Socat project is a relay for bidirectional data transfer between two independent data channels.
Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these.
These modes include generation of "listening" sockets, named pipes, and pseudo terminals.
socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an external socksifier, for attacking weak firewalls, as a shell interface to UNIX sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to logically connect serial lines on different computers, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.
Many options are available to refine socats behaviour: terminal parameters, open() options, file permissions, file and process owners, basic socket options like bind address, advanced socket options like IP source routing, linger, TTL, TOS (type of service), or TCP performance tuning.
More capabilities, like daemon mode with forking, client address check, "tail -f" mode, some stream data processing (line terminator conversion), choosing sockets, pipes, or ptys for interprocess communication, debug and trace options, logging to syslog, stderr or file, and last but not least precise error messages make it a versatile tool for many different purposes.
In fact, many of these features already exist in specialized tools; but until now, there does not seem to exists another tool that provides such a generic, flexible, simple and almost comprehensive (UNIX) byte stream connector.
What's New in This Release: [ read full changelog ]
· when UNIX-LISTEN was applied to an existing file it failed as expected but removed the file. Thanks to Bjoern Bosselmann for reporting this problem
· fixed a bug where socat might crash when connecting to a unix domain socket using address GOPEN. Thanks to Martin Forssen for bug report and patch.
· UDP-LISTEN would alway set SO_REUSEADDR even without fork option and when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
· UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who pointed me to that bug
· TCP-CONNECT with option nonblock reported successful connect even when it was still pending
· address option ioctl-intp failed with "unimplemented type 26". Thanks to Jeremy W. Sherman for reporting and fixing that bug
· socat option -x did not print packet direction, timestamp etc; thanks to Anthony Sharobaiko for sending a patch
· address PTY does not take any parameters but did not report an error when some were given
· Marcus Meissner provided a patch that fixes invalid output and possible process crash when socat prints info about an unnamed unix domain socket
· Michal Soltys reported the following problem and provided an initial patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during data transfer only parts of the data might have been written.
· Option o-nonblock in combination with large transfer block sizes may result in partial writes and/or EAGAIN errors that were not handled properly but resulted in data loss or process termination.
· Fixed a bug that could freeze socat when during assembly of a log message a signal was handled that also printed a log message. socat development had been aware that localtime() is not thread safe but had only expected broken messages, not corrupted stack (glibc 2.11.1, Ubuntu 10.4)
· an internal store for child pids was susceptible to pid reuse which could lead to sporadic data loss when both fork option and exec address were used. Thanks to Tetsuya Sodo for reporting this problem and sending a patch
· OpenSSL server failed with "no shared cipher" when using cipher aNULL. Fixed by providing temporary DH parameters. Thanks to Philip Rowlands for drawing my attention to this issue.
· UDP-LISTEN slept 1s after accepting a connection. This is not required. Thanks to Peter Valdemar Morch for reporting this issue
· fixed a bug that could lead to error or socat crash after a client connection with option retry had been established
· fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be undefined
· improved dev_t print format definition
· porting: Cedril Priscal ported socat to Android (using Googles cross compiler). The port includes the socat_buildscript_for_android.sh script
· added check for component ipi_spec_dst in struct in_pktinfo so compilation does not fail on Cygwin (thanks to Peter Wagemans for reporting this problem)
· build failed on RHEL6 due to presence of fips.h; configure now checks for fipsld too. Thanks to Andreas Gruenbacher for reporting this problem
· check for netinet6/in6.h only when IPv6 is available and enabled
· don't fail to compile when the following defines are missing: IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
· check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX Lion 7.1); thanks to Jerry Jacobs to reporting this problem and proposing a solution
· fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for providing the patch.
· corrections for OpenEmbedded, especially termios SHIFT values and ISPEED/OSPEED. Thanks to John Faith for providing the patch
· minor corrections to docu and test.sh resulting from local compilation on Openmoko SHR
· fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for reporting this issue and sending a patch.
· Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh is now bsd/libutil.h; compiler warns on vars that is only written to
· new features: added option max-children that limits the number of concurrent child processes. Thanks to Sam Liddicott for providing the patch.
· Till Maas added support for tun/tap addresses without IP address
· added an option openssl-compress that allows to disable the compression feature of newer OpenSSL versions. Thanks to Michael Hanselmann for providing this contribution (sponsored by Google Inc.)
· docu: minor corrections in docu (thanks to Paggas)
· client process -> child process