IP Multicasting with Socat

Introduction

Multicasting (and broadcasting which is also discussed in this article) provides a means to direct a single packet to more than one host. Special addresses are defined for this purpose and are handled specially by network adapters, networking hardware, and IP stacks.

IPv4 specifications provide broadcasting and multicasting; IPv6 provides multicasting but replaces broadcasting by special multicast modes. UNIX domain sockets do not know broadcasting or multicasting.

The following examples use UDP/IPv4 only. However, they can easily be adapted for raw IPv4 sockets. IPv6 multicasting has not yet been successfully used with socat; please contact the author if you have positive experiences or ideas that go beyond IPV6_ADD_MEMBERSHIP.

All multicast examples presented in this document use multicast address 224.1.0.1; it can be replaced by any valid IPv4 multicast address (except all-systems).

We assume a local network with address 192.168.10.0 and mask 255.255.255.0; an eventual "client" has 192.168.10.1, example "server" and example peer have 192.168.10.2 in all examples. Change these addresses and mask to your own requirements.

All the following examples work bidirectionally except when otherwise noticed. For "clients" we just use STDIO, and for "servers" we use EXEC:hostname which ingores its input but shows us which host the reply comes from. Replace these socat addresses with what is appropriate for your needs (e.g. shell script invocations). Port 6666 can be replaced with any other port (but for ports < 1024 root privilege might be required).

Different kinds of broadcast addresses exist: 255.255.255.255 is local network only; for the IPv4 network 192.168.10.0/24 the "official" broadcast address is 192.168.10.255; the network address 192.168.10.0 is also interpreted as broadcast by some hosts. The two latter forms are routed by gateways. In the following examples we only use broadcast address 192.168.10.255.

Example 1: Multicast client and servers

This example builds something like a "supervisor" or "client" that communicates with a set of "servers". The supervisor may send packets to the multicast address, and the servers may send response packets. Note that the servers would also respond to other clients' requests.

Multicast server:

socat UDP4-RECVFROM:6666,ip-add-membership=224.1.0.1:192.168.10.2,fork EXEC:hostname

This command receives multicast packets addressed to 224.1.0.1 and forks a child process for each. The child processes may each send one or more reply packets back to the particular sender. 192.168.10.2 means the address of the interface where multicasts should be received. Run this command on a number of hosts, and they will all respond in parallel.

Multicast client:

socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,range=192.168.10.0/24

This process transfers data from stdin to the multicast address, and transfers packets received from the local network to stdout. It does not matter in which direction the first data is passed. A packet from the network is accepted by the IP stack for our socket if:

Of these packets, socat handles only those matching the following criteria:

Example 2: Broadcast client and servers

Broadcast server:

socat UDP4-RECVFROM:6666,broadcast,fork EXEC:hostname

This command receives packets addressed to a local broadcast address and forks a child process for each. The child processes may each send one or more reply packets back to the particular sender. Run this command on a number of hosts, and they will all respond in parallel.

Broadcast client:

socat STDIO UDP4-DATAGRAM:192.168.10.255:6666,broadcast,range=192.168.10.0/24

This process transfers data from stdin to the broadcast address, and transfers packets received from the local network to stdout. It does not matter in which direction the first data is passed. A packet from the network is accepted by the IP stack for our socket if:

Of these packets, socat handles only those matching the following criteria:

The broadcast option is only required for sending or receiving local broadcasts.

Example 3: Multicast peers

It is possible to combine multicast sender and receiver in one socat address. This allows to start processes on different hosts on the local network that will communicate symmetrically, so each process can send messages that are received by all the other ones.

socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,bind=:6666,range=192.168.10.0/24,ip-add-membership=224.1.0.1:192.168.10.2

This command is valid for host 192.168.10.2; adapt this address to the particular interface addresses of the hosts.

Starting this process opens a socket on port 6666 that will receive packets directed to multicast address 224.1.0.1. Only packets with matching source address and source port 6666 will be handled though. When this process sends data to the network the packets will be addressed to 224.1.0.1:6666 and have a source address of 192.168.10.2:6666, matching the accept criteria of the peers on the local network.

Note: this command receives the packets it just has sent; add option ip-multicast-loop=0 if this in undesired.

Example 4: Broadcast peers

Just as with multicast, it is possible to combine broadcast sender and receiver in one socat address.

socat STDIO UDP4-DATAGRAM:255.255.255.255:6666,bind=:6666,range=192.168.10.0/24,broadcast

Starting this process opens a socket on port 6666 that will receive packets directed to a local broadcast addresses. Only packets with matching source address and source port 6666 will be handled though. When this process sends data to the network the packets will be addressed to 255.255.255.255:6666 and have a source address of 192.168.10.2:6666, matching the accept criteria of the peers on the local network.

Note: this command receives the packets it just has sent; there does not seem to exist a simple way to prevent this.

Troubleshooting

If you do not get an error message during operation, but the packets do not reach the target processes, use tcpdump to see if the packets have the correct source and destination addresses and ports, and if they leave and enter the hosts as expected.

The following subsections discuss some typical sources of trouble.

IP filters

If you do not succeed in receiving multicast or broadcast packets, check if iptables are activated on the receiving or sending host. They might be configured to disallow this traffic.

Do not bind()

When using multicast communications, you should not bind the sockets to a specific IP address. It seems that the (Linux) IP stack compares the destination address with the bind address, not taking care of the multicast property of the incoming packet.

Routing

When you receive an error like:

... E sendto(3, 0x80c2e44, 4, 0, AF=2 224.1.0.1:6666, 16): Network is unreachable

you have a routing problem. The (Linux) IP stack seems to handle multicast addresses just like unicast addresses when determining their route (interface and gateway), i.e. the routing table needs an entry that somehow matches the target address.

For the same reason, multicast packets will probably leave your host on the interface with the default route if it is specified.

Set a multicast/broadcast route with the following command (Linux):

route add -net 224.0.0.0/3 gw 192.168.10.2

ALL-SYSTEMS multicast address

224.0.0.1 is the all-systems multicast address: all datagram sockets appear to be automatically member of this group on all interfaces. This membership cannot be dropped on Linux (you need iptables to filter packets).

(In)Security

When you use the above examples you should understand that all datagram sockets without exception accept all packets that are directly addressed to them; the multi- and broadcast receiving features are just extensions to this functionality. socat currently has no means to handle incoming packets differently whether they are addressed to unicast, multicast, or broadcast addresses. However, for EXEC'd scripts socat can provide this info in environment variables.

Authentication or encryption are not available.

It is very easy to fake the source address of UDP (or raw IP) packets. You should understand whether your network is protected from address spoofing attacks.

Broadcast and multicast traffic can trivially be received by any host on the local network.

History

Starting with version 1.5.0, socat provides a set of address types that allow various operations on datagram oriented sockets:
SENDTO
send packets to a remote socket and receive packet from this remote socket only
RECV
receive all packets that arrive on the local socket, but do not reply
RECVFROM
receive all packets that arrive on the local socket, and reply using child processes

These modes already enable several different client/server oriented operations. Moreover, the SENDTO addresses can send to multicast and broadcast addresses (the latter requires the broadcast option though). RECV and RECVFROM also would accept packets addressed to a local broadcast address (with option broadcast) or the all-systems multicast address.

These address types had, however, two major caveats:

New Features in socat 1.6.0

socat version 1.6.0 addresses these problems and provides a new more generic datagram address type (*-DATAGRAM) and the new address option IP-ADD-MEMBERSHIP.

Please note that the new features could not be successfully tested on IPv6; these sections thus apply to IPv4 only.

This document was last modified in April 2009.

More info about socat datagrams

Links regarding this tutorial

address UDP4-DATAGRAM
address UDP4-RECVFROM
option range
option broadcast
option ip-add-membership
option fork
option bind

Other datagram addresses

address UDP4-RECV: pure datagram receiver
address UDP4-SENDTO: communicate with one peer address
address UDP4-LISTEN: pseudo stream server
address UDP4-CONNECT: pseudo stream client

Related socat option groups

IP options
socket options
file descriptor options
range options
child process options

References

socat home page
socat man page
multicasting on Wikipedia
broadcasting on Wikipedia

Copyright: Gerhard Rieger 2007-2009
License: GNU Free Documentation License (FDL)