You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Travis Burtrum 268432bf42 Add OpenSSL snihost option for TLS SNI extension 6 years ago
Config Final fixes before release 1.7.3.0 6 years ago
doc Add OpenSSL snihost option for TLS SNI extension 6 years ago
BUGREPORTS socat V1.6.0.0 (initial GIT commit) 14 years ago
CHANGES version 1.7.3.0 6 years ago
COPYING libwrap only logs to syslog; actual COPYING file 7 years ago
COPYING.OpenSSL socat V1.6.0.0 (initial GIT commit) 14 years ago
DEVELOPMENT Made code async-signal-safe 7 years ago
EXAMPLES minor corrections of docu and test.sh; o-append 12 years ago
FAQ FAQ: SIGTTOU problem and solution 14 years ago
FILES socat V1.6.0.0 (initial GIT commit) 14 years ago
Makefile.in Final fixes before release 1.7.3.0 6 years ago
PORTING socat V1.6.0.0 (initial GIT commit) 14 years ago
README version 1.7.3.0 6 years ago
README.FIPS socat V1.6.0.0 (initial GIT commit) 14 years ago
SECURITY socat V1.6.0.0 (initial GIT commit) 14 years ago
VERSION version 1.7.3.0 6 years ago
compat.h environ variable from C runtime is not declared on all systems 6 years ago
config.h.in Port to Openindiana 6 years ago
configure.ac struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
configure.in Function cfmakeraw() is simulated when missing 6 years ago
daemon.sh replaced RCS ID's by source file names 14 years ago
dalan.c Support for NetBSD 5.1 6 years ago
dalan.h replaced RCS ID's by source file names 14 years ago
error.c Port to Openindiana 6 years ago
error.h Made code async-signal-safe 7 years ago
fdname.c Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars 10 years ago
filan.c Red Hat issue 1020203: configure checks fail with some compilers 7 years ago
filan.h merged features ioctl, setsockopt, generic-socket 13 years ago
filan_main.c Corrected help text for filan -L 6 years ago
ftp.sh replaced RCS ID's by source file names 14 years ago
gatherinfo.sh replaced RCS ID's by source file names 14 years ago
hostan.c Corrected some configure --disable 7 years ago
hostan.h replaced RCS ID's by source file names 14 years ago
install-sh socat V1.6.0.0 (initial GIT commit) 14 years ago
mail.sh version 1.7.1.0 12 years ago
mytypes.h Prevent multiple definition of bool,Min(),Max() (MacOS X) 6 years ago
nestlex.c fixed a stack overflow vulnerability with long command line args 11 years ago
nestlex.h replaced RCS ID's by source file names 14 years ago
procan-cdefs.c struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
procan.c Increased field width for ulimit values from 16 to 24 digits 7 years ago
procan.h procan prints C defines important for socat 14 years ago
procan_main.c Made code async-signal-safe 7 years ago
proxy.sh replaced RCS ID's by source file names 14 years ago
proxyecho.sh minor corrections of docu and test.sh; o-append 12 years ago
readline-test.sh ported generic socket to *BSD; minor improvements 13 years ago
readline.sh replaced RCS ID's by source file names 14 years ago
snprinterr.c Made code async-signal-safe 7 years ago
snprinterr.h Made code async-signal-safe 7 years ago
socat.c Debian Bug 764251: Set the build timestamp to a deterministic time 6 years ago
socat.spec version 1.7.3.0 6 years ago
socat_buildscript_for_android.sh Android build script with pty code 7 years ago
socks4a-echo.sh replaced RCS ID's by source file names 14 years ago
socks4echo.sh replaced RCS ID's by source file names 14 years ago
sslcls.c Added TLS methods support 6 years ago
sslcls.h Added TLS methods support 6 years ago
sycls.c Made code async-signal-safe 7 years ago
sycls.h struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
sysincludes.h Support for NetBSD 5.1 6 years ago
sysutils.c Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 7 years ago
sysutils.h Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 7 years ago
test.sh Final fixes before release 1.7.3.0 6 years ago
testcert.conf Generate testcert.conf and testcert6.conf in test.sh 7 years ago
utils.c Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 7 years ago
utils.h Red Hat issue 1020203: configure checks fail with some compilers 7 years ago
vsnprintf_r.c Made code async-signal-safe 7 years ago
vsnprintf_r.h Made code async-signal-safe 7 years ago
xio-ascii.c Red Hat issue 1021958: fixed a bug with faulty buffer/data length calculation in xio-ascii.c:_xiodump() 7 years ago
xio-ascii.h merged features ancillary, envvar 13 years ago
xio-creat.c replaced RCS ID's by source file names 14 years ago
xio-creat.h replaced RCS ID's by source file names 14 years ago
xio-exec.c Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars 10 years ago
xio-exec.h replaced RCS ID's by source file names 14 years ago
xio-ext2.c replaced RCS ID's by source file names 14 years ago
xio-ext2.h replaced RCS ID's by source file names 14 years ago
xio-fd.c on some 64bit systems a compiler warning "cast from pointer to integer of different size" was issued on some option definitions 12 years ago
xio-fd.h new address options shut-null, null-eof 12 years ago
xio-fdnum.c replaced RCS ID's by source file names 14 years ago
xio-fdnum.h replaced RCS ID's by source file names 14 years ago
xio-file.c replaced RCS ID's by source file names 14 years ago
xio-file.h replaced RCS ID's by source file names 14 years ago
xio-gopen.c fixed a bug where socat might crash when connecting to a unix domain socket using address GOPEN 11 years ago
xio-gopen.h replaced RCS ID's by source file names 14 years ago
xio-interface.c added struct sockaddr_ll to union sockaddr_union to avoid "strict aliasing" 12 years ago
xio-interface.h new address "interface" for transparent network interface handling 13 years ago
xio-ip.c Red Hat issue: socat 1.7.2.4 build failure missing linux/errqueue.h 6 years ago
xio-ip.h merged features ioctl, setsockopt, generic-socket 13 years ago
xio-ip4.c Red Hat issue 1022063: out-of-range shifts on net mask bits 7 years ago
xio-ip4.h merged features ioctl, setsockopt, generic-socket 13 years ago
xio-ip6.c Red Hat issue 1020203: configure checks fail with some compilers 7 years ago
xio-ip6.h merged features ioctl, setsockopt, generic-socket 13 years ago
xio-ipapp.c Fixed memory leaks 6 years ago
xio-ipapp.h reworked so-type, so-prototype 13 years ago
xio-listen.c Port to Openindiana 6 years ago
xio-listen.h new option max-children that limits the number of concurrent child processes 10 years ago
xio-named.c some file system bases addresses failed to apply file options 7 years ago
xio-named.h replaced RCS ID's by source file names 14 years ago
xio-openssl.c Add OpenSSL snihost option for TLS SNI extension 6 years ago
xio-openssl.h Add OpenSSL snihost option for TLS SNI extension 6 years ago
xio-pipe.c some file system bases addresses failed to apply file options 7 years ago
xio-pipe.h replaced RCS ID's by source file names 14 years ago
xio-process.c struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
xio-process.h Red Hat issue 1021429: getgroupent fails with large number of groups 7 years ago
xio-progcall.c Print error on useless fdout,fdin options 6 years ago
xio-progcall.h EXEC and SYSTEM with stderr injected socat messages into the data stream 13 years ago
xio-proxy.c struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
xio-proxy.h replaced RCS ID's by source file names 14 years ago
xio-pty.c Red Hat issue 1020203: configure checks fail with some compilers 7 years ago
xio-pty.h replaced RCS ID's by source file names 14 years ago
xio-rawip.c merged features ioctl, setsockopt, generic-socket 13 years ago
xio-rawip.h replaced RCS ID's by source file names 14 years ago
xio-readline.c Red Hat issue 1022048: strncpy hardening 7 years ago
xio-readline.h replaced RCS ID's by source file names 14 years ago
xio-sctp.c merged feature sctp streams 13 years ago
xio-sctp.h merged feature sctp streams 13 years ago
xio-socket.c Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 7 years ago
xio-socket.h new address options shut-null, null-eof 12 years ago
xio-socks.c struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
xio-socks.h replaced RCS ID's by source file names 14 years ago
xio-stdio.c corrected option handling with stdio 14 years ago
xio-stdio.h replaced RCS ID's by source file names 14 years ago
xio-streams.c new address options i-pop-all, i-push 13 years ago
xio-streams.h new address options i-pop-all, i-push 13 years ago
xio-system.c Address SYSTEM, when terminating, shutted down its parent addresses 7 years ago
xio-system.h replaced RCS ID's by source file names 14 years ago
xio-tcp.c replaced RCS ID's by source file names 14 years ago
xio-tcp.h replaced RCS ID's by source file names 14 years ago
xio-tcpwrap.c merged features ancillary, envvar 13 years ago
xio-tcpwrap.h replaced RCS ID's by source file names 14 years ago
xio-termios.c Added option rawer for pty 6 years ago
xio-termios.h Function cfmakeraw() is simulated when missing 6 years ago
xio-tun.c Red Hat issue 1022048: strncpy hardening 7 years ago
xio-tun.h replaced RCS ID's by source file names 14 years ago
xio-udp.c struct cmsghdr.cmsg is system dependend; more print format corrections 7 years ago
xio-udp.h replaced RCS ID's by source file names 14 years ago
xio-unix.c Fixed bind with abstract unix domain sockets (Linux) 7 years ago
xio-unix.h merged feature protocol-type 13 years ago
xio.h Port to Openindiana 6 years ago
xioclose.c removed END_UNLINK (not yet needed) 12 years ago
xioconfig.h Red Hat issue 1020203: configure checks fail with some compilers 7 years ago
xiodiag.c replaced RCS ID's by source file names 14 years ago
xiodiag.h replaced RCS ID's by source file names 14 years ago
xioexit.c Final fixes before release 1.7.3.0 6 years ago
xiohelp.c version 1.7.0.1 12 years ago
xiohelp.h replaced RCS ID's by source file names 14 years ago
xioinitialize.c typos in docu and source 10 years ago
xiolayer.c on some 64bit systems a compiler warning "cast from pointer to integer of different size" was issued on some option definitions 12 years ago
xiolayer.h new address option "escape" allows to break a socat instance 13 years ago
xiolockfile.c handle partial write()'s without data loss 10 years ago
xiolockfile.h replaced RCS ID's by source file names 14 years ago
xiomodes.h new address options i-pop-all, i-push 13 years ago
xioopen.c adapted conditionals to genericsocket, interface 13 years ago
xioopen.h merged feature sctp streams 13 years ago
xioopts.c Add OpenSSL snihost option for TLS SNI extension 6 years ago
xioopts.h Add OpenSSL snihost option for TLS SNI extension 6 years ago
xioparam.c Red Hat issue 1022048: strncpy hardening 7 years ago
xioread.c added struct sockaddr_ll to union sockaddr_union to avoid "strict aliasing" 12 years ago
xioshutdown.c Made code async-signal-safe 7 years ago
xiosigchld.c Made code async-signal-safe 7 years ago
xiosignal.c Made code async-signal-safe 7 years ago
xiosysincludes.h replaced RCS ID's by source file names 14 years ago
xiowrite.c handle partial write()'s without data loss 10 years ago

README


about
-----

socat is a relay for bidirectional data transfer between two independent data
channels. Each of these data channels may be a file, pipe, device (serial line
etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an
SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU
line editor (readline), a program, or a combination of two of these.
These modes include generation of "listening" sockets, named pipes, and pseudo
terminals.

socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an
external socksifier, for attacking weak firewalls, as a shell interface to UNIX
sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to
logically connect serial lines on different computers, or to establish a
relatively secure environment (su and chroot) for running client or server
shell scripts with network connections.

Many options are available to refine socats behaviour:
terminal parameters, open() options, file permissions, file and process owners,
basic socket options like bind address, advanced socket options like IP source
routing, linger, TTL, TOS (type of service), or TCP performance tuning.

More capabilities, like daemon mode with forking, client address check,
"tail -f" mode, some stream data processing (line terminator conversion),
choosing sockets, pipes, or ptys for interprocess communication, debug and
trace options, logging to syslog, stderr or file, and last but not least
precise error messages make it a versatile tool for many different purposes.

In fact, many of these features already exist in specialized tools; but until
now, there does not seem to exists another tool that provides such a generic,
flexible, simple and almost comprehensive (UNIX) byte stream connector.


packages
--------

before bothering with compilers, dependencies and include files, you might
try to get a binary distribution that matches your platform. Have a look at
the projects home page for actual information regarding socat binary
distributions.


platforms
---------

socat 1.7.0 was compiled and more or less successfully tested under the
following operating systems:

Debian lenny/sid on x86, kernel 2.6.24
FreeBSD 6.1 on x86
NetBSD 4.0 on x86
OpenBSD 4.3 on x86
OpenSolaris 10 on x86 with gcc
Mac OS X 10.5.5 on iMac G5, with libreadline
HP-UX 11.23
AIX 5.3 on 64bit Power4 with gcc
Cygwin 1.5.25 on i686

tests on Tru64 can no longer be performed because HP testdrive has taken down
these hosts.

Some versions of socat have been reported to successfully compile under older
Linux versions back to RedHat 2.1 (kernel 1.2.13, gcc 2.7.0), under AIX 4.1 and
4.3, SunOS 5.7-5.8, FreeBSD 4.2 - 4.9, MacOS X 10.1, Cygwin, Solaris 8 on x86,
OSR 5.0.6, NetBSD 1.6.1 and 2.0.2, OpenBSD 3.4 and 3.8, Tru64 5.1B, Mac OS X
10.1-10.2, and HP-UX 11

It might well compile and run under other UNIX like operating systems.


install
-------

Get the tarball and extract it:
tar xzf socat.tar.gz
cd socat-1.7.3.0
./configure
make
su
make install # installs socat, filan, and procan in /usr/local/bin

For compiling socat, gcc (or egc) is recommended.
If gcc is not available, the configure script will fail to determine
some features; then you'd better begin with one of the Makefiles and config.h's
from the Config directory.

If you have problems with the OpenSSL library, you can apply the option
"--disable-openssl" to configure.

If you have problems with the readline library or (n)curses, you can apply the
option "--disable-readline" to configure.

If you have problems with the tcp wrappers library, you can apply the option
"--disable-libwrap" to configure.

If you still get errors or a tremendous amount of warnings you can exclude
the features for system call tracing and file descriptor analyzing by
applying the options "--disable-sycls --disable-filan" to configure.

You still need the functions vsnprintf and snprintf that are in the GNU libc,
but might not be available with some proprietary libc's.

The configure script looks for headers and libraries of openssl, readline, and
tcp wrappers in the OS'es standard places and in the subdirectories include/
and lib/ of the following places:
/sw/
/usr/local/
/opt/freeware/
/usr/sfw/
and for openssl also in:
/usr/local/ssl/
In case of unexpected behaviour it is important to understand that configure
first searches for the appropriate include file and then expects to find the
library in the associated lib directory. That means, when e.g. a OpenSSL
installation resides under /usr/local and there is a symbolic link from
/usr/include/ssl/ssl.h to /usr/local/ssl/include/ssl/ssl.h, configure will find
the /usr/include/... header and will therefore expect libssl in /usr/lib
instead of /usr/local/...

If configure does not find a header file or library but you know where it is,
you can specify additional search locations, e.g.:
export LIBS="-L$HOME/lib"
export CPPFLAGS="-I$HOME/include"
before running configure and make.

For other operating systems, if socat does not compile without errors, refer to
the file PORTING.


platform specifics - redhat
---------------------------

Install the following packages before building socat:
tcp_wrappers-devel
readline-devel
openssl-devel

On RedHat Linux 9.0, including openssl/ssl.h might fail due to problems with
the krb5-devel package. configure reacts with disabling openssl integration.
To solve this issue, help cpp to find the krb5.h include file:
CPPFLAGS="-I/usr/kerberos/include" ./configure


platform specifics - aix
------------------------

The flock() prototype is not available but the function is. Thus, to enable the
socat flock options, run configure and then change in config.h the line
/* #undef HAVE_FLOCK */
to
#define HAVE_FLOCK 1
and continue the build process.

When using the OpenSSL rpm provided by IBM, configure might need the
environment variable setting:
LIBS="-L/opt/freeware/lib"

When using the OpenSSL bundle provided by IBM, egd needs to be installed too
to get enough entropy.

socat compiles not only with gcc, but also with xlc. Just adapt the Makefile:
replace gcc by /usr/vac/bin/xlc and remove gcc specific options
"-Wall -Wno-parentheses".

When linking with the OpenSSL library provided by IBM, errors may occur:
ld: 0711-317 ERROR: Undefined symbol: .__umoddi3
In this case, you need to link with libgcc or compile libcrypt yourself using
xlc, or disable SSL (in config.h, undefine WITH_OPENSSL and recompile)

The score of test.sh can be improved by uncommenting MISCDELAY=1 in this
script.


platform specifics - solaris
----------------------------

If libreadline or libssl are in a directory not searched by the loader per
default, e.g. /opt/sfw/lib, you must add this directory to $LD_LIBRARY_PATH,
for running both configure and the socat executables, e.g.:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/sfw/lib

For some shell scripts, it is preferable to have /usr/xpg4/bin at a prominent
position in $PATH.

With the default compiler define _GNU_SOURCE, the CMSG_* macros are not
available, and therefore ancillary messages cannot be used. To enable these try
the following:
After running ./configure, edit Makefile and replace "-D_GNU_SOURCE" with
"-D_XPG4_2 -D__EXTENSIONS__" and run make


platform specifics - hp-ux
--------------------------

Ancillary messages cannot be compiled in with socat: both struct msghdr and
struct cmsghdr are required. Compiling with -D_XOPEN_SOURCE_EXTENDED provides
struct msghdr but disables struct cmsghdr while -D_OPEN_SOURCE disables struct
msghdr but disables struct cmsghdr. Please contact socat development if you
know a solution.

Shutting down the write channel of a UNIX domain socket does not seem to
trigger an EOF on the peer socket. This makes problems with the exec and
system addresses.

This OS provides the type "long long", but not the strtoll() function to read
data into a long long variable.

UNIX domain sockets are only supported with SOCK_STREAM, not with datagrams
(see man 7 unix).

With UDP sockets it seems to happen that the select() call reports available
data (or EOF) but a subsequent read() call hangs.


platform specifics - tru64
--------------------------

When the use of the readline address fails with an error like:
socat: /sbin/loader: Fatal Error: Reference to unresolvable symbol "tgetent" in ".../libreadline.so.4"
and you still want to use shared libraries, try the following workaround:
$ make distclean; LIBS="-static" ./configure
remove the "-static" occurrence in Makefile
$ make


documentation
-------------

These files reside in the doc subdirectory:

socat.1 is the man page, socat.html is the HTML based man page. It is actual,
but describes only the more useful options.

xio.help is an older, but more exact description in text form; with socat
version 1.6.0 it is outdated.

doc/socat-openssltunnel.html is a simple tutorial for a private SSL connection.
doc/socat-multicast.html is a short tutorial for multicast and broadcast
communications.
doc/socat-tun shows how to build a virtual network between two hosts.

socat.1 and socat.html can be generated from socat.yo (which is released with
socat 1.6.0.1 and later) using the yodl document language package. Maintenance
of yodl had been discontinued by its author
(http://www.xs4all.nl/~jantien/yodl/) (there seems to be a revival at
http://yodl.sourceforge.net/ though). For socat, the old version 1.31 is used;
an rpm is still distributed with recent OpenSuSE versions (confirmed for
OpenSuSE 10.1 in suse/i586/yodl-1.31.18-1142.i586.rpm). It appears to install
smoothly also under RedHat Linux. After yodl 1.31 installation, the following
correction must be performed in /usr/share/yodl/shared.yo in two places:
< whenhtml(htmlcommand(<!)ARG1+htmlcommand(>)))
> whenhtml(htmlcommand(<!--)ARG1+htmlcommand(-->)))


license
-------

socat is distributed under the terms of the GNU GPLv2;
except for install-sh, which is copyright MIT, with its own license;

In addition, as a special exception, the copyright holder
gives permission to link the code of this program with
any version of the OpenSSL library which is distributed
under a license identical to that listed in the included
COPYING.OpenSSL file, and distribute linked combinations
including the two. You must obey the GNU General Public
License in all respects for all of the code used other
than OpenSSL. If you modify this file, you may extend this
exception to your version of the file, but you are not
obligated to do so. If you do not wish to do so, delete
this exception statement from your version.


This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 2 of the License

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


contact
-------

For questions, bug reports, ideas, contributions etc. please contact
socat@dest-unreach.org

For socat source distribution, bug fixes, and latest news see
http://www.dest-unreach.org/socat/

www.socat.org is an alternate site providing the same contents.

public git repository:
git://repo.or.cz/socat.git
http://repo.or.cz/r/socat.git