socat(1) socat(1)
NAME
socat - Multipurpose relay (SOcket CAT)
SYNOPSIS
socat [options]
socat -V
socat -h[h[h]] | -?[?[?]]
filan
procan
DESCRIPTION
Socat is a command line based utility that establishes two
bidirectional byte streams and transfers data between them. Because the
streams can be constructed from a large set of different types of data
sinks and sources (see address types), and because lots of address
options may be applied to the streams, socat can be used for many
different purposes.
Filan is a utility that prints information about its active file
descriptors to stdout. It has been written for debugging socat, but
might be useful for other purposes too. Use the -h option to find more
infos.
Procan is a utility that prints information about process parameters to
stdout. It has been written to better understand some UNIX process
properties and for debugging socat, but might be useful for other
purposes too.
The life cycle of a socat instance typically consists of four phases.
In the init phase, the command line options are parsed and logging is
initialized.
During the open phase, socat opens the first address and afterwards the
second address. These steps are usually blocking; thus, especially for
complex address types like socks, connection requests or authentication
dialogs must be completed before the next step is started.
In the transfer phase, socat watches both streams' read and write file
descriptors via select() , and, when data is available on one side and
can be written to the other side, socat reads it, performs newline
character conversions if required, and writes the data to the write
file descriptor of the other stream, then continues waiting for more
data in both directions.
When one of the streams effectively reaches EOF, the closing phase
begins. Socat transfers the EOF condition to the other stream, i.e.
tries to shutdown only its write stream, giving it a chance to
terminate gracefully. For a defined time socat continues to transfer
data in the other direction, but then closes all remaining channels and
terminates.
OPTIONS
Socat provides some command line options that modify the behaviour of
the program. They have nothing to do with so called address options
that are used as parts of address specifications.
-V Print version and available feature information to stdout, and
exit.
-h | -?
Print a help text to stdout describing command line options and
available address types, and exit.
-hh | -??
Like -h, plus a list of the short names of all available address
options. Some options are platform dependend, so this output is
helpful for checking the particular implementation.
-hhh | -???
Like -hh, plus a list of all available address option names.
-d Without this option, only fatal, error, and warning messages are
printed; applying this option also prints notice messages. See
DIAGNOSTICS for more information.
-d0 With this option, only fatal and error messages are printed;
this restores the behaviour of socat up to version 1.7.4.
-d -d | -dd | -d2
Prints fatal, error, warning, and notice messages.
-d -d -d | -ddd | -d3
Prints fatal, error, warning, notice, and info messages.
-d -d -d -d | -dddd | -d4
Prints fatal, error, warning, notice, info, and debug messages.
-D Logs information about file descriptors before starting the
transfer phase.
--experimental
New features that are not well tested or are subject to change
in the future must me explicitely enabled using this option.
-ly[]
Writes messages to syslog instead of stderr; severity as defined
with -d option. With optional , the syslog type can be
selected, default is "daemon". Third party libraries might not
obey this option.
-lf
Writes messages to [filename] instead of stderr. Some
third party libraries, in particular libwrap, might not obey
this option.
-ls Writes messages to stderr (this is the default). Some third
party libraries might not obey this option, in particular
libwrap appears to only log to syslog.
-lp
Overrides the program name printed in error messages and used
for constructing environment variable names.
-lu Extends the timestamp of error messages to microsecond
resolution. Does not work when logging to syslog.
-lm[]
Mixed log mode. During startup messages are printed to stderr;
when socat starts the transfer phase loop or daemon mode (i.e.
after opening all streams and before starting data transfer, or,
with listening sockets with fork option, before the first accept
call), it switches logging to syslog. With optional ,
the syslog type can be selected, default is "daemon".
-lh Adds hostname to log messages. Uses the value from environment
variable HOSTNAME or the value retrieved with uname() if
HOSTNAME is not set.
-v Writes the transferred data not only to their target streams,
but also to stderr. The output format is text with some
conversions for readability, and prefixed with "> " or "< "
indicating flow directions.
-x Writes the transferred data not only to their target streams,
but also to stderr. The output format is hexadecimal, prefixed
with "> " or "< " indicating flow directions. Can be combined
with -v .
-r
Dumps the raw (binary) data flowing from left to right address
to the given file. The file name may contain references to
environment variables and $$ (pid), $PROGNAME (see option option
-lp), $TIMESTAMP (uses format %Y%m%dT%H%M%S), and MICROS
(microseconds of daytime). These references have to be protected
from shell expansion of course.
-R
Dumps the raw (binary) data flowing from right to left address
to the given file. See option -r for customization of file name.
-b
Sets the data transfer block [size_t]. At most
bytes are transferred per step. Default is 8192 bytes.
-s By default, socat terminates when an error occurred to prevent
the process from running when some option could not be applied.
With this option, socat is sloppy with errors and tries to
continue. Even with this option, socat will exit on fatals, and
will abort connection attempts when security checks failed.
-S
Changes the set of signals that are caught by socat just for
printing an log message. This catching is useful to get the
information about the signal into socats log, but prevents core
dump or other standard actions. The default set of these signals
is SIGHUP, SIGINT, SIGQUIT, SIGILL, SIGABRT, SIGBUS, SIGFPE,
SIGSEGV, and SIGTERM; replace this set (0x89de on Linux) with a
bitmap (e.g., SIGFPE has value 8 and its bit is 0x0080).
Note: Signals SIGHUP, SIGINT, SIGQUIT, SIGUSR1, SIGPIPE,
SIGALRM, SIGTERM, and SIGCHLD may be handled specially anyway.
-t
When one channel has reached EOF, the write part of the other
channel is shut down. Then, socat waits [timeval]
seconds before terminating. Default is 0.5 seconds. This timeout
only applies to addresses where write and read part can be
closed independently. When during the timeout interval the read
part gives EOF, socat terminates without awaiting the timeout.
-T
Total inactivity timeout: when socat is already in the transfer
loop and nothing has happened for [timeval] seconds
(no data arrived, no interrupt occurred...) then it terminates.
Useful with protocols like UDP that cannot transfer EOF.
-u Uses unidirectional mode. The first address is only used for
reading, and the second address is only used for writing
(example).
-U Uses unidirectional mode in reverse direction. The first address
is only used for writing, and the second address is only used
for reading.
-g During address option parsing, don't check if the option is
considered useful in the given address environment. Use it if
you want to force, e.g., appliance of a socket option to a
serial device.
-L
If lockfile exists, exits with error. If lockfile does not
exist, creates it and continues, unlinks lockfile on exit.
-W
If lockfile exists, waits until it disappears. When lockfile
does not exist, creates it and continues, unlinks lockfile on
exit.
-4 Use IP version 4 in case the addresses do not implicitly or
explicitly specify a version. Since version 1.8.0 the default is
no preference.
-6 Use IP version 6 in case the addresses do not implicitly or
explicitly specify a version.
--statistics
-S Logs transfer statistics (bytes and blocks counters for both
directions) before terminating socat.
See also signal USR1.
This feature is experimental and might change in future
versions.
ADDRESS SPECIFICATIONS
With the address command line arguments, the user gives socat
instructions and the necessary information for establishing the byte
streams.
An address specification usually consists of an address type keyword,
zero or more required address parameters separated by ':' from the
keyword and from each other, and zero or more address options separated
by ','.
The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For
some keywords there exist synonyms ('-' for STDIO, TCP for TCP4).
Keywords are case insensitive. For a few special address types, the
keyword may be omitted: Address specifications starting with a number
are assumed to be FD (raw file descriptor) addresses; if a '/' is found
before the first ':' or ',', GOPEN (generic file open) is assumed.
The required number and type of address parameters depend on the
address type. E.g., TCP4 requires a server specification (name or
address), and a port specification (number or service name).
Zero or more address options may be given with each address. They
influence the address in some ways. Options consist of an option
keyword or an option keyword and a value, separated by '='. Option
keywords are case insensitive. For filtering the options that are
useful with an address type, each option is member of one option group.
For each address type there is a set of option groups allowed. Only
options belonging to one of these address groups may be used (except
with option -g).
Address specifications following the above schema are also called
single address specifications. Two single addresses can be combined
with "!!" to form a dual type address for one channel. Here, the first
address is used by socat for reading data, and the second address for
writing data. There is no way to specify an option only once for being
applied to both single addresses.
Usually, addresses are opened in read/write mode. When an address is
part of a dual address specification, or when option -u or -U is used,
an address might be used only for reading or for writing. Considering
this is important with some address types.
With socat version 1.5.0 and higher, the lexical analysis tries to
handle quotes and parenthesis meaningfully and allows escaping of
special characters. If one of the characters ( { [ ' is found, the
corresponding closing character - ) } ] ' - is looked for; they may
also be nested. Within these constructs, socats special characters and
strings : , !! are not handled specially. All those characters and
strings can be escaped with \ or within ""
ADDRESS TYPES
This section describes the available address types with their keywords,
parameters, and semantics.
CREATE:
Opens with creat() and uses the file descriptor for
writing. This is a write-only address because a file opened
with creat cannot be read from. See options -u and -U, and dual
addresses.
Flags like O_LARGEFILE cannot be applied. If you need them use
OPEN with options create,create.
must be a valid existing or not existing path. If
is a named pipe, creat() might block; if
refers to a socket, this is an error.
Option groups: FD,REG,NAMED
Useful options: mode, user, group, unlink-early, unlink-late,
append
See also: OPEN, GOPEN
DCCP-CONNECT:: (DCCP::)
Establishes a DCCP connect to the specified [IP address]
and [DCCP service] using IP version 4 or 6 depending on
address specification, name resolution, or option pf.
Option groups: FD,SOCKET,IP4,IP6,SCTP,CHILD,RETRY
Useful options: bind, connect-timeout, tos, dccp-set-ccid,
nonblock, sourceport, retry, readbytes
See also: DCCP4-CONNECT, DCCP6-CONNECT, DCCP-LISTEN, TCP-CONNECT
SCTP-CONNECT
DCCP4-CONNECT:: (DCCP4::)
Like DCCP-CONNECT, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,DCCP,CHILD,RETRY
DCCP6-CONNECT:: (DCCP6::)
Like DCCP-CONNECT, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,DCCP,CHILD,RETRY
DCCP-LISTEN: (DCCP-L:)
Listens on [DCCP service] and accepts an DCCP connection.
The IP version is 4 or the one specified with address option pf,
socat option (-4, -6), or environment variable
SOCAT_DEFAULT_LISTEN_IP. Note that opening this address usually
blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,DCCP,RETRY
Useful options: fork, bind, range, max-children, backlog,
accept-timeout, dccp-set-sid, su, reuseaddr, retry
See also: DCCP4-LISTEN, DCCP6-LISTEN, TCP-LISTEN, SCTP-LISTEN,
DCCP-CONNECT
DCCP4-LISTEN: (DCCP4-L:)
Like DCCP-LISTEN, but only supports IPv4 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,DCCP,RETRY
DCCP6-LISTEN: (DCCP6-L:)
Like DCCP-LISTEN, but only supports IPv6 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,DCCP,RETRY
EXEC:
Forks a sub process that establishes communication with its
parent process and invokes the specified program with execvp() .
is a simple command with arguments separated by
single spaces. If the program name contains a '/', the part
after the last '/' is taken as ARGV[0]. If the program name is a
relative path, the execvp() semantics for finding the program
via $PATH apply. After successful program start, socat writes
data to stdin of the process and reads from its stdout using a
UNIX domain socket generated by socketpair() per default.
(example)
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options: path, fdin, fdout, chroot, su, su-d, nofork,
socktype, pty, stderr, ctty, setsid, pipes, umask, login,
sigint, sigquit, netns
See also: SYSTEM,SHELL
FD:
Uses the file descriptor . It must already exist as valid
UN*X file descriptor.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: STDIO, STDIN, STDOUT, STDERR
GOPEN:
(Generic open) This address type tries to handle any file system
entry except directories usefully. may be a relative
or absolute path. If it already exists, its type is checked. In
case of a UNIX domain socket, socat connects; if connecting
fails, socat assumes a datagram socket and uses sendto() calls.
If the entry is not a socket, socat opens it applying the
O_APPEND flag. If it does not exist, it is opened with flag
O_CREAT as a regular file (example).
Option groups: FD,REG,SOCKET,NAMED,OPEN
See also: OPEN, CREATE, UNIX-CONNECT
IP-SENDTO::
Opens a raw IP socket. Depending on host specification or option
pf, IP protocol version 4 or 6 is used. It uses to
send packets to [IP address] and receives packets from
host, ignores packets from other hosts. Protocol 255 uses the
raw socket with the IP header being part of the data.
Option groups: FD,SOCKET,IP4,IP6
Useful options: pf, ttl
See also: IP4-SENDTO, IP6-SENDTO, IP-RECVFROM, IP-RECV,
UDP-SENDTO, UNIX-SENDTO
INTERFACE:
Communicates with a network connected on an interface using raw
packets including link level data. is the name of
the network interface. Currently only available on Linux.
Option groups: FD,SOCKET
Useful options: pf, type
See also: ip-recv
IP4-SENDTO::
Like IP-SENDTO, but always uses IPv4.
Option groups: FD,SOCKET,IP4
IP6-SENDTO::
Like IP-SENDTO, but always uses IPv6.
Option groups: FD,SOCKET,IP6
IP-DATAGRAM::
Sends outgoing data to the specified address which may in
particular be a broadcast or multicast address. Packets arriving
on the local socket are checked if their source addresses match
RANGE or TCPWRAP options. This address type can for example be
used for implementing symmetric or asymmetric broadcast or
multicast communications.
Option groups: FD, SOCKET, IP4, IP6, RANGE
Useful options: bind, range, tcpwrap, broadcast,
ip-multicast-loop, ip-multicast-ttl, ip-multicast-if,
ip-add-membership, ip-add-source-membership, ipv6-join-group,
ipv6-join-source-group, ttl, tos, pf
See also: IP4-DATAGRAM, IP6-DATAGRAM, IP-SENDTO, IP-RECVFROM,
IP-RECV, UDP-DATAGRAM
IP4-DATAGRAM::
Like IP-DATAGRAM, but always uses IPv4. (example)
Option groups: FD,SOCKET,IP4,RANGE
IP6-DATAGRAM::
Like IP-DATAGRAM, but always uses IPv6. Please note that IPv6
does not know broadcasts.
Option groups: FD,SOCKET,IP6,RANGE
IP-RECVFROM:
Opens a raw IP socket of . Depending on option pf, IP
protocol version 4 or 6 is used. It receives one packet from an
unspecified peer and may send one or more answer packets to that
peer. This mode is particularly useful with fork option where
each arriving packet - from arbitrary peers - is handled by its
own sub process. This allows a behaviour similar to typical UDP
based servers like ntpd or named.
Please note that the reply packets might be fetched as incoming
traffic when sender and receiver IP address are identical
because there is no port number to distinguish the sockets.
This address works well with IP-SENDTO address peers (see
above). Protocol 255 uses the raw socket with the IP header
being part of the data.
See the note about RECVFROM addresses.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options: pf, fork, range, ttl, broadcast
See also: IP4-RECVFROM, IP6-RECVFROM, IP-SENDTO, IP-RECV,
UDP-RECVFROM, UNIX-RECVFROM
IP4-RECVFROM:
Like IP-RECVFROM, but always uses IPv4.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
IP6-RECVFROM:
Like IP-RECVFROM, but always uses IPv6.
Option groups: FD,SOCKET,IP6,CHILD,RANGE
IP-RECV:
Opens a raw IP socket of . Depending on option pf, IP
protocol version 4 or 6 is used. It receives packets from
multiple unspecified peers and merges the data. No replies are
possible, this is a read-only address, see options -u and -U,
and dual addresses. It can be, e.g., addressed by socat
IP-SENDTO address peers. Protocol 255 uses the raw socket with
the IP header being part of the data.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: pf, range
See also: IP4-RECV, IP6-RECV, IP-SENDTO, IP-RECVFROM, UDP-RECV,
UNIX-RECV
IP4-RECV:
Like IP-RECV, but always uses IPv4.
Option groups: FD,SOCKET,IP4,RANGE
IP6-RECV:
Like IP-RECV, but always uses IPv6.
Option groups: FD,SOCKET,IP6,RANGE
OPEN:
Opens using the open() system call (example). This
operation fails on UNIX domain sockets.
Note: This address type is rarely useful in bidirectional mode.
Option groups: FD,REG,NAMED,OPEN
Useful options: creat, excl, noatime, nofollow, append, rdonly,
wronly, lock, readbytes, ignoreeof
See also: CREATE, GOPEN, UNIX-CONNECT
OPENSSL::
Tries to establish a SSL connection to [TCP service] on
[IP address] using TCP/IP version 4 or 6 depending on
address specification, name resolution, or option pf.
NOTE: Up to version 1.7.2.4 the server certificate was only
checked for validity against the system certificate store or
cafile or capath, but not for match with the server's name or
its IP address. Since version 1.7.3.0 socat checks the peer
certificate for match with the parameter or the value of
the openssl-commonname option. Socat tries to match it against
the certificates subject commonName, and the certificates
extension subjectAltName DNS names. Wildcards in the certificate
are supported.
Option groups: FD,SOCKET,IP4,IP6,TCP,OPENSSL,RETRY
Useful options: min-proto-version, cipher, verify, commonname,
cafile, capath, certificate, key, compress, bind, pf,
connect-timeout, sourceport, retry
See also: OPENSSL-LISTEN, TCP
OPENSSL-LISTEN:
Listens on tcp [TCP service]. The IP version is 4 or the
one specified with pf. When a connection is accepted, this
address behaves as SSL server.
Note: You probably want to use the certificate option with this
address.
NOTE: The client certificate is only checked for validity
against cafile or capath, but not for match with the client's
name or its IP address!
Option groups:
FD,SOCKET,IP4,IP6,TCP,LISTEN,OPENSSL,CHILD,RANGE,RETRY
Useful options: pf, min-proto-version, cipher, verify,
commonname, cafile, capath, certificate, key, compress, fork,
bind, range, tcpwrap, su, reuseaddr, retry
See also: OPENSSL, TCP-LISTEN
OPENSSL-DTLS-CLIENT::
Tries to establish a DTLS connection to [UDP service] on
[IP address] using UDP/IP version 4 or 6 depending on
address specification, name resolution, or option pf.
Socat checks the peer certificates subjectAltName or commonName
against the addresses option openssl-commonname or the host
name. Wildcards in the certificate are supported.
Use socat option -b to make datagrams small enough to fit with
overhead on the network. Use option -T to prevent indefinite
hanging when peer went down quietly.
Option groups: FD,SOCKET,IP4,IP6,OPENSSL,RETRY
Useful options: min-proto-version, cipher, verify, commonname,
cafile, capath, certificate, key, compress, bind, pf,
sourceport, retry, rcvtimeo
See also: OPENSSL-DTLS-SERVER, OPENSSL-CONNECT, UDP-CONNECT
OPENSSL-DTLS-SERVER:
Listens on UDP [UDP service]. The IP version is 4 or the
one specified with pf. When a connection is accepted, this
address behaves as DTLS server.
Note: You probably want to use the certificate option with this
address.
NOTE: The client certificate is only checked for validity
against cafile or capath, but not for match with the client's
name or its IP address! Use socat option -b to make datagrams
small enough to fit with overhead on the network. Use option -T
to prevent indefinite hanging when peer went down quietly.
Option groups:
FD,SOCKET,IP4,IP6,LISTEN,OPENSSL,CHILD,RANGE,RETRY
Useful options: pf, min-proto-version, cipher, verify,
commonname, cafile, capath, certificate, key, compress, fork,
bind, range, tcpwrap, su, reuseaddr, retry
rcvtimeo
See also: OPENSSL-DTLS-CLIENT, OPENSSL-LISTEN, UDP-LISTEN
PIPE:
If already exists, it is opened. If it does not
exist, a named pipe is created and opened. Beginning with socat
version 1.4.3, the named pipe is removed when the address is
closed (but see option unlink-close
Note: When a pipe is used for both reading and writing, it works
as echo service.
Note: When a pipe is used for both reading and writing, and
socat tries to write more bytes than the pipe can buffer (Linux
2.4: 2048 bytes), socat might block. Consider using socat
option, e.g., -b 2048
Option groups: FD,NAMED,OPEN
Useful options: rdonly, nonblock, group, user, mode,
unlink-early
See also: unnamed pipe
PIPE Creates an unnamed pipe and uses it for reading and writing. It
works as an echo, because everything written to it appeares
immediately as read data.
Note: When socat tries to write more bytes than the pipe can
queue (Linux 2.4: 2048 bytes), socat might block. Consider,
e.g., using option -b 2048
Option groups: FD
See also: named pipe, SOCKETPAIR
SOCKETPAIR
Creates a socketpair and uses it for reading and writing. It
works as an echo, because everything written to it appeares
immediately as read data. The default socket type is datagram,
so it keeps packet boundaries.
Option groups: FD
Useful options: socktype
See also: unnamed pipe
POSIXMQ-READ:/
Opens the specified POSIX message queue and reads messages
(packets). It keeps the boundaries.
This is a read-only address, see options -u and -U and dual
addresses.
Socat provides this address type only on Linux because POSIX MQ
is based on UNIX filedescriptors there.
This feature is new in version 1.8.0.0 and might change in the
future, therefore it is experimental.
Useful options: posixmq-priority, unlink-early, unlink-close
POSIXMQ-RECEIVE:/
POSIXMQ-RECV:/
Opens the specified POSIX message queue and reads one message
(packet).
This is a read-only address. See POSIXMQ-READ for more info.
Example: POSIX MQ recv with fork
This feature is experimental.
Useful options: posixmq-priority, fork, max-children,
unlink-early, unlink-close
POSIXMQ-SEND:/
Opens the specified POSIX message queue and writes messages
(packets).
This is a write-only address. See POSIXMQ-READ for more info.
(Example)
This feature is experimental.
Useful options: posixmq-priority, fork, max-children,
unlink-early, unlink-close
POSIXMQ-BIDIRECTIONAL:/mqueue
Opens the specified POSIX message queue and writes and reads
messages (packet). This is probably rarely useful but has been
implemented for functional completeness.
PROXY:::
Connects to an HTTP proxy server on port 8080 using TCP/IP
version 4 or 6 depending on address specification, name
resolution, or option pf, and sends a CONNECT request for
hostname:port. If the proxy grants access and succeeds to
connect to the target, data transfer between socat and the
target can start (example). Note that the traffic need not be
HTTP but can be an arbitrary protocol.
Option groups: FD,SOCKET,IP4,IP6,TCP,HTTP,RETRY
Useful options: proxyport, ignorecr, proxyauth, resolve, crnl,
bind, connect-timeout, mss, sourceport, retry
See also: SOCKS, TCP
PTY Generates a pseudo terminal (pty) and uses its master side.
Another process may open the pty's slave side using it like a
serial line or terminal. (example). If both the ptmx and the
openpty mechanisms are available, ptmx is used (POSIX).
Option groups: FD,NAMED,PTY,TERMIOS
Useful options: link, openpty, wait-slave, mode, user, group
See also: UNIX-LISTEN, PIPE, EXEC, SYSTEM, SHELL
READLINE
Uses GNU readline and history on stdio to allow editing and
reusing input lines (example). This requires the GNU readline
and history libraries. Note that stdio should be a (pseudo)
terminal device, otherwise readline does not seem to work.
Option groups: FD,READLINE,TERMIOS
Useful options: history, noecho
See also: STDIO
SCTP-CONNECT::
Establishes an SCTP stream connection to the specified
[IP address] and [TCP service] using IP version 4 or 6
depending on address specification, name resolution, or option
pf.
Option groups: FD,SOCKET,IP4,IP6,SCTP,CHILD,RETRY
Useful options: bind, pf, connect-timeout, tos, mtudiscover,
sctp-maxseg, sctp-nodelay, nonblock, sourceport, retry,
readbytes
See also: SCTP4-CONNECT, SCTP6-CONNECT, SCTP-LISTEN, TCP-CONNECT
SCTP4-CONNECT::
Like SCTP-CONNECT, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,SCTP,CHILD,RETRY
SCTP6-CONNECT::
Like SCTP-CONNECT, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,SCTP,CHILD,RETRY
SCTP-LISTEN:
Listens on [TCP service] and accepts an SCTP connection.
The IP version is 4 or the one specified with address option pf,
socat option (-4, -6), or environment variable
SOCAT_DEFAULT_LISTEN_IP. Note that opening this address usually
blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,SCTP,RETRY
Useful options: crnl, fork, bind, range, tcpwrap, pf,
max-children, backlog, accept-timeout, sctp-maxseg,
sctp-nodelay, su, reuseaddr, retry
See also: SCTP4-LISTEN, SCTP6-LISTEN, TCP-LISTEN, SCTP-CONNECT
SCTP4-LISTEN:
Like SCTP-LISTEN, but only supports IPv4 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,SCTP,RETRY
SCTP6-LISTEN:
Like SCTP-LISTEN, but only supports IPv6 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,SCTP,RETRY
SOCKET-CONNECT:::
Creates a stream socket using the first and second given socket
parameters and SOCK_STREAM (see man socket(2)) and connects to
the remote-address. The two socket parameters have to be
specified by int numbers. Consult your OS documentation and
include files to find the appropriate values. The remote-address
must be the data representation of a sockaddr structure without
sa_family and (BSD) sa_len components.
Please note that you can - beyond the options of the specified
groups - also use options of higher level protocols when you
apply socat option -g.
Option groups: FD,SOCKET,CHILD,RETRY
Useful options: bind, setsockopt,
See also: TCP, UDP-CONNECT, UNIX-CONNECT, SOCKET-LISTEN,
SOCKET-SENDTO
SOCKET-DATAGRAM::::
Creates a datagram socket using the first three given socket
parameters (see man socket(2)) and sends outgoing data to the
remote-address. The three socket parameters have to be specified
by int numbers. Consult your OS documentation and include files
to find the appropriate values. The remote-address must be the
data representation of a sockaddr structure without sa_family
and (BSD) sa_len components.
Please note that you can - beyond the options of the specified
groups - also use options of higher level protocols when you
apply socat option -g.
Option groups: FD,SOCKET,RANGE
Useful options: bind, range, setsockopt,
See also: UDP-DATAGRAM, IP-DATAGRAM, SOCKET-SENDTO, SOCKET-RECV,
SOCKET-RECVFROM
SOCKET-LISTEN:::
Creates a stream socket using the first and second given socket
parameters and SOCK_STREAM (see man socket(2)) and waits for
incoming connections on local-address. The two socket parameters
have to be specified by int numbers. Consult your OS
documentation and include files to find the appropriate values.
The local-address must be the data representation of a sockaddr
structure without sa_family and (BSD) sa_len components.
Please note that you can - beyond the options of the specified
groups - also use options of higher level protocols when you
apply socat option -g.
Option groups: FD,SOCKET,LISTEN,RANGE,CHILD,RETRY
Useful options: setsockopt, setsockopt-listen,
See also: TCP, UDP-CONNECT, UNIX-CONNECT, SOCKET-LISTEN,
SOCKET-SENDTO, SOCKET-SENDTO
SOCKET-RECV::::
Creates a socket using the three given socket parameters (see
man socket(2)) and binds it to . Receives
arriving data. The three parameters have to be specified by int
numbers. Consult your OS documentation and include files to find
the appropriate values. The local-address must be the data
representation of a sockaddr structure without sa_family and
(BSD) sa_len components.
Option groups: FD,SOCKET,RANGE
Useful options: range, setsockopt, setsockopt-listen
See also: UDP-RECV, IP-RECV, UNIX-RECV, SOCKET-DATAGRAM,
SOCKET-SENDTO, SOCKET-RECVFROM
SOCKET-RECVFROM::::
Creates a socket using the three given socket parameters (see
man socket(2)) and binds it to . Receives
arriving data and sends replies back to the sender. The first
three parameters have to be specified as int numbers. Consult
your OS documentation and include files to find the appropriate
values. The local-address must be the data representation of a
sockaddr structure without sa_family and (BSD) sa_len
components.
See the note about RECVFROM addresses.
Option groups: FD,SOCKET,CHILD,RANGE
Useful options: fork, range, setsockopt, setsockopt-listen
See also: UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM,
SOCKET-DATAGRAM, SOCKET-SENDTO, SOCKET-RECV
SOCKET-SENDTO::::
Creates a socket using the three given socket parameters (see
man socket(2)). Sends outgoing data to the given address and
receives replies. The three parameters have to be specified as
int numbers. Consult your OS documentation and include files to
find the appropriate values. The remote-address must be the data
representation of a sockaddr structure without sa_family and
(BSD) sa_len components.
Option groups: FD,SOCKET
Useful options: bind, setsockopt, setsockopt-listen
See also: UDP-SENDTO, IP-SENDTO, UNIX-SENDTO, SOCKET-DATAGRAM,
SOCKET-RECV SOCKET-RECVFROM
ACCEPT-FD:
Expects a listening socket in and accepts one or (with
option fork) more connections. This address type is useful under
systemd control with "inetd mode".
Example: (example)
Option groups: FD, SOCKET, TCP, CHILD, RETRY
Useful options: fork, range, sourceport, lowport, tcpwrap
SOCKS4:::
Connects via [IP address] to [IPv4
address] on [TCP service], using socks version 4 protocol
over IP version 4 or 6 depending on address specification, name
resolution, or option pf (example).
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
Useful options: socksuser, socksport, sourceport, pf, retry
See also: SOCKS5, SOCKS4A, PROXY, TCP
SOCKS4A:::
like SOCKS4, but uses socks protocol version 4a, thus leaving
host name resolution to the socks server.
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
SOCKS5-CONNECT::::
Connects via [IP address] to [IPv4
address] on [TCP service], using socks version 5
protocol over TCP. Currently no authentication mechanism is
provided.
This address type is experimental.
Option groups: FD, SOCKET, IP4, IP6, TCP, CHILD, RETRY
Useful options: sourceport, pf, retry
See also: SOCKS5-LISTEN, SOCKS4, SOCKS4A, PROXY, TCP
SOCKS5-LISTEN::::
Connects to [IP address] using socks version 5
protocol over TCP and makes it listen for incoming connections
on [TCP service], binding to <-listen-host> [IPv4
address] Currently not authentication mechanism is provided.
This address type is experimental. Option groups: FD, SOCKET,
IP4, IP6, TCP, CHILD, RETRY
Useful options: sourceport, pf, retry
See also: SOCKS5-CONNECT,
STDERR Uses file descriptor 2.
This is a write-only address, see options -u and -U, and dual
addresses.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
STDIN Uses file descriptor 0.
This is a read-only address, see options -u and -U, and dual
addresses.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options: readbytes
See also: FD
STDIO Uses file descriptor 0 for reading, and 1 for writing.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options: readbytes
See also: FD
STDOUT Uses file descriptor 1.
This is a write-only address, see options -u and -U, and dual
addresses.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
SHELL:
Forks a sub process that establishes communication with its
parent process and invokes the specified program with the
configured shell ($SHELL). Note that [string]
must not contain ',' or "!!", and that shell meta characters may
have to be protected. After successful program start, socat
writes data to stdin of the process and reads from its stdout.
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options: path, fdin, fdout, chroot, su, su-d, nofork,
socktype, pty, stderr, ctty, setsid, pipes, umask, sigint,
sigquit
See also: EXEC, SYSTEM
SYSTEM:
Forks a sub process that establishes communication with its
parent process and invokes the specified program with system() .
Please note that [string] must not contain ','
or "!!", and that shell meta characters may have to be
protected. After successful program start, socat writes data to
stdin of the process and reads from its stdout.
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options: path, fdin, fdout, chroot, su, su-d, nofork,
socktype, pty, stderr, ctty, setsid, pipes, umask, sigint,
sigquit, netns
See also: EXEC, SHELL
TCP::
Connects to [TCP service] on [IP address] using
TCP/IP version 4 or 6 depending on address specification, name
resolution, or option pf.
Option groups: FD,SOCKET,IP4,IP6,TCP,RETRY
Useful options: connect-timeout, retry, sourceport, netns, crnl,
bind, pf, tos, mtudiscover, mss, nodelay, nonblock, readbytes
See also: TCP4, TCP6, TCP-LISTEN, UDP, SCTP-CONNECT,
UNIX-CONNECT
TCP4::
Like TCP, but only supports IPv4 protocol (example).
Option groups: FD,SOCKET,IP4,TCP,RETRY
TCP6::
Like TCP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,TCP,RETRY
TCP-LISTEN:
Listens on [TCP service] and accepts a TCP/IP connection.
The IP version is 4 or the one specified with address option pf,
socat option (-4, -6), or environment variable
SOCAT_DEFAULT_LISTEN_IP. Note that opening this address usually
blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,TCP,RETRY
Useful options: crnl, fork, bind, range, tcpwrap, pf,
max-children, backlog, accept-timeout, mss, su, reuseaddr,
retry, cool-write
See also: TCP4-LISTEN, TCP6-LISTEN, UDP-LISTEN, SCTP-LISTEN,
UNIX-LISTEN, OPENSSL-LISTEN, TCP-CONNECT
TCP4-LISTEN:
Like TCP-LISTEN, but only supports IPv4 protocol (example).
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,TCP,RETRY
TCP6-LISTEN:
Like TCP-LISTEN, but only supports IPv6 protocol.
Additional useful option: ipv6only
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,TCP,RETRY
TUN[:/]
Creates a Linux TUN/TAP device and optionally assignes it the
address and netmask given by the parameters. The resulting
network interface is almost ready for use by other processes;
socat serves its "wire side". This address requires read and
write access to the tunnel cloning device, usually /dev/net/tun
, as well as permission to set some ioctl()s. Option iff-up is
required to immediately activate the interface!
Note: If you intend to transfer packets between two Socat "wire
sides" you need a protocol that keeps packet boundaries,
e.g.UDP; TCP might work with option nodelay.
Option groups: FD,NAMED,OPEN,TUN
Useful options: iff-up, tun-device, tun-name, tun-type,
iff-no-pi, netns
See also: ip-recv
UDP::
Connects to [UDP service] on [IP address] using
UDP/IP version 4 or 6 depending on address specification, name
resolution, or option pf.
Please note that, due to UDP protocol properties, no real
connection is established; data has to be sent for `connecting'
to the server, and no end-of-file condition can be transported.
Option groups: FD,SOCKET,IP4,IP6
Useful options: ttl, tos, bind, sourceport, pf
See also: UDP4, UDP6, UDP-LISTEN, TCP, IP
UDP4::
Like UDP, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4
UDP6::
Like UDP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6
UDP-DATAGRAM::
Sends outgoing data to the specified address which may in
particular be a broadcast or multicast address. Packets arriving
on the local socket are checked for the correct remote port only
when option sourceport is used (this is a change with Socat
version 1.7.4.0) and if their source addresses match RANGE or
TCPWRAP options. This address type can for example be used for
implementing symmetric or asymmetric broadcast or multicast
communications.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: bind, range, tcpwrap, broadcast,
ip-multicast-loop, ip-multicast-ttl, ip-multicast-if,
ip-add-membership, ip-add-source-membership, ipv6-join-group,
ipv6-join-source-group, ttl, tos, sourceport, pf
See also: UDP4-DATAGRAM, UDP6-DATAGRAM, UDP-SENDTO,
UDP-RECVFROM, UDP-RECV, UDP-CONNECT, UDP-LISTEN, IP-DATAGRAM
UDP4-DATAGRAM::
Like UDP-DATAGRAM, but only supports IPv4 protocol (example1,
example2).
Option groups: FD,SOCKET,IP4, RANGE
UDP6-DATAGRAM::
Like UDP-DATAGRAM, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,RANGE
UDP-LISTEN:
Waits for a UDP/IP packet arriving on [UDP service] and
`connects' back to sender. The accepted IP version is 4 or the
one specified with option pf. Please note that, due to UDP
protocol properties, no real connection is established; data has
to arrive from the peer first, and no end-of-file condition can
be transported. Note that opening this address usually blocks
until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6
Useful options: fork, bind, range, pf
See also: UDP, UDP4-LISTEN, UDP6-LISTEN, TCP-LISTEN
UDP4-LISTEN:
Like UDP-LISTEN, but only support IPv4 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4
UDP6-LISTEN:
Like UDP-LISTEN, but only support IPv6 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6
UDP-SENDTO::
Communicates with the specified peer socket, defined by
[UDP service] on [IP address], using UDP/IP version 4 or
6 depending on address specification, name resolution, or option
pf. It sends packets to and receives packets from that peer
socket only. This address effectively implements a datagram
client. It works well with socat UDP-RECVFROM and UDP-RECV
address peers.
Option groups: FD,SOCKET,IP4,IP6
Useful options: ttl, tos, bind, sourceport, pf
See also: UDP4-SENDTO, UDP6-SENDTO, UDP-RECVFROM, UDP-RECV,
UDP-CONNECT, UDP-LISTEN, IP-SENDTO
UDP4-SENDTO::
Like UDP-SENDTO, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4
UDP6-SENDTO::
Like UDP-SENDTO, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6
UDP-RECVFROM:
Creates a UDP socket on [UDP service] using UDP/IP
version 4 or 6 depending on option pf. It receives one packet
from an unspecified peer and may send one or more answer packets
to that peer. This mode is particularly useful with fork option
where each arriving packet - from arbitrary peers - is handled
by its own sub process. This allows a behaviour similar to
typical UDP based servers like ntpd or named. This address works
well with socat UDP-SENDTO address peers.
Note: When the second address fails before entering the transfer
loop the packet is dropped. Use option retry or forever on the
second address to avoid data loss.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options: fork, ttl, tos, bind, sourceport, pf
See also: UDP4-RECVFROM, UDP6-RECVFROM, UDP-SENDTO, UDP-RECV,
UDP-CONNECT, UDP-LISTEN, IP-RECVFROM, UNIX-RECVFROM
UDP4-RECVFROM:
Like UDP-RECVFROM, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
UDP6-RECVFROM:
Like UDP-RECVFROM, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,CHILD,RANGE
UDP-RECV:
Creates a UDP socket on [UDP service] using UDP/IP
version 4 or 6 depending on option pf. It receives packets from
multiple unspecified peers and merges the data. No replies are
possible. It works well with, e.g., socat UDP-SENDTO address
peers; it behaves similar to a syslog server.
This is a read-only address, see options -u and -U, and dual
addresses.
Note: if you need the fork option, use UDP-RECVFROM in
unidirectional mode (with option -u) instead.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: pf, bind, sourceport, ttl, tos
See also: UDP4-RECV, UDP6-RECV, UDP-SENDTO, UDP-RECVFROM,
UDP-CONNECT, UDP-LISTEN, IP-RECV, UNIX-RECV
UDP4-RECV:
Like UDP-RECV, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,RANGE
UDP6-RECV:
Like UDP-RECV, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,RANGE
UDPLITE-CONNECT::
UDPLITE4-CONNECT::
UDPLITE6-CONNECT::
UDPLITE-DATAGRAM::
UDPLITE4-DATAGRAM::
UDPLITE6-DATAGRAM::
UDPLITE-LISTEN:
UDPLITE4-LISTEN:
UDPLITE6-LISTEN:
UDPLITE-SENDTO::
UDPLITE4-SENDTO::
UDPLITE6-SENDTO::
UDPLITE-RECVFROM:
UDPLITE4-RECVFROM:
UDPLITE6-RECVFROM:
UDPLITE-RECV:
UDPLITE4-RECV:
UDPLITE6-RECV:
The UDPLITE addresses are almost identical to the related UDP
addresses but they use UDP-Lite protocol and have the additional
UDPLITE option group.
UNIX-CONNECT:
Connects to assuming it is a UNIX domain socket. If
does not exist, this is an error; if is
not a UNIX domain socket, this is an error; if is a
UNIX domain socket, but no process is listening, this is an
error.
Option groups: FD,SOCKET,NAMED,RETRY,UNIX
) Useful options: bind
See also: UNIX-LISTEN, UNIX-SENDTO, TCP
UNIX-LISTEN:
Listens on using a UNIX domain stream socket and
accepts a connection. If exists and is not a socket,
this is an error. If exists and is a UNIX domain
socket, binding to the address fails (use option unlink-early!).
Note that opening this address usually blocks until a client
connects. Beginning with socat version 1.4.3, the file system
entry is removed when this address is closed (but see option
unlink-close) (example).
Option groups: FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
Useful options: fork, umask, mode, user, group, unlink-early
See also: UNIX-CONNECT, UNIX-RECVFROM, UNIX-RECV, TCP-LISTEN
UNIX-SENDTO:
Communicates with the specified peer socket, defined by
[] assuming it is a UNIX domain datagram socket. It
sends packets to and receives packets from that peer socket
only. Please note that it might be necessary to bind the local
socket to an address (e.g. /tmp/sock1, which must not exist
before). This address type works well with socat UNIX-RECVFROM
and UNIX-RECV address peers.
Option groups: FD,SOCKET,NAMED,UNIX
Useful options: bind
See also: UNIX-RECVFROM, UNIX-RECV, UNIX-CONNECT, UDP-SENDTO,
IP-SENDTO
UNIX-RECVFROM:
Creates a UNIX domain datagram socket []. Receives
one packet and may send one or more answer packets to that peer.
This mode is particularly useful with fork option where each
arriving packet - from arbitrary peers - is handled by its own
sub process. This address works well with socat UNIX-SENDTO
address peers.
Option groups: FD,SOCKET,NAMED,CHILD,UNIX
See the note about RECVFROM addresses.
Useful options: fork
umask
See also: UNIX-SENDTO, UNIX-RECV, UNIX-LISTEN, UDP-RECVFROM,
IP-RECVFROM
UNIX-RECV: