitely kill the sub process. With this option, it will just close 1490 the file descriptors. 1491label(OPTION_SHUT_NONE)dit(bf(tt(shut-none))) 1492 Changes the (address dependent) method of shutting down the write part of a 1493 connection to not do anything. 1494label(OPTION_SHUT_DOWN)dit(bf(tt(shut-down))) 1495 Changes the (address dependent) method of shutting down the write part of a 1496 connection to tt(shutdown\(fd, SHUT_WR)). Is only useful with sockets. 1497label(OPTION_SHUT_CLOSE)dit(bf(tt(shut-close))) 1498 Changes the (address dependent) method of shutting down the write part of a 1499 connection to tt(close\(fd)). 1500label(OPTION_SHUT_NULL)dit(bf(tt(shut-null))) 1501 When one address indicates EOF, socat() will send a zero sized packet to the 1502 write channel of the other address to transfer the EOF condition. This is 1503 useful with UDP and other datagram protocols. Has been tested against 1504 netcat and socat with option link(null-eof)(OPTION_NULL_EOF). 1505label(OPTION_NULL_EOF)dit(bf(tt(null-eof))) 1506 Normally socat() will ignore empty (zero size payload) packets arriving on 1507 datagram sockets, so it survives port scans. With this option socat() 1508 interprets empty datagram packets as EOF indicator (see 1509 link(shut-null)(OPTION_SHUT_NULL)). 1510label(OPTION_IOCTL_VOID)dit(bf(tt(ioctl-void=<request>))) 1511 Calls tt(ioctl()) with the request value as second argument and NULL as 1512 third argument. This option allows to utilize ioctls that are not 1513 explicitely implemented in socat. 1514label(OPTION_IOCTL_INT)dit(bf(tt(ioctl-int=<request>:<value>))) 1515 Calls tt(ioctl()) with the request value as second argument and the integer 1516 value as third argument. 1517label(OPTION_IOCTL_INTP)dit(bf(tt(ioctl-intp=<request>:<value>))) 1518 Calls tt(ioctl()) with the request value as second argument and a pointer to 1519 the integer value as third argument. 1520label(OPTION_IOCTL_BIN)dit(bf(tt(ioctl-bin=<request>:<value>))) 1521 Calls tt(ioctl()) with the request value as second argument and a pointer to 1522 the given data value as third argument. This data must be specified in 1523 link(<dalan>)(TYPE_DATA) form. 1524label(OPTION_IOCTL_STRING)dit(bf(tt(ioctl-string=<request>:<value>))) 1525 Calls tt(ioctl()) with the request value as second argument and a pointer to 1526 the given string as third argument. 1527 link(<dalan>)(TYPE_DATA) form. 1528enddit() 1529 1530startdit()enddit()nl() 1531 1532 1533label(GROUP_NAMED)em(bf(NAMED option group)) 1534 1535These options work on file system entries.nl() 1536See also options link(user)(OPTION_USER), link(group)(OPTION_GROUP), and 1537link(mode)(OPTION_MODE). 1538 1539startdit() 1540label(OPTION_USER_EARLY)dit(bf(tt(user-early=<user>))) 1541 Changes the link(<user>)(TYPE_USER) (owner) of the file system entry before 1542 accessing it, using the 1543 code(chown()) system call. This call might require root privilege. 1544label(OPTION_GROUP_EARLY)dit(bf(tt(group-early=<group>))) 1545 Changes the link(<group>)(TYPE_GROUP) of the file system entry before 1546 accessing it, using the 1547 code(chown()) system call. This call might require group membership or root 1548 privilege. 1549label(OPTION_PERM_EARLY)dit(bf(tt(perm-early=<mode>))) 1550 Changes the <mode> [link(mode_t)(TYPE_MODE_T)] of the file system entry 1551 before accessing it, using the 1552 code(chmod()) system call. This call might require ownership or root 1553 privilege. 1554label(OPTION_UMASK)dit(bf(tt(umask=<mode>))) 1555 Sets the umask of the process to <mode> [link(mode_t)(TYPE_MODE_T)] before 1556 accessing the file system entry (useful 1557 with unixdomain() sockets!). This call might affect all further operations 1558 of the socat() process! 1559label(OPTION_UNLINK_EARLY)dit(bf(tt(unlink-early))) 1560 Unlinks (removes) the file before opening it and even before applying 1561 user-early etc. 1562label(OPTION_UNLINK)dit(bf(tt(unlink))) 1563 Unlinks (removes) the file before accessing it, but after user-early etc. 1564label(OPTION_UNLINK_LATE)dit(bf(tt(unlink-late))) 1565 Unlinks (removes) the file after opening it to make it inaccessible for 1566 other processes after a short race condition. 1567label(OPTION_UNLINK_CLOSE)dit(bf(tt(unlink-close))) 1568 Removes the addresses file system entry when closing the address. 1569 For link(named pipes)(ADDRESS_NAMED_PIPE), 1570 link(listening unix domain sockets)(ADDRESS_UNIX_LISTEN), 1571 and the link(symbolic links)(OPTION_SYMBOLIC_LINK) of link(pty addresses)(ADDRESS_PTY), 1572 the default is 1; for link(created files)(ADDRESS_CREAT), 1573 link(opened files)(ADDRESS_OPEN), 1574 link(generic opened files)(ADDRESS_GOPEN), and 1575 link(client unix domain sockets)(ADDRESS_UNIX_CONNECT) the default is 0. 1576enddit() 1577 1578startdit()enddit()nl() 1579 1580 1581label(GROUP_OPEN)em(bf(OPEN option group)) 1582 1583The OPEN group options allow to set flags with the code(open()) system call. 1584E.g., option `creat' sets the code(O_CREAT) flag.nl() 1585See also options link(append)(OPTION_APPEND) and 1586link(nonblock)(OPTION_NONBLOCK). 1587startdit() 1588label(OPTION_O_CREAT)dit(bf(tt(creat=<bool>))) 1589 Creates the file if it does not exist (link(example)(EXAMPLE_OPTION_CREAT)). 1590label(OPTION_DSYNC)dit(bf(tt(dsync=<bool>))) 1591 Blocks code(write()) calls until metainfo is physically written to media. 1592label(OPTION_EXCL)dit(bf(tt(excl=<bool>))) 1593 With option creat, if file exists this is an error. 1594label(OPTION_LARGEFILE)dit(bf(tt(largefile=<bool>))) 1595 On 32 bit systems, allows a file larger than 2^31 bytes. 1596label(OPTION_O_NOATIME)dit(bf(tt(noatime))) 1597 Sets the O_NOATIME options, so reads do not change the access timestamp. 1598label(OPTION_NOCTTY)dit(bf(tt(noctty=<bool>))) 1599 Does not make this file the controlling terminal. 1600label(OPTION_NOFOLLOW)dit(bf(tt(nofollow=<bool>))) 1601 Does not follow symbolic links. 1602label(OPTION_NSHARE)dit(bf(tt(nshare=<bool>))) 1603 Does not allow to share this file with other processes. 1604label(OPTION_RSHARE)dit(bf(tt(rshare=<bool>))) 1605 Does not allow other processes to open this file for writing. 1606label(OPTION_RSYNC)dit(bf(tt(rsync=<bool>))) 1607 Blocks code(write()) until metainfo is physically written to media. 1608label(OPTION_SYNC)dit(bf(tt(sync=<bool>))) 1609 Blocks code(write()) until data is physically written to media. 1610COMMENT(label(OPTION_DEFER)dit(bf(tt(defer=<bool>))) 1611 Temporarily stores write data in paging space.) 1612COMMENT(label(OPTION_DELAY)dit(bf(tt(delay=<bool>))) 1613 Blocks code(open()) until share conditions are fulfilled.) 1614COMMENT(label(OPTION_DIRECT)dit(bf(tt(direct=<bool>)))) 1615COMMENT(label(OPTION_DIRECTORY)dit(bf(tt(directory=<bool>))) 1616 Fails if file is not a directory. Not useful with socat().) 1617label(OPTION_RDONLY)dit(bf(tt(rdonly=<bool>))) 1618 Opens the file for reading only. 1619COMMENT(label(OPTION_RDWR)dit(bf(tt(rdwr=<bool>))) 1620 Opens the file for reading and writing.) 1621label(OPTION_WRONLY)dit(bf(tt(wronly=<bool>))) 1622 Opens the file for writing only. 1623label(OPTION_O_TRUNC)dit(bf(tt(trunc))) 1624 Truncates the file to size 0 during opening it. 1625enddit() 1626 1627 1628startdit()enddit()nl() 1629 1630 1631label(GROUP_REG)em(bf(REG and BLK option group)) 1632 1633These options are usually applied to a unix() file descriptor, but their 1634semantics make sense only on a file supporting random access. 1635startdit() 1636label(OPTION_SEEK)dit(bf(tt(seek=<offset>))) 1637 Applies the code(lseek(fd, <offset>, SEEK_SET)) (or code(lseek64)) system 1638 call, thus positioning the file pointer absolutely to <offset> 1639 [link(off_t)(TYPE_OFF) or link(off64_t)(TYPE_OFF64)]. Please note that a 1640 missing value defaults to 1, not 0. 1641label(OPTION_SEEK_CUR)dit(bf(tt(seek-cur=<offset>))) 1642 Applies the code(lseek(fd, <offset>, SEEK_CUR)) (or code(lseek64)) system 1643 call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or 1644 link(off64_t)(TYPE_OFF64)] bytes relatively to its current position (which 1645 is usually 0). Please note that a missing value defaults to 1, not 0. 1646label(OPTION_SEEK_END)dit(bf(tt(seek-end=<offset>))) 1647 Applies the code(lseek(fd, <offset>, SEEK_END)) (or code(lseek64)) system 1648 call, thus positioning the file pointer <offset> [link(off_t)(TYPE_OFF) or 1649 link(off64_t)(TYPE_OFF64)] bytes relatively to the files current end. Please 1650 note that a missing value defaults to 1, not 0. 1651label(OPTION_FTRUNCATE)dit(bf(tt(ftruncate=<offset>))) 1652 Applies the code(ftruncate(fd, <offset>)) 1653 (or code(ftruncate64) if available) system call, thus 1654 truncating the file at the position <offset> [link(off_t)(TYPE_OFF) or 1655 link(off64_t)(TYPE_OFF64)]. Please note that a missing value defaults to 1, 1656 not 0. 1657 1658label(OPTION_EXT2_SECRM_FL)dit(bf(tt(secrm=<bool>))) 1659label(OPTION_EXT2_UNRM)dit(bf(tt(unrm=<bool>))) 1660label(OPTION_EXT2_COMPR)dit(bf(tt(compr=<bool>))) 1661label(OPTION_EXT2_SYNC)dit(bf(tt(ext2-sync=<bool>))) 1662label(OPTION_EXT2_IMMUTABLE)dit(bf(tt(immutable=<bool>))) 1663label(OPTION_EXT2_APPEND)dit(bf(tt(ext2-append=<bool>))) 1664label(OPTION_EXT2_NODUMP)dit(bf(tt(nodump=<bool>))) 1665label(OPTION_EXT2_NOATIME)dit(bf(tt(ext2-noatime=<bool>))) 1666label(OPTION_EXT2_JOURNAL_DATA)dit(bf(tt(journal-data=<bool>))) 1667label(OPTION_EXT2_NOTAIL)dit(bf(tt(notail=<bool>))) 1668label(OPTION_EXT2_DIRSYNC)dit(bf(tt(dirsync=<bool>))) 1669 These options change non standard file attributes on operating systems and 1670 file systems that support these features, like Linux with ext2fs, 1671 ext3fs, or reiserfs. See man 1 chattr for information on these options. 1672 Please note that there might be a race condition between creating the file 1673 and applying these options. 1674enddit() 1675 1676startdit()enddit()nl() 1677 1678 1679label(GROUP_PROCESS)em(bf(PROCESS option group)) 1680 1681Options of this group change the process properties instead of just affecting 1682one data channel. 1683For EXEC and SYSTEM addresses and for LISTEN and CONNECT type addresses with 1684option FORK, 1685these options apply to the child processes instead of the main socat process. 1686startdit() 1687label(OPTION_CHROOT)dit(bf(tt(chroot=<directory>))) 1688 Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY) 1689 after processing the address (link(example)(EXAMPLE_OPTION_CHROOT)). This call might require root privilege. 1690label(OPTION_CHROOT_EARLY)dit(bf(tt(chroot-early=<directory>))) 1691 Performs a code(chroot()) operation to link(<directory>)(TYPE_DIRECTORY) 1692 before opening the address. This call might require root privilege. 1693label(OPTION_SETGID)dit(bf(tt(setgid=<group>))) 1694 Changes the primary link(<group>)(TYPE_GROUP) of the process after 1695 processing the address. This call might require root privilege. Please note 1696 that this option does not drop other group related privileges. 1697label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=<group>))) 1698 Like link(setgit)(OPTION_SETGID) but is performed before opening the address. 1699label(OPTION_SETUID)dit(bf(tt(setuid=<user>))) 1700 Changes the link(<user>)(TYPE_USER) (owner) of the process after processing 1701 the address. This call might require root privilege. Please note that this 1702 option does not drop group related privileges. Check if option 1703 link(su)(OPTION_SUBSTUSER) better fits your needs. 1704label(OPTION_SETUID_EARLY)dit(bf(tt(setuid-early=<user>))) 1705 Like link(setuid)(OPTION_SETUID) but is performed before opening the 1706 address. 1707label(OPTION_SUBSTUSER)dit(bf(tt(su=<user>))) 1708 Changes the link(<user>)(TYPE_USER) (owner) and groups of the process after 1709 processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER)). This call might require root privilege. 1710label(OPTION_SUBSTUSER_DELAYED)dit(bf(tt(su-d=<user>))) 1711 Short name for tt(substuser-delayed). 1712 COMMENT(Short name for bf(tt(substuser-delayed) ).) 1713 Changes the link(<user>)(TYPE_USER) 1714 (owner) and groups of the process after processing the address (link(example)(EXAMPLE_OPTION_SUBSTUSER_DELAYED)). 1715 The user and his groups are retrieved em(before) a possible 1716 code(chroot()). This call might require root privilege. 1717label(OPTION_SETPGID)dit(bf(tt(setpgid=<pid_t>))) 1718 Makes the process a member of the specified process group 1719 link(<pid_t>)(TYPE_PID_T). If no value 1720 is given, or if the value is 0 or 1, the process becomes leader of a new 1721 process group. 1722label(OPTION_SETSID)dit(bf(tt(setsid))) 1723 Makes the process the leader of a new session (link(example)(EXAMPLE_OPTION_SETSID)). 1724enddit() 1725 1726startdit()enddit()nl() 1727 1728 1729label(GROUP_READLINE)em(bf(READLINE option group)) 1730 1731These options apply to the readline address type. 1732startdit() 1733label(OPTION_HISTORY)dit(bf(tt(history=<filename>))) 1734 Reads and writes history from/to link(<filename>)(TYPE_FILENAME) (link(example)(EXAMPLE_OPTION_HISTORY)). 1735label(OPTION_NOPROMPT)dit(bf(tt(noprompt))) 1736 Since version 1.4.0, socat per default tries to determine a prompt - 1737 that is then passed to the readline call - by remembering the last 1738 incomplete line of the output. With this option, socat does not pass a 1739 prompt to readline, so it begins line editing in the first column 1740 of the terminal. 1741label(OPTION_NOECHO)dit(bf(tt(noecho=<pattern>))) 1742 Specifies a regular pattern for a prompt that prevents the following input 1743 line from being displayed on the screen and from being added to the history. 1744 The prompt is defined as the text that was output to the readline address 1745 after the lastest newline character and before an input character was 1746 typed. The pattern is a regular expression, e.g. 1747 "^[Pp]assword:.*$" or "([Uu]ser:|[Pp]assword:)". See regex\(7) for details. 1748 (link(example)(EXAMPLE_OPTION_NOECHO)) 1749label(OPTION_PROMPT)dit(bf(tt(prompt=<string>))) 1750 Passes the string as prompt to the readline function. readline prints this 1751 prompt when stepping through the history. If this string matches a constant 1752 prompt issued by an interactive program on the other socat address, 1753 consistent look and feel can be archieved. 1754enddit() 1755 1756startdit()enddit()nl() 1757 1758 1759label(GROUP_APPLICATION)em(bf(APPLICATION option group)) 1760 1761This group contains options that work at data level. 1762Note that these options only apply to the "raw" data transferred by socat, 1763but not to protocol data used by addresses like 1764link(PROXY)(ADDRESS_PROXY_CONNECT). 1765startdit() 1766label(OPTION_CR)dit(bf(tt(cr))) 1767 Converts the default line termination character NL ('\n', 0x0a) to/from CR 1768 ('\r', 0x0d) when writing/reading on this channel. 1769label(OPTION_CRNL)dit(bf(tt(crnl))) 1770 Converts the default line termination character NL ('\n', 0x0a) to/from CRNL 1771 ("\r\n", 0x0d0a) when writing/reading on this channel (link(example)(EXAMPLE_OPTION_CRNL)). 1772 Note: socat simply strips all CR characters. 1773label(OPTION_IGNOREEOF)dit(bf(tt(ignoreeof))) 1774 When EOF occurs on this channel, socat() ignores it and tries to read more 1775 data (like "tail -f") (link(example)(EXAMPLE_OPTION_IGNOREEOF)). 1776label(OPTION_READBYTES)dit(bf(tt(readbytes=<bytes>))) 1777 socat() reads only so many bytes from this address (the address provides 1778 only so many bytes for transfer and pretends to be at EOF afterwards). 1779 Must be greater than 0. 1780label(OPTION_LOCKFILE)dit(bf(tt(lockfile=<filename>))) 1781 If lockfile exists, exits with error. If lockfile does not exist, creates it 1782 and continues, unlinks lockfile on exit. 1783label(OPTION_WAITLOCK)dit(bf(tt(waitlock=<filename>))) 1784 If lockfile exists, waits until it disappears. When lockfile does not exist, 1785 creates it and continues, unlinks lockfile on exit. 1786label(OPTION_ESCAPE)dit(bf(tt(escape=<int>))) 1787 Specifies the numeric code of a character that triggers EOF on the input 1788 stream. It is useful with a terminal in raw mode 1789 (link(example)(EXAMPLE_OPTION_ESCAPE)). 1790enddit() 1791 1792startdit()enddit()nl() 1793 1794 1795label(GROUP_SOCKET)em(bf(SOCKET option group)) 1796 1797These options are intended for all kinds of sockets, e.g. IP or unixdomain(). Most are applied with a code(setsockopt()) call. 1798startdit() 1799label(OPTION_BIND)dit(bf(tt(bind=<sockname>))) 1800 Binds the socket to the given socket address using the code(bind()) system 1801 call. The form of <sockname> is socket domain dependent: 1802 IP4 and IP6 allow the form [hostname|hostaddress][:(service|port)] (link(example)(EXAMPLE_OPTION_BIND_TCP4)), 1803 unixdomain() sockets require link(<filename>)(TYPE_FILENAME). 1804label(OPTION_CONNECT_TIMEOUT)dit(bf(tt(connect-timeout=<seconds>))) 1805 Abort the connection attempt after <seconds> [link(timeval)(TYPE_TIMEVAL)] 1806 with error status. 1807label(OPTION_SO_BINDTODEVICE)dit(bf(tt(so-bindtodevice=<interface>))) 1808 Binds the socket to the given link(<interface>)(TYPE_INTERFACE). 1809 This option might require root privilege. 1810label(OPTION_SO_BROADCAST)dit(bf(tt(broadcast))) 1811 For datagram sockets, allows sending to broadcast addresses and receiving 1812 packets addressed to broadcast addresses. 1813COMMENT(label(OPTION_BSDCOMPAT)dit(bf(tt(bsdcompat))) 1814 Emulates some (old?) bugs of the BSD socket implementation.) 1815label(OPTION_DEBUG)dit(bf(tt(debug))) 1816 Enables socket debugging. 1817label(OPTION_DONTROUTE)dit(bf(tt(dontroute))) 1818 Only communicates with directly connected peers, does not use routers. 1819label(OPTION_KEEPALIVE)dit(bf(tt(keepalive))) 1820 Enables sending keepalives on the socket. 1821label(OPTION_LINGER)dit(bf(tt(linger=<seconds>))) 1822 Blocks code(shutdown()) or code(close()) until data transfers have finished 1823 or the given timeout [link(int)(TYPE_INT)] expired. 1824COMMENT(label(OPTION_NOREUSEADDR)dit(bf(tt(noreuseaddr))) 1825 Set the code(SO_NOREUSEADDR) socket option.) 1826label(OPTION_OOBINLINE)dit(bf(tt(oobinline))) 1827 Places out-of-band data in the input data stream. 1828label(OPTION_PRIORITY)dit(bf(tt(priority=<priority>))) 1829 Sets the protocol defined <priority> [link(<int>)(TYPE_INT)] for outgoing 1830 packets. 1831label(OPTION_RCVBUF)dit(bf(tt(rcvbuf=<bytes>))) 1832 Sets the size of the receive buffer after the code(socket()) call to 1833 <bytes> [link(int)(TYPE_INT)]. With TCP 1834 sockets, this value corresponds to the socket's maximal window size. 1835label(OPTION_RCVBUF_LATE)dit(bf(tt(rcvbuf-late=<bytes>))) 1836 Sets the size of the receive buffer when the socket is already 1837 connected to <bytes> [link(int)(TYPE_INT)]. 1838 With TCP sockets, this value corresponds to the socket's 1839 maximal window size. 1840label(OPTION_RCVLOWAT)dit(bf(tt(rcvlowat=<bytes>))) 1841 Specifies the minimum number of received bytes [link(int)(TYPE_INT)] until 1842 the socket layer will pass the buffered data to socat(). 1843label(OPTION_RCVTIMEO)dit(bf(tt(rcvtimeo=<seconds>))) 1844 Sets the receive timeout [link(timeval)(TYPE_TIMEVAL)]. 1845label(OPTION_REUSEADDR)dit(bf(tt(reuseaddr))) 1846 Allows other sockets to bind to an address even if parts of it (e.g. the 1847 local port) are already in use by socat() (link(example)(EXAMPLE_OPTION_REUSEADDR)). 1848label(OPTION_SNDBUF)dit(bf(tt(sndbuf=<bytes>))) 1849 Sets the size of the send buffer after the code(socket()) call to 1850 <bytes> [link(int)(TYPE_INT)]. 1851label(OPTION_SNDBUF_LATE)dit(bf(tt(sndbuf-late=<bytes>))) 1852 Sets the size of the send buffer when the socket is connected to 1853 <bytes> [link(int)(TYPE_INT)]. 1854label(OPTION_SNDLOWAT)dit(bf(tt(sndlowat=<bytes>))) 1855 Specifies the minimum number of bytes in the send buffer until the socket 1856 layer will send the data to <bytes> [link(int)(TYPE_INT)]. 1857label(OPTION_SNDTIMEO)dit(bf(tt(sndtimeo=<seconds>))) 1858 Sets the send timeout to seconds [link(timeval)(TYPE_TIMEVAL)]. 1859label(OPTION_PROTOCOL_FAMILY)dit(bf(tt(pf=<string>))) 1860 Forces the use of the specified IP version or protocol. <string> can be 1861 something like "ip4" or "ip6". The resulting value is 1862 used as first argument to the code(socket()) or code(socketpair()) calls. 1863 This option affects address resolution and the required syntax of bind and 1864 range options. 1865label(OPTION_SO_TYPE)dit(bf(tt(type=<type>))) 1866 Sets the type of the socket, specified as second argument to the 1867 code(socket()) or code(socketpair()) calls, to <type> 1868 [link(int)(TYPE_INT)]. Address resolution is not affected by this option. 1869 Under Linux, 1 means stream oriented socket, 2 means datagram socket, and 3 1870 means raw socket. 1871label(OPTION_SO_PROTOTYPE)dit(bf(tt(prototype))) 1872 Sets the protocol of the socket, specified as third argument to the 1873 code(socket()) or code(socketpair()) calls, to <prototype> 1874 [link(int)(TYPE_INT)]. Address resolution is not affected by this option. 1875 6 means TCP, 17 means UDP. 1876COMMENT(label(OPTION_USELOOPBACK)dit(bf(tt(useloopback))) 1877 Sets the code(SO_USELOOPBACK) socket option.) 1878COMMENT(label(OPTION_ACCEPTCONN)dit(bf(tt(acceptconn))) 1879 Tries to set the code(SO_ACCEPTCONN) socket option.) 1880COMMENT(label(OPTION_ATTACHFILTER)dit(bf(tt(attachfilter))) 1881 Tries to set the code(SO_ATTACH_FILTER) socket option.) 1882COMMENT(label(OPTION_AUDIT)dit(bf(tt(audit))) 1883 Sets the code(SO_AUDIT) socket option.) 1884COMMENT(label(OPTION_CHSUMRECV)dit(bf(tt(cksumrecv))) 1885 Sets the code(SO_CKSUMRECV) socket option.) 1886COMMENT(label(OPTION_DETACHFILTER)dit(bf(tt(detachfilter))) 1887 Tries to set the code(SO_DETACH_FILTER) socket option.) 1888COMMENT(label(OPTION_DGRAMERRIND)dit(bf(tt(dgramerrind))) 1889 Sets the code(SO_DGRAM_ERRIND) socket option.) 1890COMMENT(label(OPTION_DONTLINGER)dit(bf(tt(dontlinger))) 1891 Sets the code(SO_DONTLINGER) socket option.) 1892COMMENT(label(OPTION_ERROR)dit(bf(tt(error))) 1893 Tries to set this read only socket option.) 1894COMMENT(label(OPTION_FIOSETOWN)dit(bf(tt(fiosetown=<pid_t>))) 1895 Sets the receiver of SIGIO.) 1896COMMENT(label(OPTION_KERNACCEPT)dit(bf(tt(kernaccept))) 1897 Sets the code(SO_KERNACCEPT) socket option.) 1898COMMENT(label(OPTION_NOCHECK)dit(bf(tt(nocheck))) 1899 Sets the code(SO_NO_CHECK) socket option. Undocumented...) 1900COMMENT(label(OPTION_PASSCRED)dit(bf(tt(passcred))) 1901 Set the code(SO_PASSCRED) socket option.) 1902COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred))) 1903 This is a read-only socket option.) 1904COMMENT(label(OPTION_REUSEPORT)dit(bf(tt(reuseport))) 1905 Set the code(SO_REUSEPORT) socket option.) 1906COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication))) 1907 Set the code(SO_SECURITY_AUTHENTICATION) socket option.) 1908COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork))) 1909 Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.) 1910COMMENT(label(OPTION_SECURITYENCRYPTIONTRANSPORT)dit(bf(tt(securityencryptiontransport))) 1911 Set the code(SO_SECURITY_ENCRYPTION_TRANSPORT) socket option.) 1912COMMENT(label(OPTION_SIOCSPGRP)dit(bf(tt(siocspgrp=<pid_t>))) 1913 Set the SIOCSPGRP with code(ioclt()) to enable SIGIO.) 1914COMMENT(label(OPTION_USEIFBUFS)dit(bf(tt(useifbufs))) 1915 Set the code(SO_USE_IFBUFS) socket option.) 1916label(OPTION_SO_TIMESTAMP)dit(bf(tt(so-timestamp))) 1917 Sets the SO_TIMESTAMP socket option. This enables receiving and logging of 1918 timestamp ancillary messages. 1919label(OPTION_SETSOCKOPT_INT)dit(bf(tt(setsockopt-int=<level>:<optname>:<optval>))) 1920 Invokes tt(setsockopt()) for the socket with the given parameters. tt(level) 1921 [link(int)(TYPE_INT)] is used as second argument to tt(setsockopt()) and 1922 specifies the layer, e.g. SOL_TCP for TCP (6 on Linux), or SOL_SOCKET for 1923 the socket layer (1 on Linux). tt(optname) [link(int)(TYPE_INT)] is the 1924 third argument to tt(setsockopt()) and tells which socket option is to be 1925 set. For the actual numbers you might have to look up the appropriate include 1926 files of your system. The 4th tt(setsockopt()) parameter, tt(value) 1927 [link(int)(TYPE_INT)], is passed to the function per pointer, and for the 1928 length parameter sizeof\(int) is taken implicitely. 1929label(OPTION_SETSOCKOPT_BIN)dit(bf(tt(setsockopt-bin=<level>:<optname>:<optval>))) 1930 Like tt(setsockopt-int), but <optval> must be provided in 1931 link(dalan)(TYPE_DATA) format and specifies an arbitrary sequence of bytes; 1932 the length parameter is automatically derived from the data. 1933label(OPTION_SETSOCKOPT_STRING)dit(bf(tt(setsockopt-string=<level>:<optname>:<optval>))) 1934 Like tt(setsockopt-int), but <optval> must be a link(string)(TYPE_STRING). 1935 This string is passed to the function with trailing null character, and the 1936 length parameter is automatically derived from the data. 1937enddit() 1938 1939startdit()enddit()nl() 1940 1941 1942label(GROUP_SOCK_UNIX)em(bf(UNIX option group)) 1943 1944These options apply to UNIX domain based addresses. 1945startdit() 1946label(OPTION_UNIX_TIGHTSOCKLEN)dit(bf(tt(unix-tightsocklen=[0|1]))) 1947 On socket operations, pass a socket address length that does not include the 1948 whole code(struct sockaddr_un) record but (besides other components) only 1949 the relevant part of the filename or abstract string. Default is 1. 1950enddit() 1951 1952label(GROUP_IP4) 1953label(GROUP_IP)em(bf(IP4 and IP6 option groups)) 1954 1955These options can be used with IPv4 and IPv6 based sockets. 1956startdit() 1957label(OPTION_TOS)dit(bf(tt(tos=<tos>))) 1958 Sets the TOS (type of service) field of outgoing packets to <tos> 1959 [link(byte)(TYPE_BYTE)] (see RFC 791). 1960label(OPTION_TTL)dit(bf(tt(ttl=<ttl>))) 1961 Sets the TTL (time to live) field of outgoing packets to <ttl> 1962 [link(byte)(TYPE_BYTE)]. 1963label(OPTION_IPOPTIONS)dit(bf(tt(ip-options=<data>))) 1964 Sets IP options like source routing. Must be given in binary form, 1965 recommended format is a leading "x" followed by an even number of hex 1966 digits. This option may be used multiple times, data are appended. 1967 E.g., to connect to host 10.0.0.1 via some gateway using a loose source 1968 route, use the gateway as address parameter and set a loose source route 1969 using the option code(ip-options=x8307040a000001).nl() 1970 IP options are defined in RFC 791. COMMENT(, RFC 2113)nl() 1971COMMENT( x00 end of option list 1972 x01 no operation (nop) 1973 x0211 security 1974 x03 loose source route 1975 x09 strict source route 1976 x07 record route 1977 x0804 stream ID 1978 x44 internet timestamp) 1979label(OPTION_MTUDISCOVER)dit(bf(tt(mtudiscover=<0|1|2>))) 1980 Takes 0, 1, 2 to never, want, or always use path MTU discover on this 1981 socket. 1982COMMENT(label(OPTION_HRDINCL)dit(bf(tt(ip-hdrincl))) 1983 Tell the raw socket that the application data includes the IP header.) 1984COMMENT(label(OPTION_IP_MULTICAST_LOOP)dit(bf(tt(ip-multicastloop))) 1985 Allow looping back outgoing multicast to the local interface.) 1986COMMENT(label(OPTION_IP_MULTICAST_TTL)dit(bf(tt(ip-multicastttl))) 1987 Set the TTL for outgoing multicast packets.) 1988label(OPTION_IP_PKTINFO)dit(bf(tt(ip-pktinfo))) 1989 Sets the IP_PKTINFO socket option. This enables receiving and logging of 1990 ancillary messages containing destination address and interface (Linux) 1991 (link(example)(EXAMPLE_ANCILLARY)). 1992COMMENT(label(OPTION_PKTOPTS)dit(bf(tt(ip-pktopts))) 1993 Set the IP_PKTOPTIONS socket option.) 1994label(OPTION_IP_RECVERR)dit(bf(tt(ip-recverr))) 1995 Sets the IP_RECVERR socket option. This enables receiving and logging of 1996 ancillary messages containing detailled error information. 1997label(OPTION_IP_RECVOPTS)dit(bf(tt(ip-recvopts))) 1998 Sets the IP_RECVOPTS socket option. This enables receiving and logging of IP 1999 options ancillary messages (Linux, *BSD). 2000label(OPTION_IP_RECVTOS)dit(bf(tt(ip-recvtos))) 2001 Sets the IP_RECVTOS socket option. This enables receiving and logging of TOS 2002 (type of service) ancillary messages (Linux). 2003label(OPTION_IP_RECVTTL)dit(bf(tt(ip-recvttl))) 2004 Sets the IP_RECVTTL socket option. This enables receiving and logging of TTL 2005 (time to live) ancillary messages (Linux, *BSD). 2006COMMENT(label(OPTION_RETOPTS)dit(bf(tt(ip-retopts))) 2007 Set the IP_RETOPTS socket option.) 2008label(OPTION_IP_RECVDSTADDR)dit(bf(tt(ip-recvdstaddr))) 2009 Sets the IP_RECVDSTADDR socket option. This enables receiving and logging of 2010 ancillary messages containing destination address (*BSD) 2011 (link(example)(EXAMPLE_ANCILLARY)). 2012label(OPTION_IP_RECVIF)dit(bf(tt(ip-recvif))) 2013 Sets the IP_RECVIF socket option. This enables receiving and logging of 2014 interface ancillary messages (*BSD) (link(example)(EXAMPLE_ANCILLARY)). 2015COMMENT(label(OPTION_ROUTERALERT)dit(bf(tt(routeralert))) 2016 Set the IP_ROUTER_ALERT socket option.) 2017label(OPTION_IP_ADD_MEMBERSHIP) 2018dit(bf(tt(ip-add-membership=<multicast-address:interface-address>))) 2019dit(bf(tt(ip-add-membership=<multicast-address:interface-name>))) 2020dit(bf(tt(ip-add-membership=<multicast-address:interface-index>))) 2021dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-name>))) 2022dit(bf(tt(ip-add-membership=<multicast-address:interface-address:interface-index>))) 2023 Makes the socket member of the specified multicast group. This is currently 2024 only implemented for IPv4. The option takes the IP address of the multicast 2025 group and info about the desired network interface. The most common syntax 2026 is the first one, while the others are only available on systems that 2027 provide tt(struct mreqn) (Linux).nl() 2028 The indices of active network interfaces can be shown using the utility 2029 procan(). 2030label(OPTION_IP_MULTICAST_IF) 2031dit(bf(tt(ip-multicast-if=<hostname>))) 2032 Specifies hostname or address of the network interface to be used for 2033 multicast traffic. 2034label(OPTION_IP_MULTICAST_LOOP) 2035dit(bf(tt(ip-multicast-loop=<bool>))) 2036 Specifies if outgoing multicast traffic should loop back to the interface. 2037label(OPTION_IP_MULTICAST_TTL) 2038dit(bf(tt(ip-multicast-ttl=<byte>))) 2039 Sets the TTL used for outgoing multicast traffic. Default is 1. 2040label(OPTION_RES_DEBUG)dit(bf(tt(res-debug))) 2041label(OPTION_RES_AAONLY)dit(bf(tt(res-aaonly))) 2042label(OPTION_RES_USEVC)dit(bf(tt(res-usevc))) 2043label(OPTION_RES_PRIMARY)dit(bf(tt(res-primary))) 2044label(OPTION_RES_IGNTC)dit(bf(tt(res-igntc))) 2045label(OPTION_RES_RECURSE)dit(bf(tt(res-recurse))) 2046label(OPTION_RES_DEFNAMES)dit(bf(tt(res-defnames))) 2047label(OPTION_RES_STAYOPEN)dit(bf(tt(res-stayopen))) 2048label(OPTION_RES_DNSRCH)dit(bf(tt(res-dnsrch))) 2049 These options set the corresponding resolver (name resolution) option flags. 2050 Append "=0" to clear a default option. See man resolver\(5) for more 2051 information on these options. Note: these options are valid only for the 2052 address they are applied to. 2053 2054enddit() 2055 2056startdit()enddit()nl() 2057 2058 2059label(GROUP_IP6)em(bf(IP6 option group)) 2060 2061These options can only be used on IPv6 based sockets. See link(IP 2062options)(GROUP_IP) for options that can be applied to both IPv4 and IPv6 2063sockets. 2064startdit() 2065label(OPTION_IPV6_V6ONLY)dit(bf(tt(ipv6only=<bool>))) 2066 Sets the IPV6_V6ONLY socket option. If 0, the TCP stack will also accept 2067 connections using IPv4 protocol on the same port. The default is system 2068 dependent. 2069label(OPTION_IPV6_RECVDSTOPTS)dit(bf(tt(ipv6-recvdstopts))) 2070 Sets the IPV6_RECVDSTOPTS socket option. This enables receiving and logging 2071 of ancillary messages containing the destination options. 2072label(OPTION_IPV6_RECVHOPLIMIT)dit(bf(tt(ipv6-recvhoplimit))) 2073 Sets the IPV6_RECVHOPLIMIT socket option. This enables receiving and logging 2074 of ancillary messages containing the hoplimit. 2075label(OPTION_IPV6_RECVHOPOPTS)dit(bf(tt(ipv6-recvhopopts))) 2076 Sets the IPV6_RECVHOPOPTS socket option. This enables receiving and logging 2077 of ancillary messages containing the hop options. 2078label(OPTION_IPV6_RECVPKTINFO)dit(bf(tt(ipv6-recvpktinfo))) 2079 Sets the IPV6_RECVPKTINFO socket option. This enables receiving and logging 2080 of ancillary messages containing destination address and interface. 2081label(OPTION_IPV6_UNICAST_HOPS)dit(bf(tt(ipv6-unicast-hops=link(TYPE_INT)(<int>)))) 2082 Sets the IPV6_UNICAST_HOPS socket option. This sets the hop count limit 2083 (TTL) for outgoing unicast packets. 2084label(OPTION_IPV6_RECVRTHDR)dit(bf(tt(ipv6-recvrthdr))) 2085 Sets the IPV6_RECVRTHDR socket option. This enables receiving and logging 2086 of ancillary messages containing routing information. 2087label(OPTION_IPV6_TCLASS)dit(bf(tt(ipv6-tclass))) 2088 Sets the IPV6_TCLASS socket option. This sets the transfer class of outgoing 2089 packets. 2090label(OPTION_IPV6_RECVTCLASS)dit(bf(tt(ipv6-recvtclass))) 2091 Sets the IPV6_RECVTCLASS socket option. This enables receiving and logging 2092 of ancillary messages containing the transfer class. 2093enddit() 2094 2095startdit()enddit()nl() 2096 2097 2098label(GROUP_TCP)em(bf(TCP option group)) 2099 2100These options may be applied to TCP sockets. They work by invoking code(setsockopt()) with the appropriate parameters. 2101startdit() 2102label(OPTION_CORK)dit(bf(tt(cork))) 2103 Doesn't send packets smaller than MSS (maximal segment size). 2104label(OPTION_DEFER-ACCEPT)dit(bf(tt(defer-accept))) 2105 While listening, accepts connections only when data from the peer arrived. 2106label(OPTION_KEEPCNT)dit(bf(tt(keepcnt=<count>))) 2107 Sets the number of keepalives before shutting down the socket to 2108 <count> [link(int)(TYPE_INT)]. 2109label(OPTION_KEEPIDLE)dit(bf(tt(keepidle=<seconds>))) 2110 Sets the idle time before sending the first keepalive to <seconds> 2111 [link(int)(TYPE_INT)]. 2112label(OPTION_KEEPINTVL)dit(bf(tt(keepintvl=<seconds>))) 2113 Sets the interval between two keepalives to <seconds> 2114 [link(int)(TYPE_INT)]. 2115label(OPTION_LINGER2)dit(bf(tt(linger2=<seconds>))) 2116 Sets the time to keep the socket in FIN-WAIT-2 state to <seconds> 2117 [link(int)(TYPE_INT)]. 2118label(OPTION_MSS)dit(bf(tt(mss=<bytes>))) 2119 Sets the MSS (maximum segment size) after the code(socket()) call to <bytes> 2120 [link(int)(TYPE_INT)]. This 2121 value is then proposed to the peer with the SYN or SYN/ACK packet 2122 (link(example)(EXAMPLE_OPTION_MSS)). 2123label(OPTION_MSS_LATE)dit(bf(tt(mss-late=<bytes>))) 2124 Sets the MSS of the socket after connection has been established to <bytes> 2125 [link(int)(TYPE_INT)]. 2126label(OPTION_NODELAY)dit(bf(tt(nodelay))) 2127 Turns off the Nagle algorithm for measuring the RTT (round trip time). 2128label(OPTION_RFC1323)dit(bf(tt(rfc1323))) 2129 Enables RFC1323 TCP options: TCP window scale, round-trip time measurement 2130 (RTTM), and protect against wrapped sequence numbers (PAWS) (AIX). 2131label(OPTION_STDURG)dit(bf(tt(stdurg))) 2132 Enables RFC1122 compliant urgent pointer handling (AIX). 2133label(OPTION_SYNCNT)dit(bf(tt(syncnt=<count>))) 2134 Sets the maximal number of SYN retransmits during connect to <count> 2135 [link(int)(TYPE_INT)]. 2136COMMENT(label(OPTION_INFO)dit(bf(tt(info))) 2137 Tries to set the read-only TCP_INFO socket option.) 2138COMMENT(label(OPTION_WINDOW_CLAMP)dit(bf(tt(window-clamp))) 2139 Sets the TCP_WINDOW_CLAMP socket option.) 2140label(OPTION_TCP_MD5SIG)dit(bf(tt(md5sig))) 2141 Enables generation of MD5 digests on the packets (FreeBSD). 2142label(OPTION_TCP_NOOPT)dit(bf(tt(noopt))) 2143 Disables use of TCP options (FreeBSD, MacOSX). 2144label(OPTION_TCP_NOPUSH)dit(bf(tt(nopush))) 2145 sets the TCP_NOPUSH socket option (FreeBSD, MacOSX). 2146label(OPTION_TCP_SACK_DISABLE)dit(bf(tt(sack-disable))) 2147 Disables use the selective acknowledge feature (OpenBSD). 2148label(OPTION_TCP_SIGNATURE_ENABLE)dit(bf(tt(signature-enable))) 2149 Enables generation of MD5 digests on the packets (OpenBSD). 2150label(OPTION_TCP_ABORT_THRESHOLD)dit(bf(tt(abort-threshold=<milliseconds>))) 2151 Sets the time to wait for an answer of the peer on an established connection 2152 (HP-UX). 2153label(OPTION_TCP_CONN_ABORT_THRESHOLD)dit(bf(tt(conn-abort-threshold=<milliseconds>))) 2154 Sets the time to wait for an answer of the server during the initial connect 2155 (HP-UX). 2156label(OPTION_TCP_KEEPINIT)dit(bf(tt(keepinit))) 2157 Sets the time to wait for an answer of the server during connect\() before 2158 giving up. Value in half seconds, default is 150 (75s) (Tru64). 2159label(OPTION_TCP_PAWS)dit(bf(tt(paws))) 2160 Enables the "protect against wrapped sequence numbers" feature (Tru64). 2161label(OPTION_TCP_SACKENA)dit(bf(tt(sackena))) 2162 Enables selective acknowledge (Tru64). 2163label(OPTION_TCP_TSOPTENA)dit(bf(tt(tsoptena))) 2164 Enables the time stamp option that allows RTT recalculation on existing 2165 connections (Tru64). 2166enddit() 2167 2168startdit()enddit()nl() 2169 2170 2171label(GROUP_SCTP)em(bf(SCTP option group)) 2172 2173These options may be applied to SCTP stream sockets. 2174startdit() 2175label(OPTION_SCTP_NODELAY)dit(bf(tt(sctp-nodelay))) 2176 Sets the SCTP_NODELAY socket option that disables the Nagle algorithm. 2177label(OPTION_SCTP_MAXSEG)dit(bf(tt(sctp-maxseg=<bytes>))) 2178 Sets the SCTP_MAXSEG socket option to <bytes> [link(int)(TYPE_INT)]. This 2179 value is then proposed to the peer with the SYN or SYN/ACK packet. 2180enddit() 2181 2182startdit()enddit()nl() 2183 2184 2185em(bf(UDP, TCP, and SCTP option groups)) 2186 2187Here we find options that are related to the network port mechanism and thus 2188can be used with UDP, TCP, and SCTP client and server addresses. 2189startdit() 2190label(OPTION_SOURCEPORT)dit(bf(tt(sourceport=<port>))) 2191 For outgoing (client) TCP and UDP connections, it sets the source 2192 link(<port>)(TYPE_PORT) using an extra code(bind()) call. 2193 With TCP or UDP listen addresses, socat immediately shuts down the 2194 connection if the client does not use this sourceport (link(example)(EXAMPLE_OPTION_SOURCEPORT)). 2195label(OPTION_LOWPORT)dit(bf(tt(lowport))) 2196 Outgoing (client) TCP and UDP connections with this option use 2197 an unused random source port between 640 and 1023 incl. On UNIX class operating 2198 systems, this requires root privilege, and thus indicates that the 2199 client process is authorized by local root. 2200 TCP and UDP listen addresses with this option immediately shut down the 2201 connection if the client does not use a sourceport <= 1023. 2202 This mechanism can provide limited authorization under some circumstances. 2203enddit() 2204 2205startdit()enddit()nl() 2206 2207 2208label(GROUP_SOCKS)em(bf(SOCKS option group)) 2209 2210When using SOCKS type addresses, some socks specific options can be set. 2211startdit() 2212label(OPTION_SOCKSPORT)dit(bf(tt(socksport=<tcp service>))) 2213 Overrides the default "socks" service or port 1080 for the socks server 2214 port with link(<TCP service>)(TYPE_TCP_SERVICE). 2215label(OPTION_SOCKSUSER)dit(bf(tt(socksuser=<user>))) 2216 Sends the <user> [link(string)(TYPE_STRING)] in the username field to the 2217 socks server. Default is the actual user name ($LOGNAME or $USER) (link(example)(EXAMPLE_OPTION_SOCKSUSER)). 2218enddit() 2219 2220startdit()enddit()nl() 2221 2222 2223label(GROUP_HTTP)em(bf(HTTP option group)) 2224 2225Options that can be provided with HTTP type addresses. The only HTTP address 2226currently implemented is link(proxy-connect)(ADDRESS_PROXY_CONNECT). 2227 2228startdit() 2229label(OPTION_PROXYPORT)dit(bf(tt(proxyport=<TCP service>))) 2230 Overrides the default HTTP proxy port 8080 with 2231 link(<TCP service>)(TYPE_TCP_SERVICE). 2232label(OPTION_IGNORECR)dit(bf(tt(ignorecr))) 2233 The HTTP protocol requires the use of CR+NL as line terminator. When a proxy 2234 server violates this standard, socat might not understand its answer. 2235 This option directs socat to interprete NL as line terminator and 2236 to ignore CR in the answer. Nevertheless, socat sends CR+NL to the proxy. 2237label(OPTION_PROXY_AUTHORIZATION)dit(bf(tt(proxyauth=<username>:<password>))) 2238 Provide "basic" authentication to the proxy server. The argument to the 2239 option is used with a "Proxy-Authorization: Base" header in base64 encoded 2240 form.nl() 2241 Note: username and password are visible for every user on the local machine 2242 in the process list; username and password are transferred to the proxy 2243 server unencrypted (base64 encoded) and might be sniffed. 2244label(OPTION_PROXY_RESOLVE)dit(bf(tt(resolve))) 2245 Per default, socat sends to the proxy a CONNECT request containing the 2246 target hostname. With this option, socat resolves the hostname locally and 2247 sends the IP address. Please note that, according to RFC 2396, only name 2248 resolution to IPv4 addresses is implemented. 2249enddit() 2250 2251startdit()enddit()nl() 2252 2253 2254label(GROUP_RANGE)em(bf(RANGE option group)) 2255 2256These options check if a connecting client should be granted access. They can 2257be applied to listening and receiving network sockets. tcp-wrappers options 2258fall into this group. 2259startdit() 2260label(OPTION_RANGE)dit(bf(tt(range=<address-range>))) 2261 After accepting a connection, tests if the peer is within em(range). For 2262 IPv4 addresses, address-range takes the form address/bits, e.g. 2263 10.0.0.0/8, or address:mask, e.g. 10.0.0.0:255.0.0.0 (link(example)(EXAMPLE_OPTION_RANGE)); for IPv6, it is [ip6-address/bits], e.g. [::1/128]. 2264 If the client address does not match, socat() issues a warning and keeps 2265 listening/receiving. 2266label(OPTION_TCPWRAPPERS)dit(bf(tt(tcpwrap[=<name>]))) 2267 Uses Wietse Venema's libwrap (tcpd) library to determine 2268 if the client is allowed to connect. The configuration files are 2269 /etc/hosts.allow and /etc/hosts.deny per default, see "man 5 hosts_access" 2270 for more information. The optional <name> (type link(string)(TYPE_STRING)) 2271 is passed to the wrapper functions as daemon process name (link(example)(EXAMPLE_OPTION_TCPWRAPPERS)). 2272 If omitted, the basename of socats invocation (argv[0]) is passed. 2273 If both tcpwrap and range options are applied to an address, both 2274 conditions must be fulfilled to allow the connection. 2275label(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE)dit(bf(tt(allow-table=<filename>))) 2276 Takes the specified file instead of /etc/hosts.allow. 2277label(OPTION_TCPWRAP_HOSTS_DENY_TABLE)dit(bf(tt(deny-table=<filename>))) 2278 Takes the specified file instead of /etc/hosts.deny. 2279label(OPTION_TCPWRAP_ETC)dit(bf(tt(tcpwrap-etc=<directoryname>))) 2280 Looks for hosts.allow and hosts.deny in the specified directory. Is 2281 overridden by options link(hosts-allow)(OPTION_TCPWRAP_HOSTS_ALLOW_TABLE) 2282 and link(hosts-deny)(OPTION_TCPWRAP_HOSTS_DENY_TABLE). 2283enddit() 2284 2285startdit()enddit()nl() 2286 2287 2288label(GROUP_LISTEN)em(bf(LISTEN option group)) 2289 2290Options specific to listening sockets. 2291startdit() 2292label(OPTION_BACKLOG)dit(bf(tt(backlog=<count>))) 2293 Sets the backlog value passed with the code(listen()) system call to <count> 2294 [link(int)(TYPE_INT)]. Default is 5. 2295label(OPTION_MAX_CHILDREN)dit(bf(tt(max-children=<count>))) 2296 Limits the number of concurrent child processes [link(int)(TYPE_INT)]. 2297 Default is no limit. 2298enddit() 2299startdit()enddit()nl() 2300 2301 2302label(GROUP_CHILD)em(bf(CHILD option group)) 2303 2304Options for addresses with multiple connections via child processes. 2305startdit() 2306label(OPTION_FORK)dit(bf(tt(fork))) 2307 After establishing a connection, handles its channel in a child process and 2308 keeps the parent process attempting to produce more connections, either by 2309 listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl() 2310 SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child: 2311SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks 2312em(afterwards). 2313 RETRY and FOREVER options are not inherited by the child process.nl() 2314 On some operating systems (e.g. FreeBSD) this option does not work for 2315 UDP-LISTEN addresses.nl() 2316enddit() 2317 2318startdit()enddit()nl() 2319 2320 2321label(GROUP_EXEC)em(bf(EXEC option group)) 2322 2323Options for addresses that invoke a program. 2324startdit() 2325label(OPTION_PATH)dit(bf(tt(path=<string>))) 2326 Overrides the PATH environment variable for searching the program with 2327 link(<string>)(TYPE_STRING). This 2328 code($PATH) value is effective in the child process too. 2329label(OPTION_LOGIN)dit(bf(tt(login))) 2330 Prefixes code(argv[0]) for the code(execvp()) call with '-', thus making a 2331 shell behave as login shell. 2332enddit() 2333 2334startdit()enddit()nl() 2335 2336 2337label(GROUP_FORK)em(bf(FORK option group)) 2338 2339EXEC or SYSTEM addresses invoke a program using a child process and transfer data between socat() and the program. The interprocess communication mechanism can be influenced with the following options. Per 2340default, a code(socketpair()) is created and assigned to stdin and stdout of 2341the child process, while stderr is inherited from the socat() process, and the 2342child process uses file descriptors 0 and 1 for communicating with the main 2343socat process. 2344startdit() 2345label(OPTION_NOFORK)dit(bf(tt(nofork))) 2346 Does not fork a subprocess for executing the program, instead calls execvp\() 2347 or system\() directly from the actual socat instance. This avoids the 2348 overhead of another process between the program and its peer, 2349 but introduces a lot of restrictions: 2350 startit() 2351 it() this option can only be applied to the second socat() address. 2352 it() it cannot be applied to a part of a link(dual)(ADDRESS_DUAL) address. 2353 it() the first socat address cannot be OPENSSL or READLINE 2354 it() socat options -b, -t, -D, -l, -v, -x become useless 2355 it() for both addresses, options ignoreeof, cr, and crnl become useless 2356 it() for the second address (the one with option nofork), options 2357 append, metaCOMMENT(async,) cloexec, flock, user, group, mode, nonblock, 2358 perm-late, setlk, and setpgid cannot be applied. Some of these could be 2359 used on the first address though. 2360 endit() 2361label(OPTION_PIPES)dit(bf(tt(pipes))) 2362 Creates a pair of unnamed pipes for interprocess communication instead of a 2363 socket pair. 2364label(OPTION_OPENPTY)dit(bf(tt(openpty))) 2365 Establishes communication with the sub process using a pseudo terminal 2366 created with code(openpty()) instead of the default (socketpair or ptmx). 2367label(OPTION_PTMX)dit(bf(tt(ptmx))) 2368 Establishes communication with the sub process using a pseudo terminal 2369 created by opening file(/dev/ptmx) or file(/dev/ptc) instead of the default 2370 (socketpair). 2371label(OPTION_PTY)dit(bf(tt(pty))) 2372 Establishes communication with the sub process using a pseudo terminal 2373 instead of a socket pair. Creates the pty with an available mechanism. If 2374 openpty and ptmx are both available, it uses ptmx because this is POSIX 2375 compliant (link(example)(EXAMPLE_OPTION_PTY)). 2376label(OPTION_CTTY)dit(bf(tt(ctty))) 2377 Makes the pty the controlling tty of the sub process (link(example)(EXAMPLE_OPTION_CTTY)). 2378label(OPTION_STDERR)dit(bf(tt(stderr))) 2379 Directs stderr of the sub process to its output channel by making stderr a 2380 code(dup()) of stdout (link(example)(EXAMPLE_OPTION_STDERR)). 2381label(OPTION_FDIN)dit(bf(tt(fdin=<fdnum>))) 2382 Assigns the sub processes input channel to its file descriptor 2383 link(<fdnum>)(TYPE_FDNUM) 2384 instead of stdin (0). The program started from the subprocess has to use 2385 this fd for reading data from socat() (link(example)(EXAMPLE_OPTION_FDIN)). 2386label(OPTION_FDOUT)dit(bf(tt(fdout=<fdnum>))) 2387 Assigns the sub processes output channel to its file descriptor 2388 link(<fdnum>)(TYPE_FDNUM) 2389 instead of stdout (1). The program started from the subprocess has to use 2390 this fd for writing data to socat() (link(example)(EXAMPLE_OPTION_FDOUT)). 2391label(OPTION_SIGHUP)label(OPTION_SIGINT)label(OPTION_SIGQUIT)dit(bf(tt(sighup)), bf(tt(sigint)), bf(tt(sigquit))) 2392 Has socat() pass signals of this type to the sub process. 2393 If no address has this option, socat terminates on these signals. 2394enddit() 2395 2396startdit()enddit()nl() 2397 2398 2399label(GROUP_TERMIOS)em(bf(TERMIOS option group)) 2400 2401For addresses that work on a tty (e.g., stdio, file:/dev/tty, exec:...,pty), the terminal parameters defined in the unix() termios mechanism are made available as address option parameters. 2402Please note that changes of the parameters of your interactive terminal 2403remain effective after socat()'s termination, so you might have to enter "reset" 2404or "stty sane" in your shell afterwards. 2405For EXEC and SYSTEM addresses with option PTY, 2406these options apply to the pty by the child processes. 2407 2408startdit() 2409label(OPTION_B0)dit(bf(tt(b0))) 2410 Disconnects the terminal. 2411label(OPTION_B19200)dit(bf(tt(b19200))) 2412 Sets the serial line speed to 19200 baud. Some other rates are possible; use 2413something like tt(socat -hh |grep ' b[1-9]') to find all speeds supported by 2414your implementation.nl() 2415Note: On some operating systems, these options may not be 2416available. Use link(ispeed)(OPTION_ISPEED) or link(ospeed)(OPTION_OSPEED) 2417instead. 2418label(OPTION_ECHO)dit(bf(tt(echo=<bool>))) 2419 Enables or disables local echo (link(example)(EXAMPLE_OPTION_ECHO)). 2420label(OPTION_ICANON)dit(bf(tt(icanon=<bool>))) 2421 Sets or clears canonical mode, enabling line buffering and some special 2422 characters. 2423label(OPTION_RAW)dit(bf(tt(raw))) 2424 Sets raw mode, thus passing input and output almost unprocessed (link(example)(EXAMPLE_OPTION_RAW)). 2425label(OPTION_IGNBRK)dit(bf(tt(ignbrk=<bool>))) 2426 Ignores or interpretes the BREAK character (e.g., ^C) 2427label(OPTION_BRKINT)dit(bf(tt(brkint=<bool>))) 2428label(OPTION_BS0)dit(bf(tt(bs0))) 2429label(OPTION_BS1)dit(bf(tt(bs1))) 2430label(OPTION_BSDLY)dit(bf(tt(bsdly=<0|1>))) 2431label(OPTION_CLOCAL)dit(bf(tt(clocal=<bool>))) 2432 2433label(OPTION_CR0)label(OPTION_CR1)label(OPTION_CR2)label(OPTION_CR3) 2434mancommand(\.LP) 2435mancommand(\.nf) 2436mancommand(\fBcr0 2437cr1 2438cr2 2439cr3\fP) 2440mancommand(\.fi) 2441mancommand(\.IP) 2442htmlcommand(<dt><code><strong>cr0</strong><br> 2443<strong>cr1</strong><br> 2444<strong>cr2</strong><br> 2445<strong>cr3</strong></code><dd>) 2446 Sets the carriage return delay to 0, 1, 2, or 3, respectively. 2447 0 means no delay, the other values are terminal dependent. 2448 2449label(OPTION_CRDLY)dit(bf(tt(crdly=<0|1|2|3>))) 2450label(OPTION_CREAD)dit(bf(tt(cread=<bool>))) 2451label(OPTION_CRTSCTS)dit(bf(tt(crtscts=<bool>))) 2452 2453label(OPTION_CS5)label(OPTION_CS6)label(OPTION_CS7)label(OPTION_CS8) 2454mancommand(\.LP) 2455mancommand(\.nf) 2456mancommand(\fBcs5 2457cs6 2458cs7 2459cs8\fP) 2460mancommand(\.fi) 2461mancommand(\.IP) 2462htmlcommand(<dt><code><strong>cs5</strong><br> 2463<strong>cs6</strong><br> 2464<strong>cs7</strong><br> 2465<strong>cs8</strong></code><dd>) 2466 Sets the character size to 5, 6, 7, or 8 bits, respectively. 2467 2468label(OPTION_CSIZE)dit(bf(tt(csize=<0|1|2|3>))) 2469label(OPTION_CSTOPB)dit(bf(tt(cstopb=<bool>))) 2470 Sets two stop bits, rather than one. 2471label(OPTION_VDSUSP)dit(bf(tt(dsusp=<byte>))) 2472 Sets the value for the VDSUSP character that suspends the current foreground 2473 process and reactivates the shell (all except Linux). 2474label(OPTION_ECHOCTL)dit(bf(tt(echoctl=<bool>))) 2475 Echos control characters in hat notation (e.g. ^A) 2476label(OPTION_ECHOE)dit(bf(tt(echoe=<bool>))) 2477label(OPTION_ECHOK)dit(bf(tt(echok=<bool>))) 2478label(OPTION_ECHOKE)dit(bf(tt(echoke=<bool>))) 2479label(OPTION_ECHONL)dit(bf(tt(echonl=<bool>))) 2480label(OPTION_ECHOPRT)dit(bf(tt(echoprt=<bool>))) 2481label(OPTION_EOF)dit(bf(tt(eof=<byte>))) 2482label(OPTION_EOL)dit(bf(tt(eol=<byte>))) 2483label(OPTION_EOL2)dit(bf(tt(eol2=<byte>))) 2484label(OPTION_ERASE)dit(bf(tt(erase=<byte>))) 2485label(OPTION_DISCARD)dit(bf(tt(discard=<byte>))) 2486label(OPTION_FF0)dit(bf(tt(ff0))) 2487label(OPTION_FF1)dit(bf(tt(ff1))) 2488label(OPTION_FFDLY)dit(bf(tt(ffdly=<bool>))) 2489label(OPTION_FLUSHO)dit(bf(tt(flusho=<bool>))) 2490label(OPTION_HUPCL)dit(bf(tt(hupcl=<bool>))) 2491label(OPTION_ICRNL)dit(bf(tt(icrnl=<bool>))) 2492label(OPTION_IEXTEN)dit(bf(tt(iexten=<bool>))) 2493label(OPTION_IGNCR)dit(bf(tt(igncr=<bool>))) 2494label(OPTION_IGNPAR)dit(bf(tt(ignpar=<bool>))) 2495label(OPTION_IMAXBEL)dit(bf(tt(imaxbel=<bool>))) 2496label(OPTION_INLCR)dit(bf(tt(inlcr=<bool>))) 2497label(OPTION_INPCK)dit(bf(tt(inpck=<bool>))) 2498label(OPTION_INTR)dit(bf(tt(intr=<byte>))) 2499label(OPTION_ISIG)dit(bf(tt(isig=<bool>))) 2500label(OPTION_ISPEED)dit(bf(tt(ispeed=<unsigned-int>))) 2501 Set the baud rate for incoming data on this line.nl() 2502 See also: link(ospeed)(OPTION_OSPEED), link(b19200)(OPTION_B19200) 2503label(OPTION_ISTRIP)dit(bf(tt(istrip=<bool>))) 2504label(OPTION_IUCLC)dit(bf(tt(iuclc=<bool>))) 2505label(OPTION_IXANY)dit(bf(tt(ixany=<bool>))) 2506label(OPTION_IXOFF)dit(bf(tt(ixoff=<bool>))) 2507label(OPTION_IXON)dit(bf(tt(ixon=<bool>))) 2508label(OPTION_KILL)dit(bf(tt(kill=<byte>))) 2509label(OPTION_LNEXT)dit(bf(tt(lnext=<byte>))) 2510label(OPTION_MIN)dit(bf(tt(min=<byte>))) 2511label(OPTION_NL0)dit(bf(tt(nl0))) 2512 Sets the newline delay to 0. 2513label(OPTION_NL1)dit(bf(tt(nl1))) 2514label(OPTION_NLDLY)dit(bf(tt(nldly=<bool>))) 2515label(OPTION_NOFLSH)dit(bf(tt(noflsh=<bool>))) 2516label(OPTION_OCRNL)dit(bf(tt(ocrnl=<bool>))) 2517label(OPTION_OFDEL)dit(bf(tt(ofdel=<bool>))) 2518label(OPTION_OFILL)dit(bf(tt(ofill=<bool>))) 2519label(OPTION_OLCUC)dit(bf(tt(olcuc=<bool>))) 2520label(OPTION_ONLCR)dit(bf(tt(onlcr=<bool>))) 2521label(OPTION_ONLRET)dit(bf(tt(onlret=<bool>))) 2522label(OPTION_ONOCR)dit(bf(tt(onocr=<bool>))) 2523label(OPTION_OPOST)dit(bf(tt(opost=<bool>))) 2524 Enables or disables output processing; e.g., converts NL to CR-NL. 2525label(OPTION_OSPEED)dit(bf(tt(ospeed=<unsigned-int>))) 2526 Set the baud rate for outgoing data on this line.nl() 2527 See also: link(ispeed)(OPTION_ISPEED), link(b19200)(OPTION_B19200) 2528label(OPTION_PARENB)dit(bf(tt(parenb=<bool>))) 2529 Enable parity generation on output and parity checking for input. 2530label(OPTION_PARMRK)dit(bf(tt(parmrk=<bool>))) 2531label(OPTION_PARODD)dit(bf(tt(parodd=<bool>))) 2532label(OPTION_PENDIN)dit(bf(tt(pendin=<bool>))) 2533label(OPTION_QUIT)dit(bf(tt(quit=<byte>))) 2534label(OPTION_REPRINT)dit(bf(tt(reprint=<byte>))) 2535label(OPTION_SANE)dit(bf(tt(sane))) 2536 Brings the terminal to something like a useful default state. 2537label(OPTION_START)dit(bf(tt(start=<byte>))) 2538label(OPTION_STOP)dit(bf(tt(stop=<byte>))) 2539label(OPTION_SUSP)dit(bf(tt(susp=<byte>))) 2540label(OPTION_SWTC)dit(bf(tt(swtc=<byte>))) 2541label(OPTION_TAB0)dit(bf(tt(tab0))) 2542label(OPTION_TAB1)dit(bf(tt(tab1))) 2543label(OPTION_TAB2)dit(bf(tt(tab2))) 2544label(OPTION_TAB3)dit(bf(tt(tab3))) 2545label(OPTION_TABDLY)dit(bf(tt(tabdly=<unsigned-int>))) 2546label(OPTION_TIME)dit(bf(tt(time=<byte>))) 2547label(OPTION_TOSTOP)dit(bf(tt(tostop=<bool>))) 2548label(OPTION_VT0)dit(bf(tt(vt0))) 2549label(OPTION_VT1)dit(bf(tt(vt1))) 2550label(OPTION_VTDLY)dit(bf(tt(vtdly=<bool>))) 2551label(OPTION_WERASE)dit(bf(tt(werase=<byte>))) 2552label(OPTION_XCASE)dit(bf(tt(xcase=<bool>))) 2553label(OPTION_XTABS)dit(bf(tt(xtabs))) 2554label(OPTION_I_POP_ALL)dit(bf(tt(i-pop-all))) 2555 With UNIX System V STREAMS, removes all drivers from the stack. 2556label(OPTION_I_PUSH)dit(bf(tt(i-push=<string>))) 2557 With UNIX System V STREAMS, pushes the driver (module) with the given name 2558 (link(string)(TYPE_STRING)) onto the stack. For example, to make sure that a 2559 character device on Solaris supports termios etc, use the following options: 2560 tt(i-pop-all,i-push=ptem,i-push=ldterm,i-push=ttcompat) 2561enddit() 2562 2563startdit()enddit()nl() 2564 2565 2566label(GROUP_PTY)em(bf(PTY option group)) 2567 2568These options are intended for use with the link(pty)(ADDRESS_PTY) address 2569type. 2570 2571startdit() 2572label(OPTION_SYMBOLIC_LINK)dit(bf(tt(link=<filename>))) 2573 Generates a symbolic link that points to the actual pseudo terminal 2574 (pty). This might help 2575 to solve the problem that ptys are generated with more or less 2576 unpredictable names, making it difficult to directly access the socat 2577 generated pty automatically. With this option, the user can specify a "fix" 2578 point in the file hierarchy that helps him to access the actual pty 2579 (link(example)(EXAMPLE_OPTION_SYMBOLIC_LINK)). 2580 Beginning with socat() version 1.4.3, the symbolic link is removed when 2581 the address is closed (but see option link(unlink-close)(OPTION_UNLINK_CLOSE)). 2582label(OPTION_PTY_WAIT_SLAVE)dit(bf(tt(wait-slave))) 2583 Blocks the open phase until a process opens the slave side of the pty. 2584 Usually, socat continues after generating the pty with opening the next 2585 address or with entering the transfer loop. With the wait-slave option, 2586 socat waits until some process opens the slave side of the pty before 2587 continuing. 2588 This option only works if the operating system provides the tt(poll()) 2589 system call. And it depends on an undocumented behaviour of pty's, so it 2590 does not work on all operating systems. It has successfully been tested on 2591 Linux, FreeBSD, NetBSD, and on Tru64 with openpty. 2592label(OPTION_PTY_INTERVAL)dit(bf(tt(pty-interval=<seconds>))) 2593 When the link(wait-slave)(OPTION_PTY_WAIT_SLAVE) option is set, socat 2594 periodically checks the HUP condition using tt(poll()) to find if the pty's 2595 slave side has been opened. The default polling interval is 1s. Use the 2596 pty-interval option [link(timeval)(TYPE_TIMEVAL)] to change this value. 2597enddit() 2598 2599 2600startdit()enddit()nl() 2601 2602 2603label(GROUP_OPENSSL)em(bf(OPENSSL option group)) 2604 2605These options apply to the link(openssl)(ADDRESS_OPENSSL_CONNECT) and 2606link(openssl-listen)(ADDRESS_OPENSSL_LISTEN) address types. 2607 2608startdit() 2609label(OPTION_OPENSSL_CIPHERLIST)dit(bf(tt(cipher=<cipherlist>))) 2610 Selects the list of ciphers that may be used for the connection. 2611 See the man page of code(ciphers), section bf(CIPHER LIST FORMAT), for 2612 detailed information about syntax, values, and default of <cipherlist>.nl() 2613 Several cipher strings may be given, separated by ':'. 2614 Some simple cipher strings: 2615 startdit() 2616 dit(3DES) Uses a cipher suite with triple DES. 2617 dit(MD5) Uses a cipher suite with MD5. 2618 dit(aNULL) Uses a cipher suite without authentication. 2619 dit(NULL) Does not use encryption. 2620 dit(HIGH) Uses a cipher suite with "high" encryption. 2621 enddit() 2622 Note that the peer must support the selected property, or the negotiation 2623 will fail. 2624label(OPTION_OPENSSL_METHOD)dit(bf(tt(method=<ssl-method>))) 2625 Sets the protocol version to be used. Valid strings (not case sensitive) 2626 are: 2627 startdit() 2628 dit(tt(SSLv2)) Select SSL protocol version 2. 2629 dit(tt(SSLv3)) Select SSL protocol version 3. 2630 dit(tt(SSLv23)) Select SSL protocol version 2 or 3. This is the default when 2631 this option is not provided. 2632 dit(tt(TLSv1)) Select TLS protocol version 1. 2633 enddit() 2634label(OPTION_OPENSSL_VERIFY)dit(bf(tt(verify=<bool>))) 2635 Controls check of the peer's certificate. Default is 1 (true). Disabling 2636 verify might open your socket for everyone, making the encryption useless! 2637label(OPTION_OPENSSL_CERTIFICATE)dit(bf(tt(cert=<filename>))) 2638 Specifies the file with the certificate and private key for authentication. 2639 The certificate must be in OpenSSL format (*.pem). 2640 With openssl-listen, use of this option is strongly 2641 recommended. Except with cipher aNULL, "no shared ciphers" error will 2642 occur when no certificate is given. 2643label(OPTION_OPENSSL_KEY)dit(bf(tt(key=<filename>))) 2644 Specifies the file with the private key. The private key may be in this 2645 file or in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE) option. The party that has 2646 to proof that it is the owner of a certificate needs the private key. 2647label(OPTION_OPENSSL_DHPARAMS)dit(bf(tt(dhparams=<filename>))) 2648 Specifies the file with the Diffie Hellman parameters. These parameters may 2649 also be in the file given with the link(cert)(OPTION_OPENSSL_CERTIFICATE) 2650 option in which case the dhparams option is not needed. 2651label(OPTION_OPENSSL_CAFILE)dit(bf(tt(cafile=<filename>))) 2652 Specifies the file with the trusted (root) authority certificates. The file 2653 must be in PEM format and should contain one or more certificates. The party 2654 that checks the authentication of its peer trusts only certificates that are 2655 in this file. 2656label(OPTION_OPENSSL_CAPATH)dit(bf(tt(capath=<dirname>))) 2657 Specifies the directory with the trusted (root) certificates. The directory 2658 must contain certificates in PEM format and their hashes (see OpenSSL 2659 documentation) 2660label(OPTION_OPENSSL_EGD)dit(bf(tt(egd=<filename>))) 2661 On some systems, openssl requires an explicit source of random data. Specify 2662 the socket name where an entropy gathering daemon like egd provides random 2663 data, e.g. /dev/egd-pool. 2664label(OPTION_OPENSSL_PSEUDO)dit(bf(tt(pseudo))) 2665 On systems where openssl cannot find an entropy source and where no entropy 2666 gathering daemon can be utilized, this option activates a mechanism for 2667 providing pseudo entropy. This is archieved by taking the current time in 2668 microseconds for feeding the libc pseudo random number generator with an 2669 initial value. openssl is then feeded with output from random\() calls.nl() 2670 NOTE:This mechanism is not sufficient for generation of secure keys! 2671label(OPTION_OPENSSL_COMPRESS)dit(bf(tt(compress))) 2672 Enable or disable the use of compression for a connection. Setting this to 2673 "none" disables compression, setting it to "auto" lets OpenSSL choose the best 2674 available algorithm supported by both parties. The default is to not touch any 2675 compression-related settings. 2676 NOTE: Requires OpenSSL 0.9.8 or higher and disabling compression with 2677 OpenSSL 0.9.8 affects all new connections in the process. 2678label(OPTION_OPENSSL_FIPS)dit(bf(tt(fips))) 2679 Enables FIPS mode if compiled in. For info about the FIPS encryption 2680 implementation standard see lurl(http://oss-institute.org/fips-faq.html). 2681 This mode might require that the involved certificates are generated with a 2682 FIPS enabled version of openssl. Setting or clearing this option on one 2683 socat address affects all OpenSSL addresses of this process. 2684enddit() 2685 2686startdit()enddit()nl() 2687 2688 2689label(GROUP_RETRY)em(bf(RETRY option group)) 2690 2691Options that control retry of some system calls, especially connection 2692attempts. 2693 2694startdit() 2695label(OPTION_RETRY)dit(bf(tt(retry=<num>))) 2696 Number of retries before the connection or listen attempt is aborted. 2697 Default is 0, which means just one attempt. 2698label(OPTION_INTERVAL)dit(bf(tt(interval=<timespec>))) 2699 Time between consecutive attempts (seconds, 2700 [link(timespec)(TYPE_TIMESPEC)]). Default is 1 second. 2701label(OPTION_FOREVER)dit(bf(tt(forever))) 2702 Performs an unlimited number of retry attempts. 2703enddit() 2704 2705startdit()enddit()nl() 2706 2707 2708label(GROUP_TUN)em(bf(TUN option group)) 2709 2710Options that control Linux TUN/TAP interface device addresses. 2711 2712startdit() 2713label(OPTION_TUN_DEVICE)dit(bf(tt(tun-device=<device-file>))) 2714 Instructs socat to take another path for the TUN clone device. Default is 2715 tt(/dev/net/tun). 2716label(OPTION_TUN_NAME)dit(bf(tt(tun-name=<if-name>))) 2717 Gives the resulting network interface a specific name instead of the system 2718 generated (tun0, tun1, etc.) 2719label(OPTION_TUN_TYPE)dit(bf(tt(tun-type=[tun|tap]))) 2720 Sets the type of the TUN device; use this option to generate a TAP 2721 device. See the Linux docu for the difference between these types. 2722 When you try to establish a tunnel between two TUN devices, their types 2723 should be the same. 2724label(OPTION_IFF_NO_PI)dit(bf(tt(iff-no-pi))) 2725 Sets the IFF_NO_PI flag which controls if the device includes additional 2726 packet information in the tunnel. 2727 When you try to establish a tunnel between two TUN devices, these flags 2728 should have the same values. 2729label(OPTION_IFF_UP)dit(bf(tt(iff-up))) 2730 Sets the TUN network interface status UP. Strongly recommended. 2731label(OPTION_IFF_BROADCAST)dit(bf(tt(iff-broadcast))) 2732 Sets the BROADCAST flag of the TUN network interface. 2733label(OPTION_IFF_DEBUG)dit(bf(tt(iff-debug))) 2734 Sets the DEBUG flag of the TUN network interface. 2735label(OPTION_IFF_LOOPBACK)dit(bf(tt(iff-loopback))) 2736 Sets the LOOPBACK flag of the TUN network interface. 2737label(OPTION_IFF_POINTOPOINT)dit(bf(tt(iff-pointopoint))) 2738 Sets the POINTOPOINT flag of the TUN device. 2739label(OPTION_IFF_NOTRAILERS)dit(bf(tt(iff-notrailers))) 2740 Sets the NOTRAILERS flag of the TUN device. 2741label(OPTION_IFF_RUNNING)dit(bf(tt(iff-running))) 2742 Sets the RUNNING flag of the TUN device. 2743label(OPTION_IFF_NOARP)dit(bf(tt(iff-noarp))) 2744 Sets the NOARP flag of the TUN device. 2745label(OPTION_IFF_PROMISC)dit(bf(tt(iff-promisc))) 2746 Sets the PROMISC flag of the TUN device. 2747label(OPTION_IFF_ALLMULTI)dit(bf(tt(iff-allmulti))) 2748 Sets the ALLMULTI flag of the TUN device. 2749label(OPTION_IFF_MASTER)dit(bf(tt(iff-master))) 2750 Sets the MASTER flag of the TUN device. 2751label(OPTION_IFF_SLAVE)dit(bf(tt(iff-slave))) 2752 Sets the SLAVE flag of the TUN device. 2753label(OPTION_IFF_MULTICAST)dit(bf(tt(iff-multicast))) 2754 Sets the MULTICAST flag of the TUN device. 2755label(OPTION_IFFPORTSEL_)dit(bf(tt(iff-portsel))) 2756 Sets the PORTSEL flag of the TUN device. 2757label(OPTION_IFF_AUTOMEDIA)dit(bf(tt(iff-automedia))) 2758 Sets the AUTOMEDIA flag of the TUN device. 2759label(OPTION_IFF_DYNAMIC)dit(bf(tt(iff-dynamic))) 2760 Sets the DYNAMIC flag of the TUN device. 2761enddit() 2762 2763startdit()enddit()nl() 2764 2765 2766label(VALUES) 2767manpagesection(DATA VALUES) 2768 2769This section explains the different data types that address parameters and 2770address options can take. 2771 2772startdit() 2773label(TYPE_ADDRESS_RANGE)dit(address-range) 2774 Is currently only implemented for IPv4 and IPv6. See address-option 2775 link(`range')(OPTION_RANGE) 2776label(TYPE_BOOL)dit(bool) 2777 "0" or "1"; if value is omitted, "1" is taken. 2778label(TYPE_BYTE)dit(byte) 2779 An unsigned int number, read with code(strtoul()), lower or equal to 2780 code(UCHAR_MAX). 2781label(TYPE_COMMAND_LINE)dit(command-line) 2782 A string specifying a program name and its arguments, separated by single 2783 spaces. 2784label(TYPE_DATA)dit(data) 2785 A raw data specification following em(dalan) syntax. Currently the only 2786 valid form is a string starting with 'x' followed by an even number of hex 2787 digits, specifying a sequence of bytes. 2788label(TYPE_DIRECTORY)dit(directory) 2789 A string with usual unix() directory name semantics. 2790label(TYPE_FACILITY)dit(facility) 2791 The name of a syslog facility in lower case characters. 2792label(TYPE_FDNUM)dit(fdnum) 2793 An unsigned int type, read with code(strtoul()), specifying a unix() file 2794 descriptor. 2795label(TYPE_FILENAME)dit(filename) 2796 A string with usual unix() filename semantics. 2797label(TYPE_GROUP)dit(group) 2798 If the first character is a decimal digit, the value is read with 2799 code(strtoul()) as unsigned integer specifying a group id. Otherwise, it 2800 must be an existing group name. 2801label(TYPE_INT)dit(int) 2802 A number following the rules of the code(strtol()) function with base 2803 "0", i.e. decimal number, octal number with leading "0", or hexadecimal 2804 number with leading "0x". The value must fit into a C int. 2805label(TYPE_INTERFACE)dit(interface) 2806 A string specifying the device name of a network interface 2807 as shown by ifconfig or procan, e.g. "eth0". 2808label(TYPE_IP_ADDRESS)dit(IP address) 2809 An IPv4 address in numbers-and-dots notation, an IPv6 address in hex 2810 notation enclosed in brackets, or a hostname that resolves to an IPv4 or an 2811 IPv6 address.nl() 2812 Examples: 127.0.0.1, [::1], www.dest-unreach.org, dns1 2813label(TYPE_IPV4_ADDRESS)dit(IPv4 address) 2814 An IPv4 address in numbers-and-dots notation or a hostname that resolves to 2815 an IPv4 address.nl() 2816 Examples: 127.0.0.1, www.dest-unreach.org, dns2 2817label(TYPE_IPV6_ADDRESS)dit(IPv6 address) 2818 An iPv6 address in hexnumbers-and-colons notation enclosed in brackets, or a 2819 hostname that resolves to an IPv6 address.nl() 2820 Examples: [::1], [1234:5678:9abc:def0:1234:5678:9abc:def0], 2821 ip6name.domain.org 2822label(TYPE_LONG)dit(long) 2823 A number read with code(strtol()). The value must fit into a C long. 2824label(TYPE_LONGLONG)dit(long long) 2825 A number read with code(strtoll()). The value must fit into a C long long. 2826label(TYPE_OFF)dit(off_t) 2827 An implementation dependend signed number, usually 32 bits, read with strtol 2828 or strtoll. 2829label(TYPE_OFF64)dit(off64_t) 2830 An implementation dependend signed number, usually 64 bits, read with strtol 2831 or strtoll. 2832label(TYPE_MODE_T)dit(mode_t) 2833 An unsigned integer, read with code(strtoul()), specifying mode (permission) 2834 bits. 2835label(TYPE_PID_T)dit(pid_t) 2836 A number, read with code(strtol()), specifying a process id. 2837label(TYPE_PORT)dit(port) 2838 A uint16_t (16 bit unsigned number) specifying a TCP or UDP port, read 2839 with code(strtoul()). 2840label(TYPE_PROTOCOL)dit(protocol) 2841 An unsigned 8 bit number, read with code(strtoul()). 2842label(TYPE_SIZE_T)dit(size_t) 2843 An unsigned number with size_t limitations, read with code(strtoul). 2844label(TYPE_SOCKNAME)dit(sockname) 2845 A socket address. See address-option link(`bind')(OPTION_BIND) 2846label(TYPE_STRING)dit(string) 2847 A sequence of characters, not containing '\0' and, depending on 2848 the position within the command line, ':', ',', or "!!". Note 2849 that you might have to escape shell meta characters in the command line. 2850label(TYPE_TCP_SERVICE)dit(TCP service) 2851 A service name, not starting with a digit, that is resolved by 2852 code(getservbyname()), or an unsigned int 16 bit number read with 2853 code(strtoul()). 2854label(TYPE_TIMEVAL)dit(timeval) 2855 A double float specifying seconds; the number is mapped into a 2856 struct timeval, consisting of seconds and microseconds. 2857label(TYPE_TIMESPEC)dit(timespec) 2858 A double float specifying seconds; the number is mapped into a 2859 struct timespec, consisting of seconds and nanoseconds. 2860label(TYPE_UDP_SERVICE)dit(UDP service) 2861 A service name, not starting with a digit, that is resolved by 2862 code(getservbyname()), or an unsigned int 16 bit number read with 2863 code(strtoul()). 2864label(TYPE_UNSIGNED_INT)dit(unsigned int) 2865 A number read with code(strtoul()). The value must fit into a C unsigned 2866 int. 2867label(TYPE_USER)dit(user) 2868 If the first character is a decimal digit, the value is read with 2869 code(strtoul()) as unsigned integer specifying a user id. Otherwise, it must 2870 be an existing user name. 2871enddit() 2872 2873 2874label(EXAMPLES) 2875manpagesection(EXAMPLES) 2876 2877 2878startdit() 2879 2880label(EXAMPLE_ADDRESS_TCP4_CONNECT) 2881dit(bf(tt(socat - TCP4:www.domain.org:80))) 2882 2883transfers data between link(STDIO)(ADDRESS_STDIO) (-) and a 2884link(TCP4)(ADDRESS_TCP4_CONNECT) connection to port 80 of host 2885www.domain.org. This example results in an interactive connection similar to 2886telnet or netcat. The stdin terminal parameters are not changed, so you may 2887close the relay with ^D or abort it with ^C. 2888 2889label(EXAMPLE_ADDRESS_READLINE) 2890label(EXAMPLE_OPTION_HISTORY) 2891mancommand(\.LP) 2892mancommand(\.nf) 2893mancommand(\fBsocat -d -d READLINE,history=$HOME/.http_history \\ 2894TCP4:www.domain.org:www,crnl\fP) 2895mancommand(\.fi) 2896 2897htmlcommand(<dt><code><strong>socat -d -d READLINE,history=$HOME/.http_history \</strong><br> 2898<strong>TCP4:www.domain.org:www,crnl</strong></code><dd>) 2899 2900this is similar to the previous example, but you can edit the current line in a 2901bash like manner (link(READLINE)(ADDRESS_READLINE)) and use the 2902link(history)(OPTION_HISTORY) file .http_history; socat() prints messages about 2903progress (link(-d -d)(option_d_d)). The port is specified by service name 2904(www), and correct network line termination characters 2905(link(crnl)(OPTION_CRNL)) instead of NL are used. 2906 2907 2908label(EXAMPLE_ADDRESS_TCP4_LISTEN) 2909dit(bf(tt(socat TCP4-LISTEN:www TCP4:www.domain.org:www))) 2910 2911installs a simple TCP port forwarder. With 2912link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN) it listens on local port "www" until a 2913connection comes in, accepts it, then connects to the remote host 2914(link(TCP4)(ADDRESS_TCP4_CONNECT)) and starts data transfer. It will not accept 2915a econd connection. 2916 2917label(EXAMPLE_OPTION_BIND_TCP4) 2918label(EXAMPLE_OPTION_REUSEADDR) 2919label(EXAMPLE_OPTION_FORK) 2920label(EXAMPLE_OPTION_SUBSTUSER) 2921label(EXAMPLE_OPTION_RANGE) 2922mancommand(\.LP) 2923mancommand(\.nf) 2924mancommand(\fBsocat -d -d -lmlocal2 \\ 2925TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \\ 2926TCP4:www.domain.org:80,bind=myaddr2\fP) 2927mancommand(\.fi) 2928 2929htmlcommand(<dt><code><strong>socat -d -d -lmlocal2 \</strong><br> 2930<strong>TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \</strong><br> 2931<strong>TCP4:www.domain.org:80,bind=myaddr2</strong></code><dd>) 2932 2933TCP port forwarder, each side bound to another local IP address 2934(link(bind)(OPTION_BIND)). This example handles an almost 2935arbitrary number of parallel or consecutive connections by 2936link(fork)(OPTION_FORK)'ing a new 2937process after each code(accept()). It provides a little security by 2938link(su)(OPTION_SUBSTUSER)'ing to user 2939nobody after forking; it only permits connections from the private 10 network 2940(link(range)(OPTION_RANGE)); due to link(reuseaddr)(OPTION_REUSEADDR), it 2941allows immediate restart after master process's termination, even if some child 2942sockets are not completely shut down. 2943With link(-lmlocal2)(option_lm), socat logs to stderr until successfully 2944reaching the accept loop. Further logging is directed to syslog with facility 2945local2. 2946 2947label(EXAMPLE_ADDRESS_EXEC) 2948label(EXAMPLE_OPTION_TCPWRAPPERS) 2949label(EXAMPLE_OPTION_CHROOT) 2950label(EXAMPLE_OPTION_SUBSTUSER_DELAYED) 2951label(EXAMPLE_OPTION_PTY) 2952label(EXAMPLE_OPTION_STDERR) 2953mancommand(\.LP) 2954mancommand(\.nf) 2955mancommand(\fBsocat TCP4-LISTEN:5555,fork,tcpwrap=script \\ 2956EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr\fP) 2957mancommand(\.fi) 2958 2959htmlcommand(<dt><code><strong>socat TCP4-LISTEN:5555,fork,tcpwrap=script \</strong><br> 2960<strong>EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr</strong></code><dd>) 2961 2962a simple server that accepts connections 2963(link(TCP4-LISTEN)(ADDRESS_TCP4_LISTEN)) and link(fork)(OPTION_FORK)'s a new 2964child process for each connection; every child acts as single relay. 2965The client must match the rules for daemon process name "script" in 2966/etc/hosts.allow and /etc/hosts.deny, otherwise it is refused access (see "man 29675 hosts_access"). 2968For link(EXEC)(ADDRESS_EXEC)'uting the program, the child process 2969link(chroot)(OPTION_CHROOT)'s 2970to file(/home/sandbox), link(su)(OPTION_SUBSTUSER)'s to user sandbox, and then starts 2971the program file(/home/sandbox/bin/myscript). Socat() and 2972myscript communicate via a pseudo tty (link(pty)(OPTION_PTY)); myscript's 2973link(stderr)(OPTION_STDERR) is redirected to stdout, 2974so its error messages are transferred via socat() to the connected client. 2975 2976label(EXAMPLE_OPTION_FDIN) 2977label(EXAMPLE_OPTION_FDOUT) 2978label(EXAMPLE_OPTION_CRNL) 2979label(EXAMPLE_OPTION_MSS) 2980mancommand(\.LP) 2981mancommand(\.nf) 2982mancommand(\fBsocat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \\ 2983TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512\fP) 2984mancommand(\.fi) 2985 2986htmlcommand(<dt><code><strong>socat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \</strong><br> 2987<strong>TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512</strong></code><dd>) 2988 2989file(mail.sh) is a shell script, distributed with socat(), that implements a 2990simple 2991SMTP client. It is programmed to "speak" SMTP on its FDs 3 (in) and 4 (out). 2992The link(fdin)(OPTION_FDIN) and link(fdout)(OPTION_FDOUT) options tell socat() 2993to use these FDs for communication with 2994the program. Because mail.sh inherits stdin and stdout while socat() does not 2995use them, the script can read a 2996mail body from stdin. Socat() makes alias1 your local source address 2997(link(bind)(OPTION_BIND)), cares for correct network line termination 2998(link(crnl)(OPTION_CRNL)) and sends 2999at most 512 data bytes per packet (link(mss)(OPTION_MSS)). 3000 3001 3002label(EXAMPLE_ADDRESS_GOPEN) 3003label(EXAMPLE_OPTION_RAW) 3004label(EXAMPLE_OPTION_ECHO) 3005label(EXAMPLE_OPTION_ESCAPE) 3006dit(bf(tt(socat -,raw,echo=0,escape=0x0f /dev/ttyS0,raw,echo=0,crnl))) 3007 3008opens an interactive connection via the serial line, e.g. for talking with a 3009modem. link(raw)(OPTION_RAW) and link(echo)(OPTION_ECHO) set the console's and 3010ttyS0's terminal parameters to practicable values, link(crnl)(OPTION_CRNL) 3011converts to correct newline characters. link(escape)(OPTION_ESCAPE) allows to 3012terminate the socat process with character control-O. 3013Consider using link(READLINE)(ADDRESS_READLINE) instead of the first address. 3014 3015 3016label(EXAMPLE_ADDRESS_UNIX_LISTEN) 3017label(EXAMPLE_ADDRESS_SOCKS4) 3018label(EXAMPLE_OPTION_SOCKSUSER) 3019label(EXAMPLE_OPTION_SOURCEPORT) 3020mancommand(\.LP) 3021mancommand(\.nf) 3022mancommand(\fBsocat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \\ 3023SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20\fP) 3024mancommand(\.fi) 3025 3026htmlcommand(<dt><code><strong>socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \</strong><br> 3027<strong>SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20</strong></code><dd>) 3028 3029with link(UNIX-LISTEN)(ADDRESS_UNIX_LISTEN), socat() opens a listening 3030unixdomain() socket file(/tmp/.X11-unix/X1). This path corresponds 3031to local XWindow display :1 on your machine, so XWindow client connections to 3032DISPLAY=:1 are accepted. Socat() then speaks with 3033the link(SOCKS4)(ADDRESS_SOCKS4) server host.victim.org that might permit 3034link(sourceport)(OPTION_SOURCEPORT) 20 based connections due to an FTP related 3035weakness in its static IP filters. Socat() 3036pretends to be invoked by link(socksuser)(OPTION_SOCKSUSER) nobody, and 3037requests to be connected to 3038loopback port 6000 (only weak sockd configurations will allow this). So we get 3039a connection to the victims XWindow server and, if it does not require MIT 3040cookies or Kerberos authentication, we can start work. Please note that there 3041can only be one connection at a time, because TCP can establish only one 3042session with a given set of addresses and ports. 3043 3044 3045label(EXAMPLE_option_u) 3046label(EXAMPLE_OPTION_IGNOREEOF) 3047dit(bf(tt(socat -u /tmp/readdata,seek-end=0,ignoreeof -))) 3048 3049this is an example for unidirectional data transfer 3050(link(-u)(option_u)). Socat() transfers data 3051from file /tmp/readdata (implicit address link(GOPEN)(ADDRESS_GOPEN)), starting 3052at its current end (link(seek-end)(OPTION_SEEK_END)=0 lets socat() start 3053reading at current end of file; use link(seek)(OPTION_SEEK)=0 or no 3054seek option to first read the existing data) in a "tail -f" like mode 3055(link(ignoreeof)(OPTION_IGNOREEOF)). The "file" 3056might also be a listening unixdomain() socket (do not use a seek option then). 3057 3058 3059label(EXAMPLE_OPTION_SETSID) 3060label(EXAMPLE_OPTION_CTTY) 3061mancommand(\.LP) 3062mancommand(\.nf) 3063mancommand(\fB(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) | 3064socat - EXEC:'ssh -l user server',pty,setsid,ctty\fP) 3065mancommand(\.fi) 3066 3067htmlcommand(<dt><code><strong>(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |</strong><br> 3068<strong>socat - EXEC:'ssh -l user server',pty,setsid,ctty</strong></code><dd>) 3069 3070link(EXEC)(ADDRESS_EXEC)'utes an ssh session to server. Uses a link(pty)(OPTION_PTY) for communication between socat() and 3071ssh, makes it ssh's controlling tty (link(ctty)(OPTION_CTTY)), 3072and makes this pty the owner of 3073a new process group (link(setsid)(OPTION_SETSID)), so ssh accepts the password from socat(). 3074 3075 3076label(EXAMPLE_ADDRESS_OPEN) 3077label(EXAMPLE_OPTION_CREAT) 3078label(EXAMPLE_OPTION_APPEND) 3079mancommand(\.LP) 3080mancommand(\.nf) 3081mancommand(\fBsocat -u TCP4-LISTEN:3334,reuseaddr,fork \\ 3082OPEN:/tmp/in.log,creat,append\fP) 3083mancommand(\.fi) 3084 3085htmlcommand(<dt><code><strong>socat -u TCP4-LISTEN:3334,reuseaddr,fork \</strong><br> 3086<strong>OPEN:/tmp/in.log,creat,append</strong></code><dd>) 3087 3088implements a simple network based message collector. 3089For each client connecting to port 3334, a new child process is generated (option link(fork)(OPTION_FORK)). 3090All data sent by the clients are link(append)(OPTION_APPEND)'ed to the file /tmp/in.log. 3091If the file does not exist, socat link(creat)(OPTION_O_CREAT)'s it. 3092Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server 3093process. 3094 3095COMMENT( 3096dit(bf(tt(socat TCP4-LISTEN:3335,reuseaddr,fork OPEN:/tmp/motd,rdonly))) 3097 3098implements a simple network based motd server. 3099For each client connecting to port 3335, a new child process is generated 3100(option link(fork)(OPTION_FORK)). 3101The contents of the file /tmp/motd is sent to each client. 3102Messages sent by clients result in an error due to option link(rdonly)(OPTION_RDONLY). 3103Option link(reuseaddr)(OPTION_REUSEADDR) allows immediate restart of the server 3104process. 3105) 3106COMMENT( 3107dit(bf(tt(socat - TCP4-LISTEN:8080,mtudiscover=0,rcvbuf=2048))) 3108 3109changes some socket parameters to confuse active OS fingerprinting methods. 3110link(mtudiscover)(OPTION_MTUDISCOVER)=0 sets the DF (don'ft fragment flag) in 3111the IP packets to 0 and link(rcvbuf)(OPTION_RCVBUF) changes the initial TCP 3112window size. 3113) 3114 3115label(EXAMPLE_OPTION_NOECHO) 3116dit(bf(tt(socat READLINE,noecho='[Pp]assword:' EXEC:'ftp ftp.server.com',pty,setsid,ctty))) 3117 3118wraps a command line history (link(READLINE)(ADDRESS_READLINE)) around the link(EXEC)(ADDRESS_EXEC)'uted ftp client utility. 3119This allows editing and reuse of FTP commands for relatively comfortable 3120browsing through the ftp directory hierarchy. The password is echoed! 3121 link(pty)(OPTION_PTY) is required to have ftp issue a prompt. 3122Nevertheless, there may occur some confusion with the password and FTP 3123prompts. 3124 3125 3126label(EXAMPLE_ADDRESS_PTY) 3127label(EXAMPLE_OPTION_SYMBOLIC_LINK) 3128label(EXAMPLE_OPTION_WAIT_SLAVE) 3129label(EXAMPLE_OPTION_NONBLOCK) 3130(bf(tt(socat PTY,link=$HOME/dev/vmodem0,raw,echo=0,wait-slave EXEC:'"ssh modemserver.us.org socat - /dev/ttyS0,nonblock,raw,echo=0"'))) 3131 3132generates a pseudo terminal 3133device (link(PTY)(ADDRESS_PTY)) on the client that can be reached under the 3134symbolic link(link)(OPTION_SYMBOLIC_LINK) file($HOME/dev/vmodem0). 3135An application that expects a serial line or modem 3136can be configured to use file($HOME/dev/vmodem0); its traffic will be directed 3137to a modemserver via ssh where another socat instance links it with 3138file(/dev/ttyS0). 3139 3140 3141mancommand(\.LP) 3142mancommand(\.nf) 3143mancommand(\fBsocat TCP4-LISTEN:2022,reuseaddr,fork \\ 3144PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass\fP) 3145mancommand(\.fi) 3146 3147htmlcommand(<dt><code><strong>socat TCP4-LISTEN:2022,reuseaddr,fork \</strong><br> 3148<strong>PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass</strong></code><dd>) 3149 3150starts a forwarder that accepts connections on port 2022, and directs them 3151through the link(proxy)(ADDRESS_PROXY_CONNECT) daemon listening on port 3128 3152(link(proxyport)(OPTION_PROXYPORT)) on host proxy, using the 3153CONNECT method, where they are authenticated as "user" with "pass" (link(proxyauth)(OPTION_PROXY_AUTHORIZATION)). The proxy 3154should establish connections to host www.domain.org on port 22 then. 3155 3156 3157label(EXAMPLE_ADDRESS_OPENSSL_CONNECT) 3158dit(bf(tt(socat - SSL:server:4443,cafile=server.crt,cert=client.pem))) 3159 3160is an OpenSSL client that tries to establish a secure connection to an SSL 3161server. Option link(cafile)(OPTION_OPENSSL_CAFILE) specifies a file that 3162contains trust certificates: we trust the server only when it presents one of 3163these certificates and proofs that it owns the related private key. 3164Otherwise the connection is terminated. 3165With link(cert)(OPTION_OPENSSL_CERTIFICATE) a file containing the client certificate 3166and the associated private key is specified. This is required in case the 3167server wishes a client authentication; many Internet servers do not.nl() 3168The first address ('-') can be replaced by almost any other socat address. 3169 3170 3171label(EXAMPLE_ADDRESS_OPENSSL_LISTEN) 3172dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) 3173 3174is an OpenSSL server that accepts TCP connections, presents the certificate 3175from the file server.pem and forces the client to present a certificate that is 3176verified against cafile.crt.nl() 3177The second address ('PIPE') can be replaced by almost any other socat 3178address.nl() 3179For instructions on generating and distributing OpenSSL keys and certificates 3180see the additional socat docu tt(socat-openssl.txt). 3181 3182 3183dit(bf(tt(echo |socat -u - file:/tmp/bigfile,create,largefile,seek=100000000000))) 3184 3185creates a 100GB sparse file; this requires a file system type that 3186supports this (ext2, ext3, reiserfs, jfs; not minix, vfat). The operation of 3187writing 1 byte might take long (reiserfs: some minutes; ext2: "no" time), and 3188the resulting file can consume some disk space with just its inodes (reiserfs: 31892MB; ext2: 16KB). 3190 3191 3192dit(bf(tt(socat tcp-l:7777,reuseaddr,fork system:'filan -i 0 -s >&2',nofork))) 3193 3194listens for incoming TCP connections on port 7777. For each accepted 3195connection, invokes a shell. This shell has its stdin and stdout directly 3196connected to the TCP socket (link(nofork)(OPTION_NOFORK)). The shell starts filan and lets it print the socket addresses to 3197stderr (your terminal window). 3198 3199 3200dit(bf(tt(echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420))) 3201 3202functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to 3203the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch 3204to make the squid executable from Cygwin run under Windows, actual per May 2004). 3205 3206 3207dit(bf(tt(socat - tcp:www.blackhat.org:31337,readbytes=1000))) 3208 3209connects to an unknown service and prevents being flooded. 3210 3211 3212label(EXAMPLE_END_CLOSE) 3213dit(bf(tt(socat -U TCP:target:9999,end-close TCP-L:8888,reuseaddr,fork))) 3214 3215merges data arriving from different TCP streams on port 8888 to just one stream 3216to target:9999. The link(end-close)(OPTION_END_CLOSE) option prevents the child 3217processes forked off by the second address from terminating the shared 3218connection to 9999 (close\(2) just unlinks the inode which stays active as long 3219as the parent process lives; shutdown\(2) would actively terminate the 3220connection). 3221 3222 3223label(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT) 3224dit(bf(tt(socat - UDP4-DATAGRAM:192.168.1.0:123,sp=123,broadcast,range=192.168.1.0/24))) 3225 3226sends a broadcast to the network 192.168.1.0/24 and receives the replies of the 3227timeservers there. Ignores NTP packets from hosts outside this network. 3228 3229 3230label(EXAMPLE_ADDRESS_GENERIC_CLIENT) 3231dit(bf(tt(socat - SOCKET-DATAGRAM:2:2:17:x007bxc0a80100x0000000000000000,bind=x007bx00000000x0000000000000000,setsockopt-int=1:6:1,range=x0000xc0a80100x0000000000000000:x0000xffffff00x0000000000000000))) 3232 3233is semantically equivalent to the link(previous 3234example)(EXAMPLE_ADDRESS_UDP4_BROADCAST_CLIENT), but all parameters are 3235specified in generic form. the value 6 of setsockopt-int is the Linux value for 3236tt(SO_BROADCAST). 3237 3238 3239label(EXAMPLE_ADDRESS_IP4_BROADCAST_CLIENT) 3240dit(bf(tt(socat - IP4-DATAGRAM:255.255.255.255:44,broadcast,range=10.0.0.0/8))) 3241 3242sends a broadcast to the local network\(s) using protocol 44. Accepts replies 3243from the private address range only. 3244 3245 3246label(EXAMPLE_ADDRESS_UDP4_MULTICAST) 3247dit(bf(tt(socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0))) 3248 3249transfers data from stdin to the specified multicast address using UDP. Both 3250local and remote ports are 6666. Tells the interface eth0 to also accept 3251multicast packets of the given group. Multiple hosts on the local network can 3252run this command, so all data sent by any of the hosts will be received 3253by all the other ones. Note that there are many possible reasons for failure, 3254including IP-filters, routing issues, wrong interface selection by the 3255operating system, bridges, or a badly configured switch. 3256 3257 3258label(EXAMPLE_ADDRESS_TUN) 3259dit(bf(tt(socat TCP:host2:4443 TUN:192.168.255.1/24,up))) 3260 3261establishes one side of a virtual (but not private!) network with host2 where a 3262similar process might run, with UDP-L and tun address 192.168.255.2. They can 3263reach each other using the addresses 192.168.255.1 and 192.168.255.2. Note that 3264streaming eg. via TCP or SSL does not guarantee to retain packet boundaries and 3265may thus cause packet loss. 3266 3267 3268label(EXAMPLE_INTERFACE) 3269dit(bf(tt(socat PTY,link=/var/run/ppp,raw,echo=0 INTERFACE:hdlc0))) 3270 3271circumvents the problem that pppd requires a serial device and thus might not 3272be able to work on a synchronous line that is represented by a network device. 3273socat creates a PTY to make pppd happy, binds to the network 3274link(interface)(ADDRESS_INTERFACE) tt(hdlc0), and can transfer data between 3275both devices. Use pppd on device tt(/var/run/ppp) then. 3276 3277 3278label(EXAMPLE_HTTPECHO) 3279dit(bf(tt(socat -T 1 -d -d TCP-L:10081,reuseaddr,fork,crlf SYSTEM:"echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\ndate: \$\(date\)\\\nserver:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT\\\nclient: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n\\\"\"; cat; echo -e \"\\\"\\\n\\\"\""))) 3280 3281creates a simple HTTP echo server: each HTTP client that connects gets a valid 3282HTTP reply that contains information about the client address and port as it is 3283seen by the server host, the host address (which might vary on multihomed 3284servers), and the original client request. 3285 3286 3287label(EXAMPLE_ANCILLARY) 3288dit(bf(tt(socat -d -d UDP4-RECVFROM:9999,so-broadcast,so-timestamp,ip-pktinfo,ip-recverr,ip-recvopts,ip-recvtos,ip-recvttl!!- SYSTEM:'export; sleep 1' |grep SOCAT))) 3289 3290waits for an incoming UDP packet on port 9999 and prints the environment 3291variables provided by socat. On BSD based systems you have to replace 3292link(tt(ip-pktinfo))(OPTION_IP_PKTINFO) with link(tt(ip-recvdstaddr))(OPTION_IP_RECVDSTADDR),link(tt(ip-recvif))(OPTION_IP_RECVIF). Especially interesting is 3293SOCAT_IP_DSTADDR: it contains the target address of the packet which may be a 3294unicast, multicast, or broadcast address. 3295 3296 3297dit(bf(tt())) 3298 3299 3300 3301enddit() 3302 3303 3304label(DIAGNOSTICS) 3305manpagediagnostics() 3306 3307Socat() uses a logging mechanism that allows to filter messages by severity. The 3308severities provided are more or less compatible to the appropriate syslog 3309priority. With one or up to four occurrences of the -d command line option, the 3310lowest priority of messages that are issued can be selected. Each message 3311contains a single uppercase character specifying the messages severity (one of 3312F, E, W, N, I, or D) 3313 3314description( 3315dit(FATAL:) Conditions that require unconditional and immediate program termination. 3316dit(ERROR:) Conditions that prevent proper program processing. Usually the 3317program is terminated (see link(option -s)(option_s)). 3318dit(WARNING:) Something did not function correctly or is in a state where 3319correct further processing cannot be guaranteed, but might be possible. 3320dit(NOTICE:) Interesting actions of the program, e.g. for supervising socat() in some kind of server mode. 3321dit(INFO:) Description of what the program does, and maybe why it 3322happens. Allows to monitor the lifecycles of file descriptors. 3323dit(DEBUG:) Description of how the program works, all system or library calls and their results. 3324) 3325 3326Log messages can be written to stderr, to a file, or to syslog. 3327 3328On exit, socat() gives status 0 if it terminated due to EOF or inactivity 3329timeout, with a positive value on error, and with a negative value on fatal 3330error. 3331 3332 3333label(FILES) 3334manpagefiles() 3335 3336/usr/bin/socat nl() 3337/usr/bin/filan nl() 3338/usr/bin/procan 3339 3340 3341label(ENVIRONMENT_VARIABLES) 3342manpagesection(ENVIRONMENT VARIABLES) 3343 3344Input variables carry information from the environment to socat, output 3345variables are set by socat for use in executed scripts and programs. 3346 3347In the output variables beginning with "SOCAT" this prefix is actually replaced 3348by the upper case name of the executable or the value of option 3349link(-lp)(option_lp). 3350 3351startdit() 3352label(ENV_SOCAT_DEFAULT_LISTEN_IP) 3353dit(bf(SOCAT_DEFAULT_LISTEN_IP) (input)) (Values 4 or 6) Sets the IP version to 3354be used for listen, recv, and recvfrom addresses if no 3355link(pf)(OPTION_PROTOCOL_FAMILY) (protocol-family) option is given. Is 3356overridden by socat options link(-4)(option_4) or link(-6)(option_6). 3357 3358dit(bf(SOCAT_PREFERRED_RESOLVE_IP) (input)) (Values 0, 4, or 6) Sets the IP 3359version to 3360be used when resolving target host names when version is not specified by 3361address type, option link(pf)(OPTION_PROTOCOL_FAMILY) (protocol-family), or 3362address format. If name resolution does not return a matching entry, the first 3363result (with differing IP version) is taken. With value 0, socat always selects 3364the first record and its IP version. 3365 3366dit(bf(SOCAT_FORK_WAIT) (input)) Specifies the time (seconds) to sleep the 3367parent and child processes after successful fork\(). Useful for debugging. 3368 3369dit(bf(SOCAT_VERSION) (output)) Socat sets this variable to its version string, 3370e.g. tt("1.7.0.0") for released versions or e.g. tt("1.6.0.1+envvar") for 3371temporary versions; can be used in scripts invoked by socat. 3372 3373dit(bf(SOCAT_PID) (output)) Socat sets this variable to its process id. In case 3374of link(fork)(OPTION_FORK) address option, SOCAT_PID gets the child processes 3375id. Forking for link(exec)(ADDRESS_EXEC) and link(system)(ADDRESS_SYSTEM) does 3376not change SOCAT_PID. 3377 3378dit(bf(SOCAT_PPID) (output)) Socat sets this variable to its process id. In 3379case of link(fork)(OPTION_FORK), SOCAT_PPID keeps the pid of the master process. 3380 3381dit(bf(SOCAT_PEERADDR) (output)) With passive socket addresses (all LISTEN and 3382RECVFROM addresses), this variable is set to a string describing the peers 3383socket address. Port information is not included. 3384 3385dit(bf(SOCAT_PEERPORT) (output)) With appropriate passive socket addresses 3386(TCP, UDP, and SCTP - LISTEN and RECVFROM), this variable is set to a string containing the 3387number of the peer port. 3388 3389dit(bf(SOCAT_SOCKADDR) (output)) With all LISTEN addresses, this variable is 3390set to a string describing the local socket address. Port information is not 3391included link(example)(EXAMPLE_HTTPECHO) 3392 3393dit(bf(SOCAT_SOCKPORT) (output)) With link(TCP-LISTEN)(ADDRESS_TCP_LISTEN), 3394link(UDP-LISTEN)(ADDRESS_UDP_LISTEN), and 3395link(SCTP-LISTEN)(ADDRESS_SCTP_LISTEN) addresses, this variable is set to the 3396local port. 3397 3398dit(bf(SOCAT_TIMESTAMP) (output)) With all RECVFROM addresses where address 3399option link(so-timestamp)(OPTION_SO_TIMESTAMP) is applied, socat sets this 3400variable to the resulting timestamp. 3401 3402dit(bf(SOCAT_IP_OPTIONS) (output)) With all IPv4 based RECVFROM addresses where 3403address option link(ip-recvopts)(OPTION_IP_RECVOPTS) is applied, socat fills 3404this variable with the IP options of the received packet. 3405 3406dit(bf(SOCAT_IP_DSTADDR) (output)) With all IPv4 based RECVFROM addresses where 3407address option link(ip-recvdstaddr)(OPTION_IP_RECVDSTADDR) (BSD) or 3408link(ip-pktinfo)(OPTION_IP_PKTINFO) (other platforms) is applied, socat sets 3409this variable to the destination address of the received packet. This is 3410particularly useful to identify broadcast and multicast addressed packets. 3411 3412dit(bf(SOCAT_IP_IF) (output)) With all IPv4 based RECVFROM addresses where 3413address option link(ip-recvif)(OPTION_IP_RECVIF) (BSD) or 3414link(ip-pktinfo)(OPTION_IP_PKTINFO) (other platforms) is applied, socat sets 3415this variable to the name of the interface where the packet was received. 3416 3417dit(bf(SOCAT_IP_LOCADDR) (output)) With all IPv4 based RECVFROM 3418addresses where address option link(ip-pktinfo)(OPTION_IP_PKTINFO) is applied, 3419socat sets this variable to the address of the interface where the packet was 3420received. 3421 3422dit(bf(SOCAT_IP_TOS) (output)) With all IPv4 based RECVFROM addresses where 3423address option link(ip-recvtos)(OPTION_IP_RECVTOS) is applied, socat sets this 3424variable to the TOS (type of service) of the received packet. 3425 3426dit(bf(SOCAT_IP_TTL) (output)) With all IPv4 based RECVFROM addresses where 3427address option link(ip-recvttl)(OPTION_IP_RECVTTL) is applied, socat sets this 3428variable to the TTL (time to live) of the received packet. 3429 3430dit(bf(SOCAT_IPV6_HOPLIMIT) (output)) With all IPv6 based RECVFROM addresses 3431where address option link(ipv6-recvhoplimit)(OPTION_IPV6_RECVHOPLIMIT) is 3432applied, socat sets this variable to the hoplimit value of the received packet. 3433 3434dit(bf(SOCAT_IPV6_DSTADDR) (output)) With all IPv6 based RECVFROM 3435addresses where address option link(ipv6-recvpktinfo)(OPTION_IPV6_RECVPKTINFO) 3436is applied, socat sets this variable to the destination address of the received 3437packet. 3438 3439dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses 3440where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied, 3441socat sets this variable to the transfer class of the received packet. 3442 3443dit(bf(HOSTNAME) (input)) Is used to determine the hostname for logging (see 3444link(-lh)(option_lh)). 3445 3446dit(bf(LOGNAME) (input)) Is used as name for the socks client user name if no 3447link(socksuser)(OPTION_SOCKSUSER) is given.nl() 3448With options link(su)(OPTION_SUBSTUSER) and 3449link(su-d)(OPTION_SUBSTUSER_DELAYED), LOGNAME is set to the given user name. 3450 3451dit(bf(USER) (input)) Is used as name for the socks client user name if no 3452link(socksuser)(OPTION_SOCKSUSER) is given and LOGNAME is empty.nl() 3453With options link(su)(OPTION_SUBSTUSER) and 3454link(su-d)(OPTION_SUBSTUSER_DELAYED), USER is set to the given user name. 3455 3456dit(bf(SHELL) (output)) 3457With options link(su)(OPTION_SUBSTUSER) and 3458link(su-d)(OPTION_SUBSTUSER_DELAYED), SHELL is set to the login shell of the 3459given user. 3460 3461dit(bf(PATH) (output)) 3462Can be set with option link(path)(OPTION_PATH) for link(exec)(ADDRESS_EXEC) and 3463link(system)(ADDRESS_SYSTEM) addresses. 3464 3465dit(bf(HOME) (output)) 3466With options link(su)(OPTION_SUBSTUSER) and 3467link(su-d)(OPTION_SUBSTUSER_DELAYED), HOME is set to the home directory of the 3468given user. 3469 3470enddit() 3471 3472label(CREDITS) 3473manpagesection(CREDITS) 3474 3475The work of the following groups and organizations was invaluable for this 3476project: 3477 3478The em(FSF) (GNU, lurl(http://www.fsf.org/) project 3479with their free and portable development software and 3480lots of other useful tools and libraries. 3481 3482The em(Linux developers community) (lurl(http://www.linux.org/)) for providing a free, open source operating 3483system. 3484 3485The em(Open Group) (lurl(http://www.unix-systems.org/)) for making their 3486standard specifications available on the Internet for free. 3487 3488 3489label(VERSION) 3490manpagesection(VERSION) 3491 3492This man page describes version 1.7.2 of socat(). 3493 3494 3495label(BUGS) 3496manpagebugs() 3497 3498Addresses cannot be nested, so a single socat process cannot, e.g., drive ssl 3499over socks. 3500 3501Address option ftruncate without value uses default 1 instead of 0. 3502 3503Verbose modes (-x and/or -v) display line termination characters inconsistently 3504when address options cr or crnl are used: They show the data em(after) 3505conversion in either direction. 3506 3507The data transfer blocksize setting (-b) is ignored with address readline. 3508 3509Send bug reports to <socat@dest-unreach.org> 3510 3511 3512label(SEEALSO) 3513manpageseealso() 3514 3515COMMENT(procan\(1), filan\(1), ) 3516nc\(1), netcat6\(1), sock\(1), rinetd\(8), cage\(1), socks.conf\(5), openssl\(1), 3517stunnel\(8), pty\(1), rlwrap\(1), setsid\(1) 3518 3519Socat() home page lurl(http://www.dest-unreach.org/socat/) 3520 3521label(AUTHOR) 3522manpageauthor() 3523 3524Gerhard Rieger <rieger@dest-unreach.org>