mirror of
https://repo.or.cz/socat.git
synced 2025-01-26 04:29:25 +00:00
341 lines
13 KiB
HTML
341 lines
13 KiB
HTML
|
<!-- $Revision: 1.1 $ $Date: 2007/03/06 20:54:43 $ -->
|
||
|
<html><head>
|
||
|
<title>IP Multicasting with Socat</title>
|
||
|
<link rel="stylesheet" type="text/css" href="dest-unreach.css">
|
||
|
</head>
|
||
|
|
||
|
<body>
|
||
|
|
||
|
<h1>IP Multicasting with Socat</h1>
|
||
|
|
||
|
<h2>Introduction</h2>
|
||
|
<p>
|
||
|
Multicasting (and broadcasting which is also discussed in this article)
|
||
|
provides a means to direct a single packet to more than one host. Special
|
||
|
addresses are defined for this purpose and are handled specially by network
|
||
|
adapters, networking hardware, and IP stacks.
|
||
|
</p>
|
||
|
<p>
|
||
|
IPv4 specifications provide broadcasting and multicasting; IPv6 provides
|
||
|
multicasting but replaces broadcasting by special multicast modes. UNIX domain
|
||
|
sockets do not know broadcasting or multicasting.
|
||
|
</p>
|
||
|
<p>
|
||
|
The following examples use UDP/IPv4 only. However, they can easily be
|
||
|
adapted for raw IPv4 sockets. IPv6 multicasting has not yet been successfully
|
||
|
used with socat; please contact the author if you have positive experiences or
|
||
|
ideas that go beyond <tt>IPV6_ADD_MEMBERSHIP</tt>.
|
||
|
</p>
|
||
|
<p>
|
||
|
All multicast examples presented in this document use multicast address
|
||
|
224.1.0.1; it can be replaced by any valid IPv4 multicast address (except
|
||
|
<a href="#ALLSYSTEMS">all-systems</a>).
|
||
|
</p>
|
||
|
<p>
|
||
|
We assume a local network with address 192.168.10.0 and mask 255.255.255.0; an
|
||
|
eventual "client" has 192.168.10.1, example "server" and example peer have
|
||
|
192.168.10.2 in all examples. Change these addresses and mask to your own
|
||
|
requirements.
|
||
|
</p>
|
||
|
<p>
|
||
|
All the following examples work bidirectionally except when otherwise noticed.
|
||
|
For "clients" we just use <tt>STDIO</tt>, and for "servers" we use <tt>EXEC:hostname</tt> which
|
||
|
ingores its input but shows us which host the reply comes from. Replace these
|
||
|
addresses with what is appropriate for you (e.g. shell script
|
||
|
invokations). Port 6666 can be replaced with any other port (but for ports <
|
||
|
1024 root privilege might be required).
|
||
|
</p>
|
||
|
<p>
|
||
|
Different kinds of broadcast addresses exist: 255.255.255.255 is local network
|
||
|
only; for the IPv4 network 192.168.10.0/24 the "official" broadcast address
|
||
|
is 192.168.10.255; the network address 192.168.10.0 is also interpreted as
|
||
|
broadcast by some hosts. The two latter forms are routed by gateways. In the
|
||
|
following examples we only use broadcast address 192.168.10.255.
|
||
|
</p>
|
||
|
|
||
|
<h2>Example 1: Multicast client and servers</h2>
|
||
|
|
||
|
<p>This example builds something like a "supervisor" or "client" that
|
||
|
communicates with a set of "servers". The supervisor may send packets to the
|
||
|
multicast address, and the servers may send response packets. Note that the
|
||
|
servers would also respond to other clients' requests.</p>
|
||
|
|
||
|
<p>Multicast server:</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat UDP4-RECVFROM:6666,ip-add-membership=224.1.0.1:192.168.10.2,fork EXEC:hostname
|
||
|
</span></span>
|
||
|
<p>
|
||
|
This command receives multicast packets addressed to 224.1.0.1 and forks a
|
||
|
child process for each. The child processes may each send one or more reply
|
||
|
packets back to the particular sender. 192.168.10.2 means the address of the
|
||
|
interface where multicasts should be received.
|
||
|
Run this command on a number of hosts, and they will all respond in
|
||
|
parallel.</p>
|
||
|
|
||
|
<p>Multicast client:</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,range=192.168.10.0/24
|
||
|
</span></span>
|
||
|
<p>
|
||
|
This process transfers data from stdin to the multicast address, and transfers
|
||
|
packets received from the local network to stdout. It does not matter in which
|
||
|
direction the first data is passed.
|
||
|
A packet from the network is accepted by the IP stack for our socket if:
|
||
|
<ul>
|
||
|
<li>it is an incoming UDP/IPv4 packet</li>
|
||
|
<li>its target port matches the local port assigned to the socket (6666)</li>
|
||
|
<li>its target address matches one of the hosts local addresses or the any-host
|
||
|
multicast address</li>
|
||
|
</ul>
|
||
|
Of these packets, socat handles only those matching the following criteria:
|
||
|
<ul>
|
||
|
<li>the source address is within the given range</li>
|
||
|
<li>the source port is 6666</li>
|
||
|
</ul>
|
||
|
</p>
|
||
|
|
||
|
|
||
|
<h2>Example 2: Broadcast client and servers</h2>
|
||
|
|
||
|
<p>Broadcast server:</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat UDP4-RECVFROM:6666,broadcast,fork EXEC:hostname
|
||
|
</span></span>
|
||
|
<p>
|
||
|
This command receives packets addressed to a local broadcast address and forks
|
||
|
a child process for each. The child processes may each send one or more reply
|
||
|
packets back to the particular sender.
|
||
|
Run this command on a number of hosts, and they will all respond in
|
||
|
parallel.</p>
|
||
|
|
||
|
<p>Broadcast client:</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat STDIO UDP4-DATAGRAM:192.168.10.255:6666,broadcast,range=192.168.10.0/24
|
||
|
</span></span>
|
||
|
<p>
|
||
|
This process transfers data from stdin to the broadcast address, and transfers
|
||
|
packets received from the local network to stdout. It does not matter in which
|
||
|
direction the first data is passed.
|
||
|
A packet from the network is accepted by the IP stack for our socket if:
|
||
|
<ul>
|
||
|
<li>it is an incoming UDP/IPv4 packet</li>
|
||
|
<li>its target port matches the local port assigned to the socket (6666)</li>
|
||
|
<li>its target address matches one of the hosts local addresses or the any-host
|
||
|
multicast address, or a local broadcast address</li>
|
||
|
</ul>
|
||
|
Of these packets, socat handles only those matching the following criteria:
|
||
|
<ul>
|
||
|
<li>the source address is within the given range</li>
|
||
|
<li>the source port is 6666</li>
|
||
|
</ul>
|
||
|
</p>
|
||
|
<p>The <tt>broadcast</tt> option is only required for sending or receiving
|
||
|
local broadcasts.</p>
|
||
|
|
||
|
<h2>Example 3: Multicast peers</h2>
|
||
|
|
||
|
<p>It is possible to combine multicast sender and receiver in one socat
|
||
|
address. This allows to start processes on different hosts on the local network
|
||
|
that will communicate symmetrically, so each process can send messages that are
|
||
|
received by all the other ones.</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,bind=:6666,range=192.168.10.0/24,ip-add-membership=224.1.0.1:192.168.10.2
|
||
|
</span></span>
|
||
|
<p>
|
||
|
This command is valid for host 192.168.10.2; adapt this address to the
|
||
|
particular interface addresses of the hosts.
|
||
|
</p>
|
||
|
<p>
|
||
|
Starting this process opens a socket on port 6666 that will receive packets
|
||
|
directed to multicast address 224.1.0.1. Only packets with matching source
|
||
|
address and source port 6666 will be handled though. When this process sends
|
||
|
data to the network the packets will be addressed to 224.1.0.1:6666 and have a
|
||
|
source address of 192.168.10.2:6666, matching the accept criteria of the peers
|
||
|
on the local network.
|
||
|
</p>
|
||
|
|
||
|
<p>Note: this command receives the packets it just has sent; add option
|
||
|
<tt>ip-multicast-loop=0</tt> if this in undesired.</p>
|
||
|
|
||
|
<h2>Example 4: Broadcast peers</h2>
|
||
|
|
||
|
<p>Just as with multicast, it is possible to combine broadcast sender and
|
||
|
receiver in one socat address.</p>
|
||
|
|
||
|
<span class="frame"><span class="shell">
|
||
|
socat STDIO UDP4-DATAGRAM:255.255.255.255:6666,bind=:6666,range=192.168.10.0/24,broadcast
|
||
|
</span></span>
|
||
|
<p>
|
||
|
Starting this process opens a socket on port 6666 that will receive packets
|
||
|
directed to a local broadcast addresses. Only packets with matching source
|
||
|
address and source port 6666 will be handled though. When this process sends
|
||
|
data to the network the packets will be addressed to 255.255.255.255:6666 and
|
||
|
have a source address of 192.168.10.2:6666, matching the accept criteria of
|
||
|
the peers on the local network.
|
||
|
</p>
|
||
|
|
||
|
<p>Note: this command receives the packets it just has sent; there does not
|
||
|
seem to exist a simple way to prevent this.</p>
|
||
|
|
||
|
|
||
|
<h2>Troubleshooting</h2>
|
||
|
|
||
|
<p>
|
||
|
If you do not get an error message during operation, but the packets do not
|
||
|
reach the target processes, use <tt>tcpdump</tt> to see if the packets have the
|
||
|
correct source and destination addresses and ports, and if they leave and enter
|
||
|
the hosts as expected.
|
||
|
</p>
|
||
|
<p>
|
||
|
The following subsections discuss some typical sources of trouble.
|
||
|
</p>
|
||
|
|
||
|
<h3>IP filters</h3>
|
||
|
<p>
|
||
|
If you do not succeed in receiving multicast or broadcast packets, check if
|
||
|
iptables are activated on the receiving or sending host. They might be
|
||
|
configured to disallow this traffic.
|
||
|
</p>
|
||
|
|
||
|
<h3>Do not bind()</h3>
|
||
|
<p>
|
||
|
When using multicast communications, you should not bind the sockets to a
|
||
|
specific IP address. It seems that the (Linux) IP stack compares the
|
||
|
destination address with the bind address, not taking care of the multicast
|
||
|
property of the incoming packet.
|
||
|
</p>
|
||
|
|
||
|
<h3>Routing</h3>
|
||
|
<p>
|
||
|
When you receive an error like:</p>
|
||
|
<table border="1" bgcolor="#e08080"><tr><td><tt>... E sendto(3, 0x80c2e44, 4,
|
||
|
0, AF=2 224.1.0.1:6666, 16): Network is unreachable</tt></td></tr></table>
|
||
|
<p>you have a routing problem. The (Linux) IP stack seems to handle multicast
|
||
|
addresses just like unicast addresses when determining their route (interface and gateway).</p>
|
||
|
<p>
|
||
|
For the same reason, multicast packets will probably leave your host on the
|
||
|
interface with the default route.</p>
|
||
|
<p>
|
||
|
Set a multicast/broadcast route with the following command:</p>
|
||
|
<span class="frame"><span class="shell">
|
||
|
route add -net 224.0.0.0/3 gw 192.168.10.2
|
||
|
</span></span>
|
||
|
|
||
|
<h3>ALL-SYSTEMS multicast address</h3>
|
||
|
<p>
|
||
|
<a name="ALLSYSTEMS"><tt>224.0.0.1</tt></a> is the all-systems multicast address: all
|
||
|
datagram sockets appear to be automatically member of this group on all
|
||
|
interfaces. This membership cannot be dropped on Linux.
|
||
|
</p>
|
||
|
|
||
|
|
||
|
<h2>(In)Security</h2>
|
||
|
|
||
|
<p>When you use the above examples you should understand that all datagram
|
||
|
sockets without exception accept packets that are directly addressed to them;
|
||
|
the multi- and broadcast receiving features are just extensions to the normal
|
||
|
functionality. socat has no way to find out if an incoming packet is addressed
|
||
|
to a unicast, multicast or broadcast address. Please contact the author if you
|
||
|
know how the target address can be determined.</p>
|
||
|
|
||
|
<p>Authentication or encryption are not available.</p>
|
||
|
|
||
|
<p>It is very easy to fake the source address of UDP (or raw IP) packets. You
|
||
|
should understand whether your network is protected from address spoofing
|
||
|
attacks.</p>
|
||
|
|
||
|
<p>Broadcast and multicast traffic can trivially be received by <em>any</em>
|
||
|
host on the local network.</p>
|
||
|
|
||
|
|
||
|
<h2>History</h2>
|
||
|
|
||
|
Starting with version 1.5.0, socat provides a set of address types that
|
||
|
allow various operations on datagram oriented sockets:
|
||
|
<dl>
|
||
|
<dt>SENDTO</dt><dd>send packets to a remote socket and receive packet from this
|
||
|
remote socket only</dd>
|
||
|
<dt>RECV</dt><dd>receive all packets that arrive on the local socket, but do
|
||
|
not reply</dd>
|
||
|
<dt>RECVFROM</dt><dd>receive all packets that arrive on the local socket, and
|
||
|
reply using child processes</dd>
|
||
|
</dl>
|
||
|
|
||
|
<p>
|
||
|
These modes already enable several different client/server oriented operations.
|
||
|
Moreover, the SENDTO addresses can send to multicast and broadcast addresses
|
||
|
(the latter requires the <tt>broadcast</tt> option though). RECV and RECVFROM
|
||
|
also would accept packets addressed to a local broadcast address (with option
|
||
|
<tt>broadcast</tt>) or the all-systems multicast address.
|
||
|
</p>
|
||
|
|
||
|
<p>
|
||
|
These address types had, however, two major caveats:
|
||
|
<ul>
|
||
|
<li>Missing control of multicast group membership in the RECV and RECVFROM
|
||
|
addresses</li>
|
||
|
<li>The SENDTO address would never accept a reply to a broadcast or multicast
|
||
|
addressed packet because the source address of incoming replies would not match
|
||
|
the target address of the sent packet.
|
||
|
</ul>
|
||
|
</p>
|
||
|
|
||
|
<h3>New Features in socat 1.6.0</h3>
|
||
|
|
||
|
<p>
|
||
|
socat version 1.6.0 addresses these problems and provides a new more generic
|
||
|
datagram address type (*-DATAGRAM) and the new address option IP-ADD-MEMBERSHIP.
|
||
|
</p>
|
||
|
|
||
|
<p>
|
||
|
Please note that the new features could not be successfully tested on IPv6;
|
||
|
these sections thus apply to IPv4 only.
|
||
|
</p>
|
||
|
|
||
|
<p>This document was last modified in March 2007.</p>
|
||
|
|
||
|
<h2>More info about socat datagrams</h2>
|
||
|
|
||
|
<h3>Links regarding this tutorial</h3>
|
||
|
<a href="socat.html#ADDRESS_UDP4_DATAGRAM">address udp4-datagram</a><br>
|
||
|
<a href="socat.html#ADDRESS_UDP4_RECVFROM">address udp4-recvfrom</a><br>
|
||
|
<a href="socat.html#OPTION_RANGE">option range</a><br>
|
||
|
<a href="socat.html#OPTION_SO_BROADCAST">option broadcast</a><br>
|
||
|
<a href="socat.html#OPTION_IP_ADD_MEMBERSHIP">option ip-add-membership</a><br>
|
||
|
<a href="socat.html#OPTION_FORK">option fork</a><br>
|
||
|
<a href="socat.html#OPTION_BIND">option bind</a><br>
|
||
|
|
||
|
<h3>Other datagram addresses</h3>
|
||
|
<a href="socat.html#ADDRESS_UDP4_RECV">address udp4-recv</a>: pure datagram receiver<br>
|
||
|
<a href="socat.html#ADDRESS_UDP4_SENDTO">address udp4-sendto</a>: communicate
|
||
|
with one peer address<br>
|
||
|
<a href="socat.html#ADDRESS_UDP4_LISTEN">address udp4-listen</a>: pseudo stream server<br>
|
||
|
<a href="socat.html#ADDRESS_UDP4_CONNECT">address udp4-connect</a>: pseudo stream client<br>
|
||
|
|
||
|
<h3>Related socat option groups</h3>
|
||
|
<a href="socat.html#GROUP_IP">IP options</a><br>
|
||
|
<a href="socat.html#GROUP_SOCKET">socket options</a><br>
|
||
|
<a href="socat.html#GROUP_FD">file descriptor options</a><br>
|
||
|
<a href="socat.html#GROUP_RANGE">range options</a><br>
|
||
|
<a href="socat.html#GROUP_CHILD">child process options</a><br>
|
||
|
|
||
|
|
||
|
<h2>References</h2>
|
||
|
<a href="http://www.dest-unreach.org/socat">socat home page</a><br>
|
||
|
<a href="socat.html">socat man page</a><br>
|
||
|
<a href="http://en.wikipedia.org/wiki/Multicast">multicasting on Wikipedia</a><br>
|
||
|
<a href="http://en.wikipedia.org/wiki/Broadcast_address">broadcasting on Wikipedia</a><br>
|
||
|
|
||
|
<p>
|
||
|
<small>Copyright: Gerhard Rieger 2007</small><br>
|
||
|
<small>License: <a href="http://www.fsf.org/licensing/licenses/fdl.html">GNU Free Documentation License (FDL)</a></small>
|
||
|
</p>
|
||
|
|
||
|
</body>
|
||
|
</html>
|