socat(1) socat(1)
NAME
socat - Multipurpose relay (SOcket CAT)
SYNOPSIS
socat [options] <address> <address>
socat -V
socat -h[h[h]] | -?[?[?]]
filan
procan
DESCRIPTION
Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams
can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options
may be applied to the streams, socat can be used for many different purposes.
Filan is a utility that prints information about its active file descriptors to stdout. It has been written for debugging socat, but might
be useful for other purposes too. Use the -h option to find more infos.
Procan is a utility that prints information about process parameters to stdout. It has been written to better understand some UNIX process
properties and for debugging socat, but might be useful for other purposes too.
The life cycle of a socat instance typically consists of four phases.
In the init phase, the command line options are parsed and logging is initialized.
During the open phase, socat opens the first address and afterwards the second address. These steps are usually blocking; thus, especially
for complex address types like socks, connection requests or authentication dialogs must be completed before the next step is started.
In the transfer phase, socat watches both streams' read and write file descriptors via select() , and, when data is available on one side
and can be written to the other side, socat reads it, performs newline character conversions if required, and writes the data to the write
file descriptor of the other stream, then continues waiting for more data in both directions.
When one of the streams effectively reaches EOF, the closing phase begins. Socat transfers the EOF condition to the other stream, i.e.
tries to shutdown only its write stream, giving it a chance to terminate gracefully. For a defined time socat continues to transfer data in
the other direction, but then closes all remaining channels and terminates.
OPTIONS
Socat provides some command line options that modify the behaviour of the program. They have nothing to do with so called address options
that are used as parts of address specifications.
-V Print version and available feature information to stdout, and exit.
-h | -?
Print a help text to stdout describing command line options and available address types, and exit.
-hh | -??
Like -h, plus a list of the short names of all available address options. Some options are platform dependend, so this output is
helpful for checking the particular implementation.
-hhh | -???
Like -hh, plus a list of all available address option names.
-d Without this option, only fatal and error messages are generated; applying this option also prints warning messages. See DIAGNOSTICS
for more information.
-d -d Prints fatal, error, warning, and notice messages.
-d -d -d
Prints fatal, error, warning, notice, and info messages.
-d -d -d -d
Prints fatal, error, warning, notice, info, and debug messages.
-D Logs information about file descriptors before starting the transfer phase.
-ly[<facility>]
Writes messages to syslog instead of stderr; severity as defined with -d option. With optional <facility>, the syslog type can be
selected, default is "daemon".
-lf<logfile>
Writes messages to <logfile> [filename] instead of stderr.
-ls Writes messages to stderr (this is the default).
-lp<progname>
Overrides the program name printed in error messages and used for constructing environment variable names.
-lu Extends the timestamp of error messages to microsecond resolution. Does not work when logging to syslog.
-lm[<facility>]
Mixed log mode. During startup messages are printed to stderr; when socat starts the transfer phase loop or daemon mode (i.e. after
opening all streams and before starting data transfer, or, with listening sockets with fork option, before the first accept call),
it switches logging to syslog. With optional <facility>, the syslog type can be selected, default is "daemon".
-lh Adds hostname to log messages. Uses the value from environment variable HOSTNAME or the value retrieved with uname() if HOSTNAME is
not set.
-v Writes the transferred data not only to their target streams, but also to stderr. The output format is text with some conversions
for readability, and prefixed with "> " or "< " indicating flow directions.
-x Writes the transferred data not only to their target streams, but also to stderr. The output format is hexadecimal, prefixed with ">
" or "< " indicating flow directions. Can be combined with -v .
-b<size>
Sets the data transfer block <size> [size_t]. At most <size> bytes are transferred per step. Default is 8192 bytes.
-s By default, socat terminates when an error occurred to prevent the process from running when some option could not be applied. With
this option, socat is sloppy with errors and tries to continue. Even with this option, socat will exit on fatals, and will abort
connection attempts when security checks failed.
-t<timeout>
When one channel has reached EOF, the write part of the other channel is shut down. Then, socat waits <timeout> [timeval] seconds
before terminating. Default is 0.5 seconds. This timeout only applies to addresses where write and read part can be closed indepen-
dently. When during the timeout interval the read part gives EOF, socat terminates without awaiting the timeout.
-T<timeout>
Total inactivity timeout: when socat is already in the transfer loop and nothing has happened for <timeout> [timeval] seconds (no
data arrived, no interrupt occurred...) then it terminates. Useful with protocols like UDP that cannot transfer EOF.
-u Uses unidirectional mode. The first address is only used for reading, and the second address is only used for writing (example).
-U Uses unidirectional mode in reverse direction. The first address is only used for writing, and the second address is only used for
reading.
-g During address option parsing, don't check if the option is considered useful in the given address environment. Use it if you want
to force, e.g., appliance of a socket option to a serial device.
-L<lockfile>
If lockfile exists, exits with error. If lockfile does not exist, creates it and continues, unlinks lockfile on exit.
-W<lockfile>
If lockfile exists, waits until it disappears. When lockfile does not exist, creates it and continues, unlinks lockfile on exit.
-4 Use IP version 4 in case that the addresses do not implicitly or explicitly specify a version; this is the default.
-6 Use IP version 6 in case that the addresses do not implicitly or explicitly specify a version.
ADDRESS SPECIFICATIONS
With the address command line arguments, the user gives socat instructions and the necessary information for establishing the byte streams.
An address specification usually consists of an address type keyword, zero or more required address parameters separated by ':' from the
keyword and from each other, and zero or more address options separated by ','.
The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For some keywords there exist synonyms ('-' for STDIO, TCP for TCP4). Key-
words are case insensitive. For a few special address types, the keyword may be omitted: Address specifications starting with a number are
assumed to be FD (raw file descriptor) addresses; if a '/' is found before the first ':' or ',', GOPEN (generic file open) is assumed.
The required number and type of address parameters depend on the address type. E.g., TCP4 requires a server specification (name or
address), and a port specification (number or service name).
Zero or more address options may be given with each address. They influence the address in some ways. Options consist of an option keyword
or an option keyword and a value, separated by '='. Option keywords are case insensitive. For filtering the options that are useful with
an address type, each option is member of one option group. For each address type there is a set of option groups allowed. Only options
belonging to one of these address groups may be used (except with option -g).
Address specifications following the above schema are also called single address specifications. Two single addresses can be combined with
"!!" to form a dual type address for one channel. Here, the first address is used by socat for reading data, and the second address for
writing data. There is no way to specify an option only once for being applied to both single addresses.
Usually, addresses are opened in read/write mode. When an address is part of a dual address specification, or when option -u or -U is used,
an address might be used only for reading or for writing. Considering this is important with some address types.
With socat version 1.5.0 and higher, the lexical analysis tries to handle quotes and parenthesis meaningfully and allows escaping of spe-
cial characters. If one of the characters ( { [ ' is found, the corresponding closing character - ) } ] ' - is looked for; they may also
be nested. Within these constructs, socats special characters and strings : , !! are not handled specially. All those characters and
strings can be escaped with or within ""
ADDRESS TYPES
This section describes the available address types with their keywords, parameters, and semantics.
CREATE:<filename>
Opens <filename> with creat() and uses the file descriptor for writing. This address type requires write-only context, because a
file opened with creat cannot be read from. <filename> must be a valid existing or not existing path. If <filename> is a named
pipe, creat() might block; if <filename> refers to a socket, this is an error.
Option groups: FD,REG,NAMED
Useful options: mode, user, group, unlink-early, unlink-late, append
See also: OPEN, GOPEN
EXEC:<command-line>
Forks a sub process that establishes communication with its parent process and invokes the specified program with execvp() . <com-
mand-line> is a simple command with arguments separated by single spaces. If the program name contains a '/', the part after the
last '/' is taken as ARGV[0]. If the program name is a relative path, the execvp() semantics for finding the program via $PATH
apply. After successful program start, socat writes data to stdin of the process and reads from its stdout using a UNIX domain
socket generated by socketpair() per default. (example)
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options: path, fdin, fdout, chroot, su, su-d, nofork, pty, stderr, ctty, setsid, pipes, login, sigint, sigquit
See also: SYSTEM
FD:<fdnum>
Uses the file descriptor <fdnum>. It must already exist as valid UN*X file descriptor.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: STDIO, STDIN, STDOUT, STDERR
GOPEN:<filename>
(Generic open) This address type tries to handle any file system entry except directories usefully. <filename> may be a relative or
absolute path. If it already exists, its type is checked. In case of a UNIX domain socket, socat connects; if connecting fails,
socat assumes a datagram socket and uses sendto() calls. If the entry is not a socket, socat opens it applying the O_APPEND flag.
If it does not exist, it is opened with flag O_CREAT as a regular file (example).
Option groups: FD,REG,SOCKET,NAMED,OPEN
See also: OPEN, CREATE, UNIX-CONNECT
IP-SENDTO:<host>:<protocol>
Opens a raw IP socket. Depending on host specification or option pf, IP procotol version 4 or 6 is used. It uses <protocol> to send
packets to <host> [IP address] and receives packets from host, ignores packets from other hosts. Protocol 255 uses the raw socket
with the IP header being part of the data.
Option groups: FD,SOCKET,IP4,IP6
Useful options: pf, ttl
See also: IP4-SENDTO, IP6-SENDTO, IP-RECVFROM, IP-RECV, UDP-SENDTO, UNIX-SENDTO
INTERFACE:<interface>
Communicates with a network connected on an interface using raw packets including link level data. <interface> is the name of the
network interface. Currently only available on Linux. Option groups: FD,SOCKET
Useful options: pf, type
See also: ip-recv
IP4-SENDTO:<host>:<protocol>
Like IP-SENDTO, but always uses IPv4.
Option groups: FD,SOCKET,IP4
IP6-SENDTO:<host>:<protocol>
Like IP-SENDTO, but always uses IPv6.
Option groups: FD,SOCKET,IP6
IP-DATAGRAM:<address>:<protocol>
Sends outgoing data to the specified address which may in particular be a broadcast or multicast address. Packets arriving on the
local socket are checked if their source addresses match RANGE or TCPWRAP options. This address type can for example be used for
implementing symmetric or asymmetric broadcast or multicast communications.
Option groups: FD, SOCKET, IP4, IP6, RANGE
Useful options: bind, range, tcpwrap, broadcast, ip-multicast-loop, ip-multicast-ttl, ip-multicast-if, ip-add-membership, ttl, tos,
pf
See also: IP4-DATAGRAM, IP6-DATAGRAM, IP-SENDTO, IP-RECVFROM, IP-RECV, UDP-DATAGRAM
IP4-DATAGRAM:<host>:<protocol>
Like IP-DATAGRAM, but always uses IPv4. (example)
Option groups: FD,SOCKET,IP4,RANGE
IP6-DATAGRAM:<host>:<protocol>
Like IP-DATAGRAM, but always uses IPv6. Please note that IPv6 does not know broadcasts.
Option groups: FD,SOCKET,IP6,RANGE
IP-RECVFROM:<protocol>
Opens a raw IP socket of <protocol>. Depending on option pf, IP procotol version 4 or 6 is used. It receives one packet from an
unspecified peer and may send one or more answer packets to that peer. This mode is particularly useful with fork option where each
arriving packet - from arbitrary peers - is handled by its own sub process. This allows a behaviour similar to typical UDP based
servers like ntpd or named.
Please note that the reply packets might be fetched as incoming traffic when sender and receiver IP address are identical because
there is no port number to distinguish the sockets.
This address works well with IP-SENDTO address peers (see above). Protocol 255 uses the raw socket with the IP header being part of
the data.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options: pf, fork, range, ttl, broadcast
See also: IP4-RECVFROM, IP6-RECVFROM, IP-SENDTO, IP-RECV, UDP-RECVFROM, UNIX-RECVFROM
IP4-RECVFROM:<protocol>
Like IP-RECVFROM, but always uses IPv4.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
IP6-RECVFROM:<protocol>
Like IP-RECVFROM, but always uses IPv6.
Option groups: FD,SOCKET,IP6,CHILD,RANGE
IP-RECV:<protocol>
Opens a raw IP socket of <protocol>. Depending on option pf, IP procotol version 4 or 6 is used. It receives packets from multiple
unspecified peers and merges the data. No replies are possible. It can be, e.g., addressed by socat IP-SENDTO address peers. Pro-
tocol 255 uses the raw socket with the IP header being part of the data.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: pf, range
See also: IP4-RECV, IP6-RECV, IP-SENDTO, IP-RECVFROM, UDP-RECV, UNIX-RECV
IP4-RECV:<protocol>
Like IP-RECV, but always uses IPv4.
Option groups: FD,SOCKET,IP4,RANGE
IP6-RECV:<protocol>
Like IP-RECV, but always uses IPv6.
Option groups: FD,SOCKET,IP6,RANGE
OPEN:<filename>
Opens <filename> using the open() system call (example). This operation fails on UNIX domain sockets.
Note: This address type is rarly useful in bidirectional mode.
Option groups: FD,REG,NAMED,OPEN
Useful options: creat, excl, noatime, nofollow, append, rdonly, wronly, lock, readbytes, ignoreeof
See also: CREATE, GOPEN, UNIX-CONNECT
OPENSSL:<host>:<port>
Tries to establish a SSL connection to <port> [TCP service] on <host> [IP address] using TCP/IP version 4 or 6 depending on address
specification, name resolution, or option pf.
NOTE: The server certificate is only checked for validity against cafile or capath, but not for match with the server's name or its
IP address!
Option groups: FD,SOCKET,IP4,IP6,TCP,OPENSSL,RETRY
Useful options: cipher, method, verify, cafile, capath, certificate, key, bind, pf, connect-timeout, sourceport, retry
See also: OPENSSL-LISTEN, TCP
OPENSSL-LISTEN:<port>
Listens on tcp <port> [TCP service]. The IP version is 4 or the one specified with pf. When a connection is accepted, this address
behaves as SSL server.
Note: You probably want to use the certificate option with this address.
NOTE: The client certificate is only checked for validity against cafile or capath, but not for match with the client's name or its
IP address!
Option groups: FD,SOCKET,IP4,IP6,TCP,LISTEN,OPENSSL,CHILD,RANGE,RETRY
Useful options: pf, cipher, method, verify, cafile, capath, certificate, key, fork, bind, range, tcpwrap, su, reuseaddr, retry
See also: OPENSSL, TCP
PIPE:<filename>
If <filename> already exists, it is opened. If it does not exist, a named pipe is created and opened. Beginning with socat version
1.4.3, the named pipe is removed when the address is closed (but see option unlink-close
Note: When a pipe is used for both reading and writing, it works as echo service.
Note: When a pipe is used for both reading and writing, and socat tries to write more bytes than the pipe can buffer (Linux 2.4:
2048 bytes), socat might block. Consider using socat option, e.g., -b 2048
Option groups: FD,NAMED,OPEN
Useful options: rdonly, nonblock, group, user, mode, unlink-early
See also: unnamed pipe
PIPE Creates an unnamed pipe and uses it for reading and writing. It works as an echo, because everything written to it appeares immedi-
ately as read data.
Note: When socat tries to write more bytes than the pipe can queue (Linux 2.4: 2048 bytes), socat might block. Consider, e.g., using
option -b 2048
Option groups: FD
See also: named pipe
PROXY:<proxy>:<hostname>:<port>
Connects to an HTTP proxy server on port 8080 using TCP/IP version 4 or 6 depending on address specification, name resolution, or
option pf, and sends a CONNECT request for hostname:port. If the proxy grants access and succeeds to connect to the target, data
transfer between socat and the target can start. Note that the traffic need not be HTTP but can be an arbitrary protocol.
Option groups: FD,SOCKET,IP4,IP6,TCP,HTTP,RETRY
Useful options: proxyport, ignorecr, proxyauth, resolve, crnl, bind, connect-timeout, mss, sourceport, retry
See also: SOCKS, TCP
PTY Generates a pseudo terminal (pty) and uses its master side. Another process may open the pty's slave side using it like a serial
line or terminal. (example). If both the ptmx and the openpty mechanisms are available, ptmx is used (POSIX).
Option groups: FD,NAMED,PTY,TERMIOS
Useful options: link, openpty, wait-slave, mode, user, group
See also: UNIX-LISTEN, PIPE, EXEC, SYSTEM
READLINE
Uses GNU readline and history on stdio to allow editing and reusing input lines (example). This requires the GNU readline and his-
tory libraries. Note that stdio should be a (pseudo) terminal device, otherwise readline does not seem to work.
Option groups: FD,READLINE,TERMIOS
Useful options: history, noecho
See also: STDIO
SCTP-CONNECT:<host>:<port>
Establishes an SCTP stream connection to the specified <host> [IP address] and <port> [TCP service] using TCP/IP version 4 or 6
depending on address specification, name resolution, or option pf.
Option groups: FD,SOCKET,IP4,IP6,SCTP,CHILD,RETRY
Useful options: bind, pf, connect-timeout, tos, mtudiscover, sctp-maxseg, sctp-nodelay, nonblock, sourceport, retry, readbytes
See also: SCTP4-CONNECT, SCTP6-CONNECT, SCTP-LISTEN, TCP-CONNECT
SCTP4-CONNECT:<host>:<port>
Like SCTP-CONNECT, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,SCTP,CHILD,RETRY
SCTP6-CONNECT:<host>:<port>
Like SCTP-CONNECT, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,SCTP,CHILD,RETRY
SCTP-LISTEN:<port>
Listens on <port> [TCP service] and accepts a TCP/IP connection. The IP version is 4 or the one specified with address option pf,
socat option (-4, -6), or environment variable SOCAT_DEFAULT_LISTEN_IP. Note that opening this address usually blocks until a
client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,SCTP,RETRY
Useful options: crnl, fork, bind, range, tcpwrap, pf, backlog, sctp-maxseg, sctp-nodelay, su, reuseaddr, retry, cool-write
See also: SCTP4-LISTEN, SCTP6-LISTEN, TCP-LISTEN, SCTP-CONNECT
SCTP4-LISTEN:<port>
Like SCTP-LISTEN, but only supports IPv4 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,SCTP,RETRY
SCTP6-LISTEN:<port>
Like SCTP-LISTEN, but only supports IPv6 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,SCTP,RETRY
SOCKET-CONNECT:<domain>:<protocol>:<remote-address>
Creates a stream socket using the first and second given socket parameters and SOCK_STREAM (see man socket(2)) and connects to the
remote-address. The two socket parameters have to be specified by int numbers. Consult your OS documentation and include files to
find the appropriate values. The remote-address must be the data representation of a sockaddr structure without sa_family and (BSD)
sa_len components.
Please note that you can - beyond the options of the specified groups - also use options of higher level protocols when you apply
socat option -g.
Option groups: FD,SOCKET,CHILD,RETRY
Useful options: bind, setsockopt-int, setsockopt-bin, setsockopt-string
See also: TCP, UDP-CONNECT, UNIX-CONNECT, SOCKET-LISTEN, SOCKET-SENDTO
SOCKET-DATAGRAM:<domain>:<type>:<protocol>:<remote-address>
Creates a datagram socket using the first three given socket parameters (see man socket(2)) and sends outgoing data to the remote-
address. The three socket parameters have to be specified by int numbers. Consult your OS documentation and include files to find
the appropriate values. The remote-address must be the data representation of a sockaddr structure without sa_family and (BSD)
sa_len components.
Please note that you can - beyond the options of the specified groups - also use options of higher level protocols when you apply
socat option -g.
Option groups: FD,SOCKET,RANGE
Useful options: bind, range, setsockopt-int, setsockopt-bin, setsockopt-string
See also: UDP-DATAGRAM, IP-DATAGRAM, SOCKET-SENDTO, SOCKET-RECV, SOCKET-RECVFROM
SOCKET-LISTEN:<domain>:<protocol>:<local-address>
Creates a stream socket using the first and second given socket parameters and SOCK_STREAM (see man socket(2)) and waits for incom-
ing connections on local-address. The two socket parameters have to be specified by int numbers. Consult your OS documentation and
include files to find the appropriate values. The local-address must be the data representation of a sockaddr structure without
sa_family and (BSD) sa_len components.
Please note that you can - beyond the options of the specified groups - also use options of higher level protocols when you apply
socat option -g.
Option groups: FD,SOCKET,LISTEN,RANGE,CHILD,RETRY
Useful options: setsockopt-int, setsockopt-bin, setsockopt-string
See also: TCP, UDP-CONNECT, UNIX-CONNECT, SOCKET-LISTEN, SOCKET-SENDTO, SOCKET-SENDTO
SOCKET-RECV:<domain>:<type>:<protocol>:<local-address>
Creates a socket using the three given socket parameters (see man socket(2)) and binds it to <local-address>. Receives arriving
data. The three parameters have to be specified by int numbers. Consult your OS documentation and include files to find the appro-
priate values. The local-address must be the data representation of a sockaddr structure without sa_family and (BSD) sa_len compo-
nents.
Option groups: FD,SOCKET,RANGE
Useful options: range, setsockopt-int, setsockopt-bin, setsockopt-string
See also: UDP-RECV, IP-RECV, UNIX-RECV, SOCKET-DATAGRAM, SOCKET-SENDTO, SOCKET-RECVFROM
SOCKET-RECVFROM:<domain>:<type>:<protocol>:<local-address>
Creates a socket using the three given socket parameters (see man socket(2)) and binds it to <local-address>. Receives arriving
data and sends replies back to the sender. The first three parameters have to be specified as int numbers. Consult your OS documen-
tation and include files to find the appropriate values. The local-address must be the data representation of a sockaddr structure
without sa_family and (BSD) sa_len components.
Option groups: FD,SOCKET,CHILD,RANGE
Useful options: fork, range, setsockopt-int, setsockopt-bin, setsockopt-string
See also: UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, SOCKET-DATAGRAM, SOCKET-SENDTO, SOCKET-RECV
SOCKET-SENDTO:<domain>:<type>:<protocol>:<remote-address>
Creates a socket using the three given socket parameters (see man socket(2)). Sends outgoing data to the given address and receives
replies. The three parameters have to be specified as int numbers. Consult your OS documentation and include files to find the
appropriate values. The remote-address must be the data representation of a sockaddr structure without sa_family and (BSD) sa_len
components.
Option groups: FD,SOCKET
Useful options: bind, setsockopt-int, setsockopt-bin, setsockopt-string
See also: UDP-SENDTO, IP-SENDTO, UNIX-SENDTO, SOCKET-DATAGRAM, SOCKET-RECV SOCKET-RECVFROM
SOCKS4:<socks-server>:<host>:<port>
Connects via <socks-server> [IP address] to <host> [IPv4 address] on <port> [TCP service], using socks version 4 protocol over IP
version 4 or 6 depending on address specification, name resolution, or option pf (example).
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
Useful options: socksuser, socksport, sourceport, pf, retry
See also: SOCKS4A, PROXY, TCP
SOCKS4A:<socks-server>:<host>:<port>
like SOCKS4, but uses socks protocol version 4a, thus leaving host name resolution to the socks server.
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
STDERR Uses file descriptor 2.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
STDIN Uses file descriptor 0.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options: readbytes
See also: FD
STDIO Uses file descriptor 0 for reading, and 1 for writing.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options: readbytes
See also: FD
STDOUT Uses file descriptor 1.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
SYSTEM:<shell-command>
Forks a sub process that establishes communication with its parent process and invokes the specified program with system() . Please
note that <shell-command> [string] must not contain ',' or "!!", and that shell meta characters may have to be protected. After
successful program start, socat writes data to stdin of the process and reads from its stdout.
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options: path, fdin, fdout, chroot, su, su-d, nofork, pty, stderr, ctty, setsid, pipes, sigint, sigquit
See also: EXEC
TCP:<host>:<port>
Connects to <port> [TCP service] on <host> [IP address] using TCP/IP version 4 or 6 depending on address specification, name resolu-
tion, or option pf.
Option groups: FD,SOCKET,IP4,IP6,TCP,RETRY
Useful options: crnl, bind, pf, connect-timeout, tos, mtudiscover, mss, nodelay, nonblock, sourceport, retry, readbytes
See also: TCP4, TCP6, TCP-LISTEN, UDP, SCTP-CONNECT, UNIX-CONNECT
TCP4:<host>:<port>
Like TCP, but only supports IPv4 protocol (example).
Option groups: FD,SOCKET,IP4,TCP,RETRY
TCP6:<host>:<port>
Like TCP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,TCP,RETRY
TCP-LISTEN:<port>
Listens on <port> [TCP service] and accepts a TCP/IP connection. The IP version is 4 or the one specified with address option pf,
socat option (-4, -6), or environment variable SOCAT_DEFAULT_LISTEN_IP. Note that opening this address usually blocks until a
client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,TCP,RETRY
Useful options: crnl, fork, bind, range, tcpwrap, pf, backlog, mss, su, reuseaddr, retry, cool-write
See also: TCP4-LISTEN, TCP6-LISTEN, UDP-LISTEN, SCTP-LISTEN, UNIX-LISTEN, OPENSSL-LISTEN, TCP-CONNECT
TCP4-LISTEN:<port>
Like TCP-LISTEN, but only supports IPv4 protocol (example).
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,TCP,RETRY
TCP6-LISTEN:<port>
Like TCP-LISTEN, but only supports IPv6 protocol.
Additional useful option: ipv6only
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,TCP,RETRY
TUN:<if-addr>/<bits>
Creates a Linux TUN/TAP device and assignes to it the address and netmask defined by the parameters. The resulting network interface
is ready for use by other processes; socat serves its "wire side". This address requires read and write access to the tunnel cloning
device, usually /dev/net/tun .
Option groups: FD,NAMED,OPEN,TUN
Useful options: iff-up, tun-device, tun-name, tun-type, iff-no-pi
See also: ip-recv
UDP:<host>:<port>
Connects to <port> [UDP service] on <host> [IP address] using UDP/IP version 4 or 6 depending on address specification, name resolu-
tion, or option pf.
Please note that, due to UDP protocol properties, no real connection is established; data has to be sent for `connecting' to the
server, and no end-of-file condition can be transported.
Option groups: FD,SOCKET,IP4,IP6
Useful options: ttl, tos, bind, sourceport, pf
See also: UDP4, UDP6, UDP-LISTEN, TCP, IP
UDP4:<host>:<port>
Like UDP, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4
UDP6:<host>:<port>
Like UDP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6
UDP-DATAGRAM:<address>:<port>
Sends outgoing data to the specified address which may in particular be a broadcast or multicast address. Packets arriving on the
local socket are checked for the correct remote port and if their source addresses match RANGE or TCPWRAP options. This address type
can for example be used for implementing symmetric or asymmetric broadcast or multicast communications.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: bind, range, tcpwrap, broadcast, ip-multicast-loop, ip-multicast-ttl, ip-multicast-if, ip-add-membership, ttl, tos,
sourceport, pf
See also: UDP4-DATAGRAM, UDP6-DATAGRAM, UDP-SENDTO, UDP-RECVFROM, UDP-RECV, UDP-CONNECT, UDP-LISTEN, IP-DATAGRAM
UDP4-DATAGRAM:<address>:<port>
Like UDP-DATAGRAM, but only supports IPv4 protocol (example1, example2).
Option groups: FD,SOCKET,IP4, RANGE
UDP6-DATAGRAM:<address>:<port>
Like UDP-DATAGRAM, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,RANGE
UDP-LISTEN:<port>
Waits for a UDP/IP packet arriving on <port> [UDP service] and `connects' back to sender. The accepted IP version is 4 or the one
specified with option pf. Please note that, due to UDP protocol properties, no real connection is established; data has to arrive
from the peer first, and no end-of-file condition can be transported. Note that opening this address usually blocks until a client
connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6
Useful options: fork, bind, range, pf
See also: UDP, UDP4-LISTEN, UDP6-LISTEN, TCP-LISTEN
UDP4-LISTEN:<port>
Like UDP-LISTEN, but only support IPv4 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4
UDP6-LISTEN:<port>
Like UDP-LISTEN, but only support IPv6 protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6
UDP-SENDTO:<host>:<port>
Communicates with the specified peer socket, defined by <port> [UDP service] on <host> [IP address], using UDP/IP version 4 or 6
depending on address specification, name resolution, or option pf. It sends packets to and receives packets from that peer socket
only. This address effectively implements a datagram client. It works well with socat UDP-RECVFROM and UDP-RECV address peers.
Option groups: FD,SOCKET,IP4,IP6
Useful options: ttl, tos, bind, sourceport, pf
See also: UDP4-SENDTO, UDP6-SENDTO, UDP-RECVFROM, UDP-RECV, UDP-CONNECT, UDP-LISTEN, IP-SENDTO
UDP4-SENDTO:<host>:<port>
Like UDP-SENDTO, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4
UDP6-SENDTO:<host>:<port>
Like UDP-SENDTO, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6
UDP-RECVFROM:<port>
Creates a UDP socket on <port> [UDP service] using UDP/IP version 4 or 6 depending on option pf. It receives one packet from an
unspecified peer and may send one or more answer packets to that peer. This mode is particularly useful with fork option where each
arriving packet - from arbitrary peers - is handled by its own sub process. This allows a behaviour similar to typical UDP based
servers like ntpd or named. This address works well with socat UDP-SENDTO address peers.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options: fork, ttl, tos, bind, sourceport, pf
See also: UDP4-RECVFROM, UDP6-RECVFROM, UDP-SENDTO, UDP-RECV, UDP-CONNECT, UDP-LISTEN, IP-RECVFROM, UNIX-RECVFROM
UDP4-RECVFROM:<port>
Like UDP-RECVFROM, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
UDP6-RECVFROM:<port>
Like UDP-RECVFROM, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,CHILD,RANGE
UDP-RECV:<port>
Creates a UDP socket on <port> [UDP service] using UDP/IP version 4 or 6 depending on option pf. It receives packets from multiple
unspecified peers and merges the data. No replies are possible. It works well with, e.g., socat UDP-SENDTO address peers; it
behaves similar to a syslog server.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options: fork, pf, bind, sourceport, ttl, tos
See also: UDP4-RECV, UDP6-RECV, UDP-SENDTO, UDP-RECVFROM, UDP-CONNECT, UDP-LISTEN, IP-RECV, UNIX-RECV
UDP4-RECV:<port>
Like UDP-RECV, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,RANGE
UDP6-RECV:<port>
Like UDP-RECV, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,RANGE
UNIX-CONNECT:<filename>
Connects to <filename> assuming it is a UNIX domain socket. If <filename> does not exist, this is an error; if <filename> is not a
UNIX domain socket, this is an error; if <filename> is a UNIX domain socket, but no process is listening, this is an error.
Option groups: FD,SOCKET,NAMED,RETRY,UNIX
) Useful options: bind
See also: UNIX-LISTEN, UNIX-SENDTO, TCP
UNIX-LISTEN:<filename>
Listens on <filename> using a UNIX domain stream socket and accepts a connection. If <filename> exists and is not a socket, this is
an error. If <filename> exists and is a UNIX domain socket, binding to the address fails (use option unlink-early!). Note that
opening this address usually blocks until a client connects. Beginning with socat version 1.4.3, the file system entry is removed
when this address is closed (but see option unlink-close) (example).
Option groups: FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
Useful options: fork, umask, mode, user, group, unlink-early
See also: UNIX-CONNECT, UNIX-RECVFROM, UNIX-RECV, TCP-LISTEN
UNIX-SENDTO:<filename>
Communicates with the specified peer socket, defined by [<filename>] assuming it is a UNIX domain datagram socket. It sends packets
to and receives packets from that peer socket only. Please note that it might be necessary to bind the local socket to an address
(e.g. /tmp/sock1, which must not exist before). This address type works well with socat UNIX-RECVFROM and UNIX-RECV address peers.
Option groups: FD,SOCKET,NAMED,UNIX
Useful options: bind
See also: UNIX-RECVFROM, UNIX-RECV, UNIX-CONNECT, UDP-SENDTO, IP-SENDTO
UNIX-RECVFROM:<filename>
Creates a UNIX domain datagram socket [<filename>]. Receives one packet and may send one or more answer packets to that peer. This
mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.
This address works well with socat UNIX-SENDTO address peers.
Option groups: FD,SOCKET,NAMED,CHILD,UNIX
Useful options: fork
See also: UNIX-SENDTO, UNIX-RECV, UNIX-LISTEN, UDP-RECVFROM, IP-RECVFROM
UNIX-RECV:<filename>
Creates a UNIX domain datagram socket [<filename>]. Receives packets from multiple unspecified peers and merges the data. No
replies are possible. It can be, e.g., addressed by socat UNIX-SENDTO address peers. It behaves similar to a syslog server. Option
groups: FD,SOCKET,NAMED,UNIX
See also: UNIX-SENDTO, UNIX-RECVFROM, UNIX-LISTEN, UDP-RECV, IP-RECV
UNIX-CLIENT:<filename>
Communicates with the specified peer socket, defined by [<filename>] assuming it is a UNIX domain socket. It first tries to connect
and, if that fails, assumes it is a datagram socket, thus supporting both types.
Option groups: FD,SOCKET,NAMED,UNIX
Useful options: bind
See also: UNIX-CONNECT, UNIX-SENDTO, GOPEN
ABSTRACT-CONNECT:<string>
ABSTRACT-LISTEN:<string>
ABSTRACT-SENDTO:<string>
ABSTRACT-RECVFROM:<string>
ABSTRACT-RECV:<string>
ABSTRACT-CLIENT:<string>
The ABSTRACT addresses are almost identical to the related UNIX addresses except that they do not address file system based sockets
but an alternate UNIX domain address space. To archieve this the socket address strings are prefixed with "