mirror of
https://repo.or.cz/socat.git
synced 2024-12-24 08:12:34 +00:00
4959 lines
115 KiB
Text
4959 lines
115 KiB
Text
# source: xio.help
|
||
# Copyright Gerhard Rieger 2001-2007
|
||
|
||
Operating systems:
|
||
|
||
The options and features described in this document have been implemented (but
|
||
not always tested) on the operating systems listed below, unless otherwise
|
||
noted:
|
||
|
||
SuSE 10.1 Linux on x86
|
||
Solaris 8 on Sparc with gcc
|
||
FreeBSD 6.1 on x86
|
||
HP-UX B 11.11 on PA-RISC with gcc
|
||
|
||
===============================================================================
|
||
|
||
The following sections describe the syntax and semantics of the socat command
|
||
line stream arguments.
|
||
|
||
Usually a socat stream argument defines a one- or bidirectional stream. There
|
||
are two principal forms:
|
||
* a single stream. Depending on use of the -u or -U options and implicit
|
||
semantics of the stream, such an argument may be resolved to a one- or
|
||
twodirectional stream.
|
||
* two onedirectional streams, separated by '!!'. An argument of this form
|
||
always specifies a twodirectional stream. The first single stream is only used
|
||
for reading data, and the second is only used for writing data.
|
||
|
||
|
||
The general structure of a single stream is:
|
||
keyword[:required-parameters][,options]
|
||
|
||
The options part starts with the first ',' of the argument. The required
|
||
parameters are separated by ':' from their predecessor. The last required
|
||
parameter is terminated by the end of the argument or by the first ',' that
|
||
iitroduces the first option. The options are separated with ','. The last
|
||
option is terminated by end-of-string or by '!!'.
|
||
|
||
The are some abbreviations defined that allow to drop the keyword. In these
|
||
cases the argument syntax is:
|
||
required-parameter[:required-parameters][,options]
|
||
The implemented abbreviations are:
|
||
short form canonical form
|
||
number FD:number # decimal number
|
||
path GOPEN:path # must must contain at least one '/' and must not contain ':' or ',' and must not start with a decimal digit
|
||
|
||
===============================================================================
|
||
|
||
|
||
Addresses:
|
||
|
||
Every address specification starts with a keyword or an abbreviation. These
|
||
keywords are case insensitive.
|
||
Note: because the option group ANY applies for all addresses, it is not
|
||
mentioned explicitely below.
|
||
|
||
|
||
Bidirectional only addresses:
|
||
-----------------------------
|
||
|
||
PIPE
|
||
FIFO
|
||
ECHO
|
||
|
||
Opens an unnamed pipe (fifo) where outbound traffic is sent to and inbound
|
||
traffic is read from. The special semantics of pipes results in an echo like
|
||
behaviour.
|
||
Option groups: FD, FIFO (no specific FIFO options are defined yet)
|
||
|
||
|
||
Onedirectional only addresses:
|
||
------------------------------
|
||
|
||
Currently all addresses may be used bidirectional.
|
||
Note: for regular files, behaviour when being used bidirectionally is
|
||
undefined.
|
||
|
||
|
||
One- and bidirectional addresses:
|
||
---------------------------------
|
||
|
||
STDIO
|
||
- ("minus")
|
||
|
||
Uses stdin (FD 0) for inbound traffic and/or stdout (FD 1) for outbound traffic
|
||
on this address.
|
||
Option groups: FD; others dependent on actual types of stdin and stdout (FIFO,
|
||
CHR, BLK, REG, and/or SOCKET).
|
||
|
||
|
||
STDIN
|
||
|
||
Uses stdin for traffic. This might fail for outbound traffic.
|
||
Option groups: FD; dependent on actual type of stdin (FIFO, CHR, BLK, REG, or
|
||
SOCKET).
|
||
|
||
|
||
STDOUT
|
||
|
||
Uses stdout for traffic. This might fail for inbound traffic.
|
||
Option groups: FD; dependent on actual type of stdout (FIFO, CHR, BLK, REG, or
|
||
SOCKET).
|
||
|
||
|
||
STDERR
|
||
|
||
Uses stdout for traffic. This might fail for inbound traffic.
|
||
Option group: FD; dependent on actual types of sterr (FIFO, CHR, BLK, REG, or
|
||
SOCKET).
|
||
|
||
|
||
FD:num
|
||
num
|
||
|
||
Uses the already existing file descriptor <num> for traffic.
|
||
Option groups: FD; dependent on actual types of file descriptor (FIFO, CHR,
|
||
BLK, REG, or SOCKET).
|
||
|
||
|
||
READLINE
|
||
|
||
Uses the GNU readline function and history capabilies (best known from bash).
|
||
It always works on stdin and stdout; if stdio is not a tty, readline does not
|
||
seem to work correctly.
|
||
Because readline is blocking during line editing, it does not fit well into
|
||
socats I/O philosophy.
|
||
socat integrates readline by waiting in the select call as usual; when stdin
|
||
reports available data, socat invokes readline(). readline blocks until the
|
||
user presses ENTER or EOF. Data on socats other stream is not handling in this
|
||
time.
|
||
socat controls the ECHO flag of the stdin tty (off during select(), on for
|
||
readline()).
|
||
When using socat with readline as front end to a service like telnet, POP3 or
|
||
an other authenticated service, please note that the password is entered as
|
||
ordinary data, thus appears on the screen!
|
||
Option groups: FD, READLINE, TERMIOS
|
||
Useful options: history-file
|
||
|
||
|
||
OPEN:path
|
||
|
||
Applies an open() system call to the given path. If the path does not exist a
|
||
file is created only if the option create is used; if a file, pipe, or device
|
||
with this name already exists it is opened. Open for reading and/or writing
|
||
depends on the rw parameter of the xioopen call, or on usage in a socat
|
||
argument. If no perm option is used, xioopen uses 600 (which might be modified
|
||
by umask then).
|
||
Applying this function to files conforms to the semantics as described by the
|
||
open(2) man page.
|
||
Opening device files, like /dev/ttyS*, might block until the device gets active
|
||
(until some peer is connected)
|
||
With existing named pipes (fifos) please note the usual semantics:
|
||
Opening the pipe in read/write mode results in an echo service;
|
||
Opening the pipe in read mode blocks until a writer opens the pipe (close
|
||
by writer gives EOF for the reader); with option nonblock the open call does
|
||
not block.
|
||
Opening the pipe in write mode blocks until a reader opens the pipe (close
|
||
by reader gives "broken pipe" error on next write); with option nonblock the
|
||
open call terminates with error "no such device or address" in absence of a
|
||
reader.
|
||
Opening a named UNIX stream socket with or without a listening peer might
|
||
succeed depending on the operating system, but
|
||
the resulting file descriptor erronously reports available data immediately,
|
||
and the following read() or write() call always fails with "invalid
|
||
argument". Even worse, while such a filesystem entry is identified as socket by
|
||
"file" command and by fstat(), getsockopt() after open() gives error "Socket operation on non-socket".
|
||
Use GOPEN for reasonable behaviour!
|
||
Option groups: FD, OPEN, NAMED, and specific for data object type (FILE, FIFO,
|
||
CHRDEV+TERMIOS, BLKDEV, or SOCKET).
|
||
|
||
|
||
GOPEN:path
|
||
path
|
||
|
||
"Generic open". Tries to open the given path in a smarter way. If the path
|
||
exists and is a socket, it is connected to; if connecting fails,
|
||
socat assumes a datagram socket and later uses sendto() calls for data
|
||
transfer.
|
||
If the path exists and is not a socket, it is opened:
|
||
in RDONLY environment for reading from position 0,
|
||
in WRONLY environment for appending (O_APPEND),
|
||
in RDWR env. for reading and/or writing starting from position 0.
|
||
If the path does not exist:
|
||
in RDONLY environment this is an error
|
||
in WRONLY environment the file is created (O_CREAT)
|
||
in RDWR env. for reading and/or writing starting from position 0.
|
||
However, these flags may be overriden by user supplied options
|
||
(e.g., "append=0")
|
||
Option groups: FD, NAMED, and specific for data object type (FILE, FIFO,
|
||
CHRDEV+TERMIOS, BLKDEV, or SOCKET).
|
||
|
||
|
||
CREATE:path
|
||
CREAT:path
|
||
|
||
Opens the named file with creat(). With UNIX semantics, this address is just a
|
||
variation of the OPEN address, see there for more details.
|
||
Note: The creat() system call does not create a completely new file, but
|
||
inherits some properties of the old file if it exists, e.g. permissions. Use
|
||
option "unlink-early" to remove the old entry before.
|
||
Option groups: FD, NAMED, FILE
|
||
Useful options: unlink-late
|
||
|
||
|
||
PIPE:path
|
||
FIFO:path
|
||
|
||
Creates and opens a pipe if path does not exist; opens path if it already
|
||
exists.
|
||
Option groups: FD, NAMED, FIFO
|
||
Note: this address uses the mknod(2) system call to create the named pipe. On
|
||
FreeBSD, this call requires root privilege
|
||
|
||
|
||
EXEC:cmdline
|
||
|
||
Forks off a child process after establishing a bidirectional communication
|
||
channel (with socketpair, pipes, or pty). The child then starts "cmdline" with
|
||
execvp().
|
||
Note: spaces and shell meta characters in cmdline must be quoted if socat is
|
||
invoked from the command line.
|
||
Option groups: FD, FORK, EXEC, SOCKET, SOCK_UNIX, FIFO, TERMIOS
|
||
Useful options: path, fdin, fdout, chroot, su, pty, stderr
|
||
Note: on AIX, search permissions on /dev/pts/ are required to use option pty.
|
||
|
||
|
||
SYSTEM:cmdline
|
||
|
||
Forks off a child process after establishing a bidirectional communication
|
||
channel (with socketpair, pipes, or pty). The child then starts "cmdline" with
|
||
system().
|
||
Note: spaces and shell meta characters in cmdline must be quoted if socat is
|
||
invoked from the command line.
|
||
Option groups: FD, FORK, EXEC, SOCKET, SOCK_UNIX, FIFO, TERMIOS
|
||
Useful options: path, fdin, fdout, chroot, su, pty, stderr
|
||
Note: there are slightly different semantics with options pty or pipes, because
|
||
they do not communicate an EOF condition to the shell process. Therefore, the
|
||
shell process and its child do not terminate due to EOF, but are explicitly
|
||
killed during close of the socat file handle. Consider using
|
||
exec:'/bin/sh -c command',pty...
|
||
|
||
|
||
UNIX:path
|
||
LOCAL:path
|
||
|
||
Connects to a UNIX domain socket.
|
||
Option groups: FD, SOCKET, SOCK_UNIX
|
||
NOTE: you need rw permissions to connect to a local socket. My Linux answers
|
||
with "connection refused" to insufficient permissions, not existing
|
||
socket, not a socket, or just a socket entry without a listening process.
|
||
NOTE: this address does not implement option group NAMED because its connect
|
||
call succeeds only if there is already someone listening, but at this point the
|
||
NAMED group actions no longer affect this socket, only the fs entry.
|
||
|
||
|
||
UNIX-listen:path
|
||
UNIX-l:path
|
||
|
||
Create a listening UNIX domain socket. With the fork option, for each accepted
|
||
connection a new process is forked off, and more connections are accepted on
|
||
the parent socket. Without fork, only the first connection is accepted.
|
||
Option groups: FD, NAMED, SOCKET, SOCK_UNIX, LISTEN, CHILD
|
||
|
||
|
||
IP:host:protocol
|
||
IP4:host:protocol
|
||
|
||
Open a raw socket with IP4 protocol. This mode sends packets to and accepts
|
||
them only from host. protocol is a number from 0 to 255, with 1 meaning ICMP,
|
||
6..TCP, 17..UDP, 255..raw IP; 0 might be unsupported by the local IP stack,
|
||
resulting in an error.
|
||
Requires root privilege.
|
||
Note: my Linux 2.4.10 kernel seems to drop payloads smaller than 8
|
||
bytes on their way from the network to the application.
|
||
Option groups: FD, SOCKET, SOCK_IP
|
||
|
||
|
||
TCP:host:port
|
||
TCP4:host:port
|
||
INET:host:port
|
||
|
||
Create a TCP/IP4 client socket and connect to the given host/port combination.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP
|
||
Useful options: crlf, bind, tos, mtudiscover, mss, nodelay,
|
||
|
||
|
||
TCP-l:port
|
||
TCP-listen:port
|
||
TCP4-l:port
|
||
TCP4-listen:port
|
||
INET-l:port
|
||
INET-listen:port
|
||
|
||
Create a TCP/IP4 server socket and wait for an incoming connection. With the
|
||
fork option, for each accepted connection a new process is forked off, and more
|
||
connections are accepted on the parent socket. Without fork, only the first
|
||
connection is accepted.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP, LISTEN, RANGE, CHILD
|
||
Useful options: fork, crlf, bind, backlog, mtu, tcpwrap
|
||
|
||
|
||
UDP:host:port
|
||
UDP-CONNECT:host:port
|
||
|
||
Connects to port on host using UDP/IP version 4 or 6
|
||
depending on address specification, name resolution, or option pf.
|
||
Please note that,
|
||
due to UDP protocol properties, no real connection is established; data has
|
||
to be sent for `connecting' to the server, and no end-of-file condition can
|
||
be transported.
|
||
Option groups: FD, SOCKET, SOCK_IP4, SOCK_IP6, IP_UDP
|
||
Useful options: ttl
|
||
|
||
UDP4:host:port
|
||
UDP4-CONNECT:host:port
|
||
|
||
Like UDP-CONNECT, but only supports IPv4 protocol.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_UDP
|
||
|
||
|
||
UDP-listen:port
|
||
UDP-l:port
|
||
|
||
Emulates a UDP server in the same way as netcat: Create a UDP/IP4 socket and
|
||
bind to the given port. Then wait for the first packet, get its sender address
|
||
(without consuming its data), connect() to this address, and leave xioopen().
|
||
Afterwards, our socket only communicates with this peer.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_UDP, RANGE
|
||
Note: with fork option, child processes might hang forever because UDP cannot
|
||
transport EOF conditions.
|
||
|
||
|
||
#UDP-dgram:port
|
||
#UDP-d:port
|
||
#
|
||
#Create and use a pure datagram oriented UDP socket.
|
||
#The following restrictions apply:
|
||
#* range option does not work
|
||
#* de facto this is a read-only endpoint: sending data to 0.0.0.0 might fail.
|
||
|
||
|
||
TCP6:host:port
|
||
INET6:host:port
|
||
|
||
Create a TCP/IP6 client socket and connect to the given host/port combination.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP
|
||
Note: Address syntax parsing is awkward, since the IPv6 address word separator
|
||
is ':' which is used as port separator too.
|
||
An FTP listen entry looks in netstat ":::21"!
|
||
|
||
|
||
TCP6-l:port
|
||
TCP6-listen:port
|
||
INET6-l:port
|
||
INET6-listen:port
|
||
|
||
Create a TCP server socket and wait for an incoming connection. With the fork
|
||
option, for each accepted connection a new process is forked off, and more
|
||
connections are accepted on the parent socket. Without fork, only the first
|
||
connection is accepted.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP, LISTEN, RANGE, CHILD
|
||
|
||
|
||
SOCKS4:sockd:host:port
|
||
SOCKS:sockd:host:port
|
||
|
||
Use a socks server, socks protocol version 4, to build a TCP (IPv4) connection.
|
||
Sockd is the name or address of the socks server, host and port specify the
|
||
destination address. Use option socksport if the socks server does not listen
|
||
on port 1080.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP, IP_SOCKS
|
||
Useful options: sp, socksport, socksuser
|
||
Note: If you do not specify option socksuser, xioopen tries to derive it from
|
||
environment: LOGNAME or USER, and might therefore undisclose your identity.
|
||
|
||
|
||
SOCKS4a:sockd:host:port
|
||
|
||
Like SOCKS4, but use the socks version 4a extension for destination name
|
||
resolution on the socks server.
|
||
Option groups: FD, SOCKET, SOCK_IP, IPAPP, IP_TCP, IP_SOCKS
|
||
|
||
|
||
PTY
|
||
|
||
Creates a pseudo terminal (pty) and uses its master side. Another process may
|
||
open the pty<74>s slave side using it like a serial line or terminal.
|
||
Option groups: FD,NAMED,PTY,TERMIOS
|
||
Useful options: link, openpty, mode, user, group
|
||
|
||
|
||
OPENSSL-CONNECT:host:port
|
||
OPENSSL:host:port
|
||
|
||
Tries to establish a SSL connection to port on host using TCP/IPv4.
|
||
Note: this is currently only an experimental integration of openssl!
|
||
(it does not provide any trust between the peers because is does not check
|
||
certificates!)
|
||
Option groups: FD,SOCKET,SOCK_IP4,IP_TCP,OPENSSL,RETRY
|
||
Useful options: cipher, method, verify, cafile, capath, certificate, bind, sourceport, retry
|
||
|
||
|
||
OPENSSL-LISTEN:port
|
||
|
||
Listens on tcp4 port. When a connection is accepted, this address behaves as
|
||
SSL server.
|
||
Option groups: FD,SOCKET,SOCK_IP4,TCP,LISTEN,CHILD,RANGE,OPENSSL,RETRY
|
||
Usefule options: cipher, method, verify, cafile, capath, certificate, retry
|
||
|
||
|
||
PROXY:proxy:host:port
|
||
PROXY-CONNECT:proxy:host:port
|
||
|
||
Connects to an HTTP proxy server on port 8080 using TCP/IPv4, and sends a
|
||
CONNECT request for host:port. If the proxy grants access and succeeds to
|
||
connect to the target, data transfer between socat and the target can
|
||
start. Note that the traffic need not be HTTP but can be an arbitrary
|
||
protocol.
|
||
Option groups: FD,SOCKET,IP4,TCP,HTTP
|
||
Useful options: proxyport, ignorecr, proxyauth, crnl, bind, mss, sourceport
|
||
|
||
===============================================================================
|
||
|
||
Option Groups:
|
||
|
||
Each option is member of one option group. Address definitions specify which
|
||
option groups they support. This allows to reject unapplyable options in an
|
||
early stage of address processing.
|
||
|
||
Address groups are identified by single bit positions. Option definitions
|
||
specify to which group the option belongs (some options are member or more than
|
||
one group). Addresses use a bit pattern to specify which option groups they
|
||
support.
|
||
|
||
Currently the following option groups are defined:
|
||
|
||
GROUP_FD: All addresses that result in one or more file descriptors. These
|
||
options are typically applied with fcntl() or some special calls like fchown()
|
||
or fchmod(). There is no documented restriction to apply these functions to any
|
||
file descriptor; but they are not always meaningful, and sometimes lead to OS
|
||
exceptions.
|
||
|
||
GROUP_APPL: All addresses. The options do not need file descriptors, because
|
||
they manipulate the data streams at application level (ignoreeof, line
|
||
terminator conversion).
|
||
|
||
GROUP_PROCESS: For options that change process related attributes, like user id
|
||
(setuid).
|
||
|
||
GROUP_FIFO: Options for pipes. Currently not used.
|
||
|
||
GROUP_CHR: Options for character devices. Currently not used.
|
||
|
||
GROUP_BLK: Options for block devices. Currently not used.
|
||
|
||
GROUP_REG, GROUP_FILE: Options for regular files. Currently not used.
|
||
|
||
GROUP_SOCKET: Options for arbitrary type sockets, e.g. so-sndbuf, so-linger.
|
||
|
||
GROUP_NAMED: Options for file system entries, e.g. user-early, unlink.
|
||
|
||
GROUP_OPEN: Options that are applied with the open() system call.
|
||
|
||
GROUP_EXEC: Options for program or script execution, e.g. path.
|
||
|
||
GROUP_FORK: Options for communication with children processes, e.g. fdin, pty.
|
||
|
||
GROUP_LISTEN: Options for listening sockets. Only backlog.
|
||
|
||
GROUP_DEVICE: not used
|
||
|
||
GROUP_CHILD: Options for addresses that may fork off independent child
|
||
processes. Currently only option fork.
|
||
|
||
GROUP_RETRY: Options for failure handling. Currently not used.
|
||
|
||
GROUP_TERMIOS: Options for terminal settings, e.g. echo, b38400, raw.
|
||
|
||
GROUP_READLINE: Options for readline (GNU line editing and history).
|
||
|
||
GROUP_RANGE: Options for checking peer address. Currently only range.
|
||
|
||
GROUP_SOCK_UNIX: Options for UNIX domain sockets. Currently not used.
|
||
|
||
GROUP_SOCK_IP4: Options for IP4 sockets. Currently not used.
|
||
|
||
GROUP_SOCK_IP6: Options for IP6 sockets. Currently not used.
|
||
|
||
GROUP_SOCK_IP: Options for IP sockets, e.g. mtu, ip-options, ttl.
|
||
|
||
GROUP_IP_UDP: Options for UDP sockets. Currently not used.
|
||
|
||
GROUP_IP_TCP: Options for TCP sockets, e.g. maxseg, nodelay.
|
||
|
||
GROUP_IPAPP: Options for UDP and TCP sockets. Currently only sourceport.
|
||
|
||
GROUP_IP_SOCKS4: Options for SOCKS client connections, e.g. socksuser.
|
||
|
||
GROUP_PROCESS: Options for process wide attributes, e.g. su, chroot.
|
||
|
||
GROUP_APPL: Options handled by application. Currently not used.
|
||
|
||
GROUP_PTY: Options for pseudo terminals. Used with addresses PTY, EXEC, and
|
||
SYSTEM.
|
||
|
||
GROUP_OPENSSL: Options for the OPENSSL address.
|
||
|
||
There are "combined" group definitions too:
|
||
#define GROUP_ANY (GROUP_PROCESS|GROUP_APPL)
|
||
#define GROUP_ALL 0xffffffff
|
||
|
||
===============================================================================
|
||
|
||
Address Options
|
||
|
||
Address options are identified by a case insensitive keyword. If the options
|
||
needs a parameter value, the option syntax is always:
|
||
OPTION=VALUE
|
||
Currently there do not exist options that take more than one argument;
|
||
sometimes, two values are combined to form one argument value, e.g. IP4 address
|
||
and port:
|
||
192.168.0.1:80
|
||
|
||
Note:
|
||
"Type" describes the type of data that may or must be given to the option and
|
||
that is passed to the system. There are some options with boolean semantics
|
||
(on/off or yes/no), but their values are passed to the system with an int
|
||
parameter. This situation is indicated as "Logical type: bool" and "Physical
|
||
type: int". In this case xioopen passes the physical value to the system,
|
||
giving the user one more hacking playground.
|
||
|
||
|
||
Option: append
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the O_APPEND flag via a fcntl() call and F_SETFL; with OPEN type
|
||
addresses, this flag is applied with the open() call. All data written is
|
||
appended to the actual file end, even if other processes have written to or
|
||
truncated the file in the meantime.
|
||
|
||
|
||
Option: async
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: FreeBSD, Linux, SunOS
|
||
|
||
Sets the O_ASYNC (or FASYNC) flag via a fcntl() call and F_SETFL; with FILE
|
||
addresses, this flag is applied with the open() call. Consult your kernel
|
||
documentation for effects of this flag.
|
||
NOTE: socat does not handle the SIGIO signal.
|
||
|
||
|
||
Option: cloexec
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Sets the FD_CLOEXEC (close-on-exec) flag on the file descriptor via a
|
||
fcntl()call with F_SETFD. Use with caution, because xioopen() makes use of this
|
||
flag to archieve what we consider the most reasonable behaviour; using this
|
||
option overrides xioopen's setting!
|
||
|
||
|
||
Option: flock-ex
|
||
Aliases: flock, lock
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Applies the flock(fd, LOCK_EX) call to the file descriptor(s). This locks a file
|
||
exclusively (but only for processes also using flock() on this file - otherwise, they seem to have unrestricted access).
|
||
If the file is already locked with flock, our flock call blocks until the other
|
||
processes lock is released.
|
||
Note: the "lock" option name alias applies to this option only
|
||
if the fcntl locking mechanism is not available on a platform.
|
||
|
||
|
||
Option: flock-ex-nb
|
||
Aliases: flock-nb
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Applies the flock(fd, LOCK_EX|LOCK_NB) call to the file descriptor(s). This locks a file
|
||
exclusively (but only for processes also using flock() on this file -
|
||
otherwise, they seem to have unrestricted access).
|
||
If the file is already locked with flock, our flock call returns the error
|
||
"Resource temporarily unavailable".
|
||
|
||
|
||
Option: flock-sh
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Applies a shared advisory lock to the file using the flock(fd, LOCK_SH) call.
|
||
This prevents processes from locking the file exclusively.
|
||
If the file has already an exclusive lock, our flock call blocks until the
|
||
other processes lock is released.
|
||
|
||
|
||
Option: flock-sh-nb
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Applies a shared advisory lock to the file using the flock(fd, LOCK_SH|LOCK_NB) call.
|
||
This prevents processes from locking the file exclusively.
|
||
If the file has already an exclusive lock, our flock call returns with error
|
||
"Resource temporarily unavailable".
|
||
|
||
|
||
Option: f-setlk-rd
|
||
Aliases: setlk-rd
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Locks the complete file with fcntl(fd, F_SETLK, {F_RDLCK}) (complete means from its
|
||
start to its maximal length). This locks the file exclusively (but only if the
|
||
other processes accessing this file also use f-setlk or f-setlkw - otherwise,
|
||
they seem to have unrestricted access). If the file is already locked with
|
||
f-setlk or f-setlkw, the fcntl call blocks until release by the other process.
|
||
|
||
|
||
Option: f-setlk-wr
|
||
Aliases: f-setlk, setlk-wr, setlk
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Locks the complete file with fcntl(fd, F_SETLK, {F_WRLCK}) (complete means from its
|
||
start to its maximal length). This locks the file exclusively (but only if the
|
||
other processes accessing this file also use f-setlk or f-setlkw - otherwise,
|
||
they seem to have unrestricted access). If the file is already locked with
|
||
f-setlk or f-setlkw, the fcntl call blocks until release by the other process.
|
||
|
||
|
||
Option: f-setlkw-rd
|
||
Aliases: setlkw-rd
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Locks the complete file with fcntl(fd, F_SETLKW, {F_RDLCK}) (complete means from its
|
||
start to its maximal length). This locks the file exclusively (but only if the
|
||
other processes accessing this file also use f-setlk or f-setlkw - otherwise,
|
||
they seem to have unrestricted access). If the file is already locked with
|
||
f-setlk or f-setlkw, fcntl returns with EAGAIN.
|
||
|
||
|
||
Option: f-setlkw-wr
|
||
Aliases: setlkw-wr, f-setlkw, setlkw, lockw, lock
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Locks the complete file with fcntl(fd, F_SETLKW, {F_WRLCK}) (complete means from its
|
||
start to its maximal length). This locks the file exclusively (but only if the
|
||
other processes accessing this file also use f-setlk or f-setlkw - otherwise,
|
||
they seem to have unrestricted access). If the file is already locked with
|
||
f-setlk or f-setlkw, fcntl returns with EAGAIN.
|
||
|
||
|
||
Option: fork
|
||
|
||
Type: BOOL
|
||
Option group: CHILD
|
||
Phase: PASTACCEPT
|
||
Platforms: all
|
||
|
||
Without fork (or fork=0), the listening process accepts exactly one
|
||
connections, and terminates afterwards. With fork set, it forks off a new socat
|
||
child process for each incoming connection.
|
||
It is very important to understand what socat does with this fork option:
|
||
The parent process remains in a loop of accept() and fork() calls until
|
||
terminated from outside. The child process leaves this loop and goes on with
|
||
the socat processing. If the fork occurs in the first address argument, the
|
||
child process continues with parsing and activating the second address
|
||
argument. This will in most cases be what you want or expect.
|
||
If the fork call occurs in socats second address argument, all children will
|
||
inherit and share the already activated first address.
|
||
|
||
|
||
Option: group=value
|
||
Aliases: gid=value
|
||
|
||
Type: GIDT or unsigned int
|
||
Option group: NAMED
|
||
Type: GIDT
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX group name or a numeric group id. The first
|
||
character of value is a digit for group ids.
|
||
With NAMED addresses this option is applied via a chown() call, with a
|
||
fchown() call otherwise.
|
||
If groupname is a name it must be a valid groupname from /etc/group and is
|
||
converted to a group id with a getgrnam(3) call.
|
||
On most modern operating systems, the owner of the process must be member of
|
||
the group being set; only root may set any group, even numbers without group
|
||
name.
|
||
A Linux 2.2.10 kernel SIGSEGVs the process in the fchown() call when this
|
||
option is used with a socket or pipe. Is fixed with Linux 2.4.
|
||
LINUXBUG TESTCASE:
|
||
SH1: socat -D - unix-l:/tmp/socket,unlink-early
|
||
SH2: socat -d -d -d -d -D gopen:/tmp/socket,group=floppy -
|
||
|
||
|
||
Option: group-late=value
|
||
|
||
Type: GIDT or string
|
||
Option group: FD
|
||
Type: GIDT
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX group name or a numeric group id. The first
|
||
character of value is a digit for group ids.
|
||
This option is applied via a fchown(2) call.
|
||
If groupname is a name it must be a valid groupname from /etc/group and is
|
||
converted to a group id with a getgrnam(3) call.
|
||
On most modern operating systems, the owner of the process must be member of
|
||
the group being set; only root may set any group, even numberic group ids
|
||
without group name.
|
||
|
||
|
||
Option: o-nonblock
|
||
Aliases: nonblock
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the O_NONBLOCK flag of a file descriptor via a fcntl(2) call and F_SETFL;
|
||
with OPEN type addresses, this flag is applied with the open() call.
|
||
It does not change the behaviour of socat's data transfer loop because socat
|
||
uses select() which blocks nevertheless.
|
||
Currently is has only two documented uses:
|
||
1) With address TCP, the connect() call
|
||
does not block; instead, it continues through the open step. The channel is
|
||
passed to the select() call. If something is written to the channel before it
|
||
is connected, this is an error. If connection fails, a read condition occurs
|
||
and read() returns the error.
|
||
2) Opening a named pipe does not block with this option.
|
||
|
||
|
||
Option: o-ndelay
|
||
Aliases: ndelay
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: HP-UX, SunOS (UNIX98)
|
||
|
||
Under Solaris it sets the O_NDELAY of the file descriptor via a fcntl(2) call
|
||
and F_SETFL; with OPEN type addresses, this flag is applied with the open()
|
||
call.
|
||
With all other operating systems, this is just another name for the nonblock option.
|
||
|
||
|
||
Option: o-noatime
|
||
Aliases: noatime
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the O_NOATIME flag of a file descriptor via a fcntl(2) call and F_SETFL;
|
||
with OPEN type addresses, this flag is applied with the open() call.
|
||
It prevents the access time from being updated during read operations.
|
||
|
||
|
||
Option: perm=value
|
||
Aliases: mode=value
|
||
|
||
Type: MODET (mode_t)
|
||
Option group: NAMED
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
This option changes the mode (permissions) of an addresses inode. xioopen
|
||
tries to apply this option already during open phase. If the address does not
|
||
have a open phase or if the option cannot be applied there, the value is
|
||
applied directly on the file descriptor afterwards.
|
||
It is up to you to (1) have the permission to change the permissions, and (2)
|
||
not to set permissions that prevent you from performing your transactions :-)
|
||
NOTE: At least with some Linux 2.2, setting permissions on an existing file or
|
||
device with fchmod() does not change the permissions of its inode on disk. See
|
||
perm-early which uses chmod() instead.
|
||
NOTE: At least with some Linux 2.2, restricting mode on file descriptors does
|
||
not restrict this file descriptors data transfer capabilities.
|
||
|
||
|
||
Option: perm-late=value
|
||
|
||
Type: MODET (mode_t)
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
This option changes the mode (permissions) of a file descriptor with fchown()
|
||
in the last phase of address processing.
|
||
|
||
|
||
Option: seek-set=offset
|
||
Aliases: lseek=offset, seek=offset
|
||
|
||
Type: OFF32 or OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given absolute offset, using lseek() (or lseek64() if
|
||
available) with SEEK_SET.
|
||
|
||
|
||
Option: seek-cur=offset
|
||
|
||
Type: OFF32 or OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given offset from the current position,
|
||
using lseek() (or lseek64() if available) with SEEK_SET.
|
||
|
||
|
||
Option: seek-end=offset
|
||
|
||
Type: OFF32 or OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given offset from the file end,
|
||
using lseek() (or lseek64() if available) with SEEK_END.
|
||
|
||
|
||
Option: lseek32-set=offset
|
||
Aliases: lseek32=offset
|
||
|
||
Type: OFF32
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given absolute offset using lseek() with SEEK_SET.
|
||
This call might fail for non
|
||
random access data objects like character devices or sockets.
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: lseek32-cur=offset
|
||
|
||
Type: OFF32 (instead of off_t)
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given offset from the current position using lseek()
|
||
with SEEK_CUR. This call
|
||
might fail for non random access data objects like character devices.
|
||
On Linux, the seek() call fails on pipes, sockets and ttys but works on files
|
||
and /dev/null
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: lseek32-end=offset
|
||
|
||
Type: OFF32
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Positions the file at the given offset from the file end using lseek() with
|
||
SEEK_END. This call might fail
|
||
for non random access data objects like character devices.
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: lseek64-set=offset
|
||
Aliases: lseek64=offset
|
||
|
||
Type: OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Positions the file at the given absolute offset using lseek64() with SEEK_SET.
|
||
This call might fail for non
|
||
random access data objects like character devices or sockets.
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: lseek64-cur=offset
|
||
|
||
Type: OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Positions the file at the given offset from the current position using
|
||
lseek64() with SEEK_CUR. This call
|
||
might fail for non random access data objects like character devices.
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: lseek64-end=offset
|
||
|
||
Type: OFF64
|
||
Option group: BLK
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Positions the file at the given offset from the file end using lseek64() with
|
||
SEEK_END. This call might fail
|
||
for non random access data objects like character devices.
|
||
NOTE: this option seems to be useless on files with O_APPEND set.
|
||
|
||
|
||
Option: chroot=path
|
||
|
||
Type: STRING
|
||
Option group: PROCESS
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Invokes the chroot() system call with the given path after the address
|
||
resolution, so the path names of the address must be specified with absolute
|
||
pathes.
|
||
Note: when you combine chroot with substuser, with substuser applied within the
|
||
chroot environment, usually the etc/passwd and etc/group files in the chroot
|
||
environment are used for group set etc.
|
||
See appendix "generating a sandbox"
|
||
|
||
|
||
Option: chroot-early=path
|
||
|
||
Type: STRING
|
||
Option group: PROCESS
|
||
Phase: EARLY
|
||
Platforms: all
|
||
|
||
Invokes the chroot() system call with the given path before the address is
|
||
resolved, this means before file opening in OPEN, GOPEN and before program
|
||
execution in EXEC and SYSTEM, so their pathes must be specified related to
|
||
their chroot directory.
|
||
See appendix "generating a sandbox"
|
||
|
||
|
||
Option: setgid=group
|
||
|
||
Type: GIDT (gid_t or string)
|
||
Option group: PROCESS
|
||
Phase: LATE2
|
||
Platforms: all
|
||
|
||
Invokes setgid() with the group id. For EXEC and SYSTEM this call is performed
|
||
for the child process after the fork and therefore does not affect the socat
|
||
process directly. For LISTEN group addresses with fork option, this call is
|
||
performed only on the child processes. For all other addresses, it is performed
|
||
in the late phase of address processing, so it does not affect the address
|
||
where it is used, but for the next address (if any), and for the data loop.
|
||
Note: setgid() does not remove any groups from the current process group set.
|
||
|
||
|
||
Option: setuid=user
|
||
|
||
Type: UIDT (uid_t or string)
|
||
Option group: PROCESS
|
||
Phase: LATE2
|
||
Platforms: all
|
||
|
||
Invokes setuid() with the user id. For EXEC and SYSTEM this call is performed
|
||
for the child process after the fork and therefore does not affect the socat
|
||
process directly. For LISTEN group addresses with fork option, this call is
|
||
performed only on the child processes. For all other addresses, it is performed
|
||
in the late phase of address processing, so it does not affect the address
|
||
where it is used, but the next address (if any), and the data loop.
|
||
Note: setuid() is invoked AFTER setgid(), if both are applied.
|
||
Note: setuid() does not influence the processes group set; in most cases, you
|
||
want to prefer substuser option.
|
||
|
||
|
||
Option: substuser=user
|
||
Aliases: su=user
|
||
|
||
Type: UIDT (uid_t or string)
|
||
Option group: PROCESS
|
||
Phase: LATE2
|
||
Platforms: all
|
||
|
||
Tries to switch the process to the given user and its group set.
|
||
To make sure that the groups are set correctly for the new process owner, the
|
||
system calls initgroups(), setgid(), and setuid() are invoked with the
|
||
appropriate arguments.
|
||
On sane operating system, this option requires root privileges.
|
||
Note: this option sets the user and group ids of the process, but does not
|
||
change the environment; therefore, all variables including $USER, $HOME,
|
||
$LOGNAME, $SHELL etc. are inherited from the old users environment.
|
||
Note: starting a SETUID program after applying substuser or setuid gives the
|
||
process the SETUID owner, which might give root privileges again.
|
||
|
||
|
||
Option: substuser-delayed=user
|
||
Aliases: su-d=user
|
||
|
||
Type: UIDT (unsigned int or string)
|
||
Option group: PROCESS
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Like substuser, but reads the user and group information in an early phase of
|
||
address processing, but applies the appropriate system calls in a late
|
||
phase. This allows to use user information from the host in a chroot
|
||
environment, without exposing this data within the sandbox.
|
||
|
||
|
||
Option: o-trunc
|
||
Aliases: trunc
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Sets the O_TRUNC flag of the open() call, thus truncating the file to zero
|
||
length.
|
||
#! block devices?
|
||
|
||
|
||
Option: ftruncate=value
|
||
Aliases: truncate=value
|
||
|
||
Type: OFF32 or OFF64
|
||
Option group: REG
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Invokes the ftruncate() (or ftruncate64() if available) call for the file descriptor with the given value,
|
||
thus reducing the length of the file to the given length.
|
||
On Linux, ftruncate() fails on sockets and devices but works on regular files
|
||
and pipes.
|
||
#! block devices?
|
||
Note: AIX docu says: for regular files only
|
||
|
||
|
||
Option: ftruncate32=value
|
||
|
||
Type: OFF32
|
||
Option group: REG
|
||
Phase: LATE
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Invokes the ftruncate() call (even if ftruncate64() is available) call for the file descriptor with the given value,
|
||
thus reducing the length of the file to the given length.
|
||
|
||
|
||
Option: ftruncate64=value
|
||
|
||
Type: OFF64
|
||
Option group: REG
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Invokes the ftruncate64() call if available, for the file descriptor with the given value,
|
||
thus reducing the length of the file to the given length.
|
||
|
||
|
||
Option: o-binary
|
||
Aliases: binary, bin
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: OPEN
|
||
Platforms: none; Cygwin
|
||
|
||
Sets the O_BINARY flag with open() or fcntl() to avoid implicit line terminator conversions.
|
||
|
||
|
||
Option: o-text
|
||
Aliases: text
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: OPEN
|
||
Platforms: none; Cygwin
|
||
|
||
Sets the O_TEXT flag with open() or fcntl() to force implicit line terminator conversions.
|
||
|
||
|
||
Option: o-noinherit
|
||
Aliases: noinherit
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: OPEN
|
||
Platforms: none; Cygwin
|
||
|
||
Sets the O_NOINHERIT flag with open() or fcntl() to not keep this file open in a spawned process.
|
||
|
||
|
||
Option: cool-write
|
||
Aliases: coolwrite
|
||
|
||
Type: BOOL
|
||
Option group: FD
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Takes it easy when write fails with EPIPE or ECONNRESET and logs the message
|
||
with notice level instead of error.
|
||
This prevents the log file from being filled with useless error messages
|
||
when socat is used as a high volume server or proxy where clients often
|
||
abort the connection.
|
||
This option is experimental.
|
||
|
||
|
||
Option: end-close
|
||
Aliases: close
|
||
|
||
Type: CONST
|
||
Option group: FD
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Changes the (address dependent) method to close a connection to just close
|
||
the file descriptors. This is useful when the connection is to be reused by
|
||
or shared with other processes.
|
||
Normally, socket connections will be ended with shutdown(2) which
|
||
terminates the socket even if it is shared by multiple processes.
|
||
close(2) "unlinks" the socket from the process but keeps it active as
|
||
long as there are still links from other processes.
|
||
Similarly, when an address of type EXEC or SYSTEM is ended, socat usually
|
||
will explicitely kill the sub process. With this option, it will just close
|
||
the file descriptors.
|
||
|
||
|
||
Option: user=value
|
||
Aliases: owner=value, uid=value
|
||
|
||
Type: UIDT (unsigned int or string)
|
||
Option group: NAMED
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX user name or a numeric user id. The first
|
||
character of value is a digit for user ids.
|
||
For NAMED addresses, if the file already exists, this option is applied via a
|
||
chown() call, with fchown() for all other cases.
|
||
If username is a name it must be a valid username from /etc/passwd and is
|
||
converted to a user id with a getpwnam() call.
|
||
On sane operating systems, the owner of the process must be root to change
|
||
the owner of a file descriptor; root may even apply undefined (unnamed) user
|
||
ids.
|
||
My Linux 2.2 kernel SIGSEGVs the process in the fchown() call when this
|
||
option is used with a (UNIX, unconnected or connected) socket or pipe. Linux
|
||
2.4.0 handles this call correctly.
|
||
TESTCASE: ./socat -d -d -d -d - tcp:loopback:21,user=root
|
||
|
||
|
||
Option: user-late=value
|
||
Aliases: uid-l=value
|
||
|
||
Type: UIDT (unsigned int or string)
|
||
Option group: FD
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX user name or a numeric user id. The first
|
||
character of value is a digit for user ids.
|
||
This option is applied via a fchown() call just before xioopen_single()
|
||
terminates.
|
||
If username is a name it must be a valid username from /etc/passwd and is
|
||
converted to a user id with a getpwnam() call.
|
||
On sane operating systems, the owner of the process must be root to change
|
||
the owner of a file descriptor; root may even apply undefined (unnamed) user
|
||
ids.
|
||
My Linux 2.2 kernel SIGSEGVs the process in the fchown() call when this
|
||
option is used with a socket or pipe.
|
||
|
||
|
||
===============================================================================
|
||
OPEN group options
|
||
Options of this group may be used with all addresses that support OPEN group
|
||
options.
|
||
|
||
|
||
Option: o-rdonly
|
||
Aliases: rdonly
|
||
|
||
Type: BOOL (inherent - no value)
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Use O_RDONLY with the open() call instead of the position dependend default.
|
||
Take care not to block later write operations.
|
||
|
||
|
||
Option: o-wronly
|
||
Aliases: wronly
|
||
|
||
Type: BOOL (inherent - no value)
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Use O_WRONLY with the open() call instead of the position dependend default.
|
||
Take care not to block later write operations.
|
||
|
||
|
||
Option: o-rdwr
|
||
Aliases: rdwr
|
||
|
||
Type: BOOL (inherent - no value)
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Use O_RDWR with the open() call instead of the position dependend default.
|
||
|
||
|
||
Option: o-create
|
||
Aliases: create, creat
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Sets the O_CREAT flag of the open() call. This means that it is not an error if
|
||
the file does not exist.
|
||
|
||
|
||
Option: o-defer
|
||
Aliases: defer
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: none
|
||
|
||
Sets the O_DEFER flag of the open() call. This means that write data is stored
|
||
in paging space until an fsync() call.
|
||
|
||
|
||
Option: o-delay
|
||
Aliases: delay
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: none
|
||
|
||
Sets the O_DELAY flag of the open() call. This lets open block until the share
|
||
conditions are fulfilled (see nshare, rshare)
|
||
|
||
|
||
Option: o-direct
|
||
Aliases: direct
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: FreeBSD, HP-UX, Linux
|
||
|
||
Sets the O_DIRECT flag of the open() call.
|
||
|
||
|
||
Option: o-directory
|
||
Aliases: directory
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: Linux
|
||
|
||
Sets the O_DIRECTORY flag of the open() call. This lets open fail if the given
|
||
path is not a directory. This does not seem to be useful with socat.
|
||
|
||
|
||
Option: o-dsync
|
||
Aliases: dsync
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: HP-UX, Linux, SunOS (UNIX98)
|
||
|
||
Sets the O_DSYNC flag with the open() call. This lets write() calls wait until
|
||
modification metainfo is physically written to media.
|
||
|
||
|
||
Option: o-excl
|
||
Aliases: excl
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Sets the O_EXCL flag of the open() call.
|
||
|
||
|
||
Option: o-largefile
|
||
Aliases: largefile
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the O_LARGEFILE flag of the open() flag.
|
||
|
||
|
||
Option: o-noctty
|
||
Aliases: noctty
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all
|
||
|
||
Sets the O_NOCTTY flag of the open() call, so the opened device does not become
|
||
the controlling tty of the process.
|
||
|
||
|
||
Option: o-nofollow
|
||
Aliases: nofollow
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Sets the O_NOFOLLOW flag of the open() call. This means that the last component
|
||
of the open path must no be a symlink.
|
||
|
||
|
||
Option: o-sync
|
||
Aliases: sync
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the O_SYNC flag with the open() call. This lets write() calls wait until
|
||
data is physically written to media.
|
||
|
||
|
||
Option: o-rshare
|
||
Aliases: rshare
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: none
|
||
|
||
Sets the O_RSHARE flag of the open() call. This means that the file must not be
|
||
opened for writing by other processes ("read sharing").
|
||
|
||
|
||
Option: o-nshare
|
||
Aliases: nshare
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: none
|
||
|
||
Sets the O_NSHARE flag of the open() call. This means that the file must not be
|
||
shared with other processes ("no sharing").
|
||
|
||
|
||
Option: o-rsync
|
||
Aliases: rsync
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: HP-UX, Linux, SunOS (UNIX98)
|
||
|
||
Sets the O_RSYNC flag with the open() call. This lets write() calls wait until
|
||
read metainfo is physically written to media.
|
||
|
||
|
||
Option: o-priv
|
||
Aliases: priv
|
||
|
||
Type: BOOL
|
||
Option group: OPEN
|
||
Phase: OPEN
|
||
Platforms: none (Solaris)
|
||
|
||
Sets the O_PRIV flag with the open() call.
|
||
|
||
===============================================================================
|
||
NAMED group options
|
||
This group is valid for all addresses that refer to a file system entry like
|
||
file, device, named pipe, or named UNIX domain socket.
|
||
|
||
|
||
Option: unlink-early
|
||
Aliases: new
|
||
|
||
Type: BOOL
|
||
Option group: NAMED
|
||
Phase: EARLY
|
||
Platforms: all
|
||
|
||
This options tries to remove the filesystem entry given in the address before
|
||
starting any other processing (even before user-early, perm-early, or
|
||
group-early). unlink() is called; note that this call, in contrast to rm(1),
|
||
removes entries regardless of their permissions. Instead, ownership or root
|
||
privileges and write permissions in the directory are required and sufficient.
|
||
|
||
|
||
Option: unlink
|
||
|
||
Type: BOOL
|
||
Option group: NAMED
|
||
Phase: PREOPEN
|
||
Platforms: all
|
||
|
||
This options tries to remove the filesystem entry given in the address before
|
||
it is tried to open, but past user-early, perm-early, or group-early).
|
||
unlink() is called; note that this call, in contrast to rm(1), removes entries
|
||
regardless of their permissions. Instead, ownership or root privileges and
|
||
write permissions in the directory are required and sufficient.
|
||
|
||
|
||
Option: unlink-late
|
||
|
||
Type: BOOL
|
||
Option group: NAMED
|
||
Phase: PASTOPEN
|
||
Platforms: all
|
||
|
||
This option tries to remove the filesystem entry after it has been opened.
|
||
Options can still be applied to the file descriptor, and
|
||
the node or files data can be used, but it can no longer be accessed by other
|
||
processes (except by tricks?), and after closing the stream the data or node is
|
||
completely removed.
|
||
unlink() is called; note that this call, in contrast to rm(1), removes entries
|
||
regardless of their permissions. Instead, ownership or root privileges and
|
||
write permissions in the directory are required and sufficient.
|
||
|
||
|
||
Option: perm-early=value
|
||
|
||
Type: MODET (mode_t)
|
||
Option group: NAMED
|
||
Phase: PREOPEN
|
||
Platforms: all
|
||
|
||
This option changes the mode (permissions) of an already existing filesystem
|
||
entry with chown() before the file is opened or after the UNIX domain socket is
|
||
bound, but before it listens/connects.
|
||
|
||
|
||
Option: user-early=value
|
||
Aliases: uid-e=value
|
||
|
||
Type: UIDT (unsigned int or string)
|
||
Option group: NAMED
|
||
Phase: PREOPEN
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX user name or a numeric user id. The first
|
||
character of value is a digit for user ids.
|
||
This option is applied via a chown() call before the file system entry is
|
||
opened or after the UNIX domain socket is bound, but before it starts to
|
||
listen/connect.
|
||
If username is a name it must be a valid username from /etc/passwd and is
|
||
converted to a user id with a getpwnam() call.
|
||
On sane operating systems, the owner of the process must be root to change
|
||
the owner of a file descriptor; root may even apply undefined (unnamed) user
|
||
ids.
|
||
|
||
|
||
Option: group-early=value
|
||
Aliases: gid-e=value
|
||
|
||
Type: GIDT (unsigned int or string)
|
||
Option group: NAMED
|
||
Phase: PREOPEN
|
||
Platforms: all
|
||
|
||
Takes one argument, a UNIX group name or a numeric group id. The first
|
||
character of value is a digit for group ids.
|
||
This option is applied via a chown() call before the file system entry is
|
||
opened or after the UNIX domain socket is bound, but before it
|
||
listens/connects.
|
||
If groupname is a name it must be a valid groupname from /etc/group and is
|
||
converted to a group id with a getgrnam() call.
|
||
On most modern operating systems, the owner of the process must be member of
|
||
the group being set; only root may set any group, even numbers without group
|
||
name.
|
||
|
||
|
||
Option: umask=value
|
||
|
||
Type: MODET
|
||
Option group: NAMED
|
||
Phase: EARLY
|
||
Platforms: all
|
||
|
||
Sets the umask before opening a file or creating a UNIX domain socket. This is
|
||
especially useful for these sockets, because there interface does not provide a
|
||
mode argument.
|
||
|
||
|
||
Option: unlink-close
|
||
|
||
Type: BOOL
|
||
Option group: NAMED
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Remove the addresses file system entry when closing the address.
|
||
For named pipes, listening unix domain sockets, and the symbolic links of pty
|
||
addresses, the default is 1; for created files, opened files, generic opened
|
||
files, and client unix domain sockets the default is 0.
|
||
|
||
|
||
===============================================================================
|
||
FORK and EXEC options
|
||
|
||
Option: path=string
|
||
|
||
Type: STRING
|
||
Option group: EXEC
|
||
Phase: PREEXEC
|
||
Platforms: all
|
||
|
||
Changes the PATH environment variable in the child process before the exec() or
|
||
system() call.
|
||
|
||
|
||
Option: nofork
|
||
|
||
Type: BOOL
|
||
Option group: FORK
|
||
Phase: BIGEN
|
||
Platforms: all
|
||
|
||
Does not fork a subprocess for executing the program, instead calls execvp()
|
||
directly from the actual socat instance. This avoids the overhead of another process
|
||
between the program and the communication peer, but introduces lots of
|
||
restrictions:
|
||
* this option can only be applied to the second socat() address.
|
||
* the first socat address cannot be OPENSSL or READLINE
|
||
* socat options -b, -t, -D, -l, -v, -x, -t become useless
|
||
* for both addresses, options ignoreeof, cr and crnl become useless
|
||
* for the second address (the one with option nofork), options
|
||
append, async, cloexec, flock, user, group, mode, nonblock,
|
||
perm-late, setlk, and setpgid cannot be applied, and should be used on the
|
||
first address instead.
|
||
|
||
|
||
Option: pipes
|
||
|
||
Type: BOOL
|
||
Option group: FORK
|
||
Phase: BIGEN
|
||
Platforms: all
|
||
|
||
For communication between the exec() or system() subprocess with socat, use two
|
||
unnamed pipes instead of creating a socket pair.
|
||
|
||
|
||
Option: pty
|
||
|
||
Type: BOOL
|
||
Option group: FORK
|
||
Phase: BIGEN
|
||
Platforms: all
|
||
|
||
For communication between the exec() or system() subprocess with socat, use a
|
||
pseudo terminal instead of a socket pair. The executed program gets the slave
|
||
side, and socat the controlling side of the pseudo terminal.
|
||
This is especially useful if you want to use, e.g., chat with socat (see
|
||
EXAMPLES). Plus, ptys do not buffer I/O.
|
||
Note: implementation of pseudo terminals are differing between platforms, so
|
||
extra porting struggles might be required for porting this feature.
|
||
|
||
|
||
Option: fdin=num
|
||
|
||
Type: USHORT
|
||
Option group: FORK
|
||
Phase: PASTBIGEN
|
||
Platforms: all
|
||
|
||
After forking the child process, assign the stream where the child
|
||
receives data from socat, to file descriptor num instead of stdin.
|
||
|
||
|
||
Option: fdout=num
|
||
|
||
Type: USHORT
|
||
Option group: FORK
|
||
Phase: PASTBIGEN
|
||
Platforms: all
|
||
|
||
After forking the child process, assign the stream where the child
|
||
writes data to socat, to file descriptor num instead of stdout.
|
||
|
||
|
||
Option: stderr
|
||
|
||
Type: BOOL
|
||
Option group: FORK
|
||
Phase: PASTFORK
|
||
Platforms: all
|
||
|
||
Normally, the stderr filedescriptor of the forked program is a clone of socat's
|
||
stderr fd. If this option is used, the programs stderr filedescriptor is a copy
|
||
of the "normal" data output of the program, i.e. of its stdout or fdout.
|
||
|
||
|
||
Option: setsid
|
||
Aliases: sid
|
||
|
||
Type: BOOL
|
||
Option group: PROCESS
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Invokes setsid() to make the forked off subprocess the leader of a new
|
||
session. This also generates a new process group with this process as leader.
|
||
This is useful, e.g., when exec'ing ssh to get the password prompt into the I/O
|
||
channel (see EXAMPLES)
|
||
|
||
|
||
Option: setpgid
|
||
Aliases: pgid
|
||
|
||
Type: INT
|
||
Option group: FORK
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Invokes setpgid(0, val) from the child process.
|
||
|
||
|
||
Option: tiocsctty
|
||
Aliases: ctty
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: LATE2
|
||
Platforms: all
|
||
|
||
Applies only in combination with the pty option or its variants. Tries to make
|
||
the pty the controlling terminal. May require option setsid to work correctly.
|
||
|
||
|
||
Option: dash
|
||
Aliases: login
|
||
|
||
Type: BOOL
|
||
Option group: EXEC
|
||
Phase: PREEXEC
|
||
Platforms: all
|
||
|
||
Prefixes argv[0] for the execvp() call with '-', thus making a shell behave as
|
||
login shell.
|
||
|
||
|
||
Option: sighup
|
||
|
||
Type: CONST
|
||
Option group: PARENT
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Has socat pass an eventual SIGHUP signal to the sub process.
|
||
If no address has this option, socat terminates on SIGHUP.
|
||
|
||
|
||
Option: sigint
|
||
|
||
Type: CONST
|
||
Option group: PARENT
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Has socat pass an eventual SIGINT signal to the sub process.
|
||
If no address has this option, socat terminates on SIGINT.
|
||
|
||
|
||
Option: sigquit
|
||
|
||
Type: CONST
|
||
Option group: PARENT
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Has socat pass an eventual SIGQUIT signal to the sub process.
|
||
If no address has this option, socat dumps core and terminates on SIGQUIT.
|
||
|
||
|
||
===============================================================================
|
||
PTY options
|
||
These options may be used with addresses that create a pseudo terminal (pty).
|
||
In particular, these are addresses EXEC, SYSTEM, and PTY.
|
||
|
||
|
||
Option: openpty
|
||
|
||
Type: BOOL
|
||
Option group: PTY
|
||
Phase: BIGEN
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Like pty, but only use the openpty mechanism, not any other way for pty
|
||
generation.
|
||
|
||
|
||
Option: ptmx
|
||
|
||
Type: BOOL
|
||
Option group: PTY
|
||
Phase: BIGEN
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Like pty, but only use the /dev/ptmx (/dev/ptc on AIX) mechanism, not any other
|
||
way for pty generation.
|
||
|
||
|
||
Option: symbolic-link=filename
|
||
|
||
Type: FILENAME
|
||
Option group: PTY
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Generates a symbolic link that points to the actual pseudo terminal (pty). This
|
||
might help to solve the problem that ptys are generated with more or less
|
||
unpredictable names, making it difficult to directly access the socat generated
|
||
pty automatically. With this option, the user can specify a "fix" point in the
|
||
file hierarchy that helps him to access the actual pty.
|
||
|
||
|
||
Option: pty-wait-slave
|
||
Aliases: wait-slave, waitslave
|
||
|
||
Type: BOOL
|
||
Option group: PTY
|
||
Phase: EARLY
|
||
Platforms: all
|
||
|
||
Blocks the open phase until a process opens the slave side of the pty.
|
||
Usually, socat continues after generating the pty with opening the next
|
||
address or with entering the transfer engine. With the wait-slave option,
|
||
socat waits until some process opens the slave side of the pty before
|
||
continuing.
|
||
This option only works if the operating system provides the tt(poll())
|
||
system call. And it depends on an undocumented behaviour of pty's, so it
|
||
does not work on all operating systems. It has successfully been tested on
|
||
Linux, FreeBSD, NetBSD, and on Tru64 with openpty.
|
||
|
||
|
||
Option: pty-interval
|
||
|
||
Type: TIMESPEC
|
||
Option group: PTY
|
||
Phase: EARLY
|
||
Platforms: all
|
||
|
||
When the wait-slave option is set, socat periodically checks the HUP
|
||
condition using poll() to find if the pty's slave side has been
|
||
opened. The default
|
||
polling interval is 1s. Use the pty-interval option to change this value.
|
||
|
||
|
||
===============================================================================
|
||
SOCKET options
|
||
These are options that may be applied to all socket type addresses: UNIX
|
||
(LOCAL) domain sockets (even with EXEC type addresses if not pipes), IP, and
|
||
IPv6.
|
||
|
||
|
||
Option: so-debug
|
||
Aliases: debug
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_DEBUG socket option. Requires root.
|
||
|
||
|
||
Option: so-acceptconn
|
||
Aliases: acceptconn
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Tries to set the SO_ACCEPTCONN socket option. Read-only!
|
||
|
||
|
||
Option: so-broadcast
|
||
Aliases: broadcast
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_BROADCAST socket option.
|
||
|
||
|
||
Option: so-reuseaddr
|
||
Aliases: reuseaddr
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_REUSEADDR socket option. Allows to bind to a port even if this
|
||
port is already used for a connection.
|
||
|
||
|
||
Option: so-keepalive
|
||
Aliases: keepalive
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: FD
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_KEEPALIVE socket option.
|
||
|
||
|
||
Option: so-linger=value
|
||
Aliases: linger=value
|
||
|
||
Type: LINGER
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Activates the SO_LINGER option and sets a value (seconds) for it.
|
||
This lets shutdown() or close() block until data transfers have finished or the
|
||
given value timed out.
|
||
Note: on some systems, the type for setsockopt() is struct { int; int; }
|
||
In this case, xioopen() sets {1,value}.
|
||
|
||
|
||
Option: so-oobinline
|
||
Aliases: oobinline
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_OOBINLINE socket option.
|
||
|
||
|
||
Option: so-sndbuf=value
|
||
Aliases: sndbuf=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_SNDBUF option of the socket to the given value. This option is
|
||
applied after the socket() (or socketpair()) call.
|
||
NOTE: The kernel might change the effective value:
|
||
My Linux 2.2 with TCP doubles the value, but uses at least 2048.
|
||
|
||
|
||
Option: so-sndbuf-late=value
|
||
Aliases: sndbuf-late=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: LATE
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_SNDBUF option of the socket to the given value. This option is
|
||
applied after the connect() or accept() (or socketpair) call.
|
||
NOTE: The kernel might change the effective value:
|
||
My Linux 2.2 with TCP doubles the value, but uses at least 2048, and a
|
||
maximum of 131070 (system limit?).
|
||
|
||
|
||
Option: so-rcvbuf=value
|
||
Aliases: rcvbuf=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_RCVBUF option of the socket to the given value. This option is
|
||
applied after the socket() call.
|
||
NOTE: The kernel might change the effective value:
|
||
My Linux 2.2 with TCP connect doubles the value, but uses at least 256 and
|
||
at most 131070.
|
||
My Linux 2.2 with TCP listen doubles the value but uses at least 11772.
|
||
NOTE: For applying the SO_RCVBUF options after the connect() or accept() calls
|
||
see rcvbuf-late.
|
||
|
||
|
||
Option: so-rcvbuf-late=value
|
||
Aliases: rcvbuf-late=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: LATE
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_RCVBUF option of the socket to the given value. This option is
|
||
applied after the connect() or listen() call.
|
||
NOTE: The kernel might change the effective value:
|
||
My Linux 2.2 with TCP doubles the value, but uses at least 256 and maximal
|
||
131070.
|
||
NOTE: sequence of this call may be relevant for the effecting value (AIX
|
||
4.3.3). For applying the SO_RCVBUF option immediately after the socket() call
|
||
see rcvbuf.
|
||
|
||
|
||
Option: so-error
|
||
Aliases: error
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Tries to set the SO_ERROR socket option which is a read-only option.
|
||
On my Linux 2.2 it gives "protocol not available".
|
||
|
||
|
||
Option: so-type=value
|
||
Aliases: type=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Set the sockettype argument of the socket() or socketpair() call. This
|
||
overrides the per
|
||
protocol default (e.g., TCP: SOCK_STREAM). Most values might
|
||
not be supported by a given protocol.
|
||
The following combinations are known to work at least under one OS:
|
||
TCP SOCK_STREAM (system default)
|
||
UDP SOCK_DGRAM (system default)
|
||
IP SOCK_RAW (socat default)
|
||
UNIX SOCK_STREAM (system default)
|
||
UNIX SOCK_DGRAM
|
||
|
||
|
||
Option: so-dontroute
|
||
Aliases: dontroute
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_DONTROUTE socket option.
|
||
|
||
|
||
Option: so-rcvlowat=value
|
||
Aliases: rcvlowat=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_RCVLOWAT socket option. Cannot be changed in Linux (always
|
||
gives "protocol not available").
|
||
|
||
|
||
Option: so-rcvtimeo=value
|
||
Aliases: rcvtimeo=value
|
||
|
||
Provided type: double
|
||
Physical type: TIMEVAL (long[2])
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_RCVTIMOE socket option. Cannot be changed in Linux (always
|
||
gives "protocol not available").
|
||
|
||
|
||
Option: so-sndlowat=value
|
||
Aliases: sndlowat=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_SNDLOWAT socket option. Cannot be changed in Linux (always
|
||
gives "protocol not available").
|
||
|
||
|
||
Option: so-sndtimeo=value
|
||
Aliases: sndtimeo=value
|
||
|
||
Provided type: double
|
||
Physical type: TIMEVAL (long[2])
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all (UNIX98)
|
||
|
||
Sets the SO_SNDTIMEO socket option. Cannot be changed in Linux (always
|
||
gives "protocol not available").
|
||
|
||
|
||
Option: so-audit
|
||
Aliases: audit
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_AUDIT socket option.
|
||
|
||
|
||
Option: so-attach-filter
|
||
Aliases: attach-filter, attachfilter
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Linux docu recommends to use libpcap for this feature.
|
||
"protocol not available", need kernel CONFIG_FILTER!
|
||
|
||
|
||
Option: so-detach-filter
|
||
Aliases: detach-filter, detachfilter
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
See Linux "man 7 socket".
|
||
"protocol not available", need kernel CONFIG_FILTER!
|
||
|
||
|
||
Option: so-bindtodevice=string
|
||
Aliases: bindtodevice, interface, if
|
||
|
||
Type: NAME
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Binds the socket to a net interface, e.g. lo0 or eth0 (interface names depend
|
||
on operating system). Might require root privilege.
|
||
|
||
|
||
Option: so-bsdcompat
|
||
Aliases: bsdcompat
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_BSDCOMPAT socket option. See Linux "man 7 socket".
|
||
|
||
|
||
Option: so-cksumrecv
|
||
Aliases: cksumrecv
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_CKSUMRECV socket option.
|
||
|
||
|
||
Option: so-kernaccept
|
||
Aliases: kernaccept
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_KERNACCEPT socket option.
|
||
|
||
|
||
Option: so-no-check
|
||
Aliases: no-check, nocheck
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the SO_NO_CHECK socket option." Intentionally undocumented" under
|
||
Linux (see "man 7 socket"), don't know what it does....
|
||
|
||
|
||
Option: so-noreuseaddr
|
||
Aliases: noreuseaddr
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_NOREUSEADDR socket option.
|
||
|
||
|
||
Option: passcred
|
||
Aliases: so-passcred
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the SO_PASSCRED option of a socket.
|
||
|
||
|
||
Option: so-peercred
|
||
Aliases: peercred
|
||
|
||
Type: INT3 or int[3]?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Enables receiving of credentials. Read only.
|
||
Not really implemented yet.
|
||
Nevertheless, Gives "Protocol not available".
|
||
|
||
|
||
Option: so-priority=value
|
||
Aliases: priority=value
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the protocol defined priority for all packets to be sent on this socket.
|
||
Docu says it requires root privileges. Normal user may set 0..6 for UNIX domain
|
||
and TCP client sockets on Linux 2.2. root may send any int value.
|
||
|
||
|
||
Option: so-reuseport
|
||
Aliases: reuseport
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD, HP-UX
|
||
|
||
Sets the SO_REUSEPORT socket option.
|
||
|
||
|
||
Option: so-security-authentication
|
||
Aliases: security-authentication, securityauthentication
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the SO_SECURITY_AUTHENTICATION socket option. Gives "protocol not
|
||
available" error.
|
||
In Linux 2.2.16 source, only exists in asm-*/socket.h
|
||
|
||
|
||
Option: so-security-encryption-network
|
||
Aliases: security-encryption-network, securityencryptionnetwork
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the SO_SECURITY_ENCRYPTION_NETWORK option of the socket. Gives "protocol
|
||
not available" error.
|
||
In Linux 2.2.16 source, only exists in asm-*/socket.h
|
||
|
||
|
||
Option: so-security-encryption-transport
|
||
Aliases: security-encryption-transport, securityencryptiontransport
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the SO_SECURITY_ENCRYPTION_TRANSPORT option of the socket. Gives "protocol
|
||
not available" error.
|
||
In Linux 2.2.16 source, only exists in asm-*/socket.h
|
||
|
||
|
||
Option: so-use-ifbufs
|
||
Aliases: use-ifbufs, useifbufs
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the SO_USE_IFBUFS socket option.
|
||
|
||
|
||
Option: so-useloopback
|
||
Aliases: useloopback
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD, HP-UX, SunOS
|
||
|
||
Sets the SO_USELOOPBACK socket option.
|
||
|
||
|
||
Option: so-dgram-errind
|
||
Aliases: dgram-errind, dgramerrind
|
||
|
||
Logical type: bool?
|
||
Physical type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: SunOS
|
||
|
||
Sets the SO_DGRAM_ERRIND flag.
|
||
|
||
|
||
Option: so-dontlinger
|
||
Aliases: dontlinger
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: SunOS
|
||
|
||
Sets the SO_DONTLINGER socket option.
|
||
|
||
|
||
Option: so-prototype
|
||
Aliases: prototype
|
||
|
||
Type: INT?
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: HP-UX, SunOS
|
||
|
||
Sets the SO_PROTOTYPE socket option.
|
||
|
||
|
||
Option: type
|
||
|
||
Type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the type of the socket, usually as argument to the socket() or
|
||
socketpair() call, to <type>. Under Linux, 1 means stream oriented socket, 2
|
||
means datagram socket, and 3 means raw socket.
|
||
|
||
|
||
Option: protocol-family
|
||
Aliases: pf
|
||
|
||
Type: STRING
|
||
Option group: SOCKET
|
||
Phase: PRESOCKET
|
||
Platforms: all
|
||
|
||
Forces the use of the specified IP version. <string> can be something like
|
||
"ip4" or "ip6".
|
||
|
||
|
||
Option: fiosetown
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Sets the FIOSETOWN ioctl (in "man 7 socket" called FIOCSETOWN).
|
||
|
||
|
||
#Option: ciocspgrp
|
||
#
|
||
#Allowed in addresses: SOCKET
|
||
#Logical type: bool
|
||
#Physical type: int
|
||
#
|
||
#Sets the CIOCSPGRP ioctl.
|
||
|
||
|
||
#Option: addr=value
|
||
#
|
||
#Allowed in addresses: SOCKET
|
||
#Type: socket-address
|
||
#
|
||
#For client socket, sets the local (bind) address. Not yet implemented.
|
||
|
||
|
||
Option: bind=socketaddress
|
||
|
||
Type: STRING
|
||
Option group: SOCKET
|
||
Phase: BIND
|
||
Platforms: all
|
||
|
||
Gives the address to be used in the bind(2) system call. The format of the
|
||
socketaddress depends on the socket type (see below). For "client" sockets this
|
||
option inserts a bind(2) call between socket(2) and connect(2) calls. For
|
||
"server" sockets this option is ignored! For datagram sockets behaviour of this
|
||
option is currently unspecified.
|
||
Note: for client sockets in the UNIX domain this option is not useful: with the
|
||
same address as connect it will conflict with the bind call of the server
|
||
socket; another address for bind is ignored (with Linux 2.2).
|
||
For TCP sockets these formats are currently implemented:
|
||
HOSTNAME
|
||
HOSTNAME:PORT
|
||
IPADDR
|
||
IPADDR:PORT
|
||
:PORT
|
||
.PORT
|
||
|
||
|
||
Option: connect-timeout=seconds
|
||
|
||
Type: TIMEVAL
|
||
Option group: SOCKET
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Abort the connection attempt after the given time with error status.
|
||
|
||
#
|
||
Option: backlog=value
|
||
|
||
Type: INT
|
||
Option group: LISTEN
|
||
Phase: LISTEN
|
||
Platforms: all
|
||
|
||
Sets the value to be used with the listen(2) system call. The default is 5.
|
||
It does not seem to work for Linux 2.2; Linux seems to allow much more
|
||
established connections, but then they stay even after server process
|
||
shutdown...
|
||
|
||
|
||
Option: range=address:mask, range=address/bits
|
||
|
||
Type: STRING
|
||
Option group: RANGE
|
||
Phase: ACCEPT
|
||
Platforms: all
|
||
Implementation status: only for INET (IP4) addresses
|
||
|
||
Defines a subnet where clients may connect from. If other clients connect the
|
||
accepted connection is shut down immediately after examination of the client
|
||
address. If this option is not used, the default is 0.0.0.0:0.0.0.0, allowing
|
||
arbitrary client addresses. bits is the number of high order bits that must
|
||
match between the range value and the clients address.
|
||
|
||
|
||
Option: tcpwrap, tcpwrap=name
|
||
|
||
Type: STRING_NULL
|
||
Option group: RANGE
|
||
Phase: ACCEPT
|
||
Platforms: (depends on libwrap installation)
|
||
|
||
Uses the rules introduced by Wietse Venema's libwrap (tcpd) library to check
|
||
if the client is allowed to connect. The configuration files are
|
||
/etc/hosts.allow and /etc/hosts.deny. See "man 5 hosts_access" for
|
||
more information. <name> is passed to the wrapper functions as daemon
|
||
process name. If omitted, the basename of socats invokation (argv[0]) is
|
||
passed.
|
||
If both tcpwrap and and range options are applied to an address, both
|
||
conditions must be fulfilled to allow the connection.
|
||
|
||
|
||
Option: hosts-allow, tcpwrap-hosts-allow-table
|
||
|
||
Type: FILENAME
|
||
Option group: RANGE
|
||
Phase: ACCEPT
|
||
Platforms: (depends on libwrap installation)
|
||
|
||
Takes the specified file instead of /etc/hosts.allow.
|
||
|
||
|
||
Option: hosts-deny, tcpwrap-hosts-deny-table
|
||
|
||
Type: FILENAME
|
||
Option group: RANGE
|
||
Phase: ACCEPT
|
||
Platforms: (depends on libwrap installation)
|
||
|
||
Takes the specified file instead of /etc/hosts.deny.
|
||
|
||
|
||
Option: tcpwrap-etc, tcpwrap-dir
|
||
|
||
Type: FILENAME
|
||
Option group: RANGE
|
||
Phase: ACCEPT
|
||
Platforms: (depends on libwrap installation)
|
||
|
||
Looks for hosts.allow and hosts.deny in the specified directory. Is
|
||
overriden by options hosts-allow and hosts-deny.
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
IP options
|
||
|
||
|
||
Option: ip-options=values
|
||
Aliases: ipoptions
|
||
|
||
Type: BIN
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the IP_OPTIONS values of the IP socket. For example, to send packets to
|
||
destination D.D.D.D via a router G.G.G.G you have to specify G.G.G.G as the
|
||
"normal" destination, and D.D.D.D in the source route:
|
||
TCP:G.G.G.G:25,ip-options=x890704dddddddd
|
||
Note that the destination will see G.G.G.G as sender of the packets, and
|
||
therefore might not return the answers correctly.
|
||
See RFC791 for detailed specification of IP option fields.
|
||
Examples:
|
||
x01 ... nop
|
||
x8307040a000001 ... loose source route
|
||
x890b040a000001c0c1c2c3 ... strict source route
|
||
Note: with source routes, you should not specifiy destination address and
|
||
hops as defined in RFC791 (first hop as IP header destination address,
|
||
further hops and final destination in source route) because the (Linux?) kernel changes
|
||
them to a more intuitive form (final destination as destination in IP header,
|
||
gateways in source route). So, in destination address give the final
|
||
destination, and in the source route the gateways!
|
||
Note: this option may be mulitply applied per socket but the (Linux?) kernel
|
||
pads each setting with 0' to align the options end to 4 octets. So you should
|
||
better pad the options data with nops (01) yourself.
|
||
|
||
|
||
Option: ip-pktinfo
|
||
Aliases: ippktinfo, pktinfo
|
||
|
||
Type: INT (should be struct in_pktinfo)
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
Status: Not completely implemented (ancillary messages are not supported by
|
||
socat/xio)
|
||
|
||
Pass an IP_PKTINFO ancillary message.
|
||
|
||
|
||
Option: ip-recvtos
|
||
Aliases: iprecvtos, recvtos
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
Status: Not completely implemented (ancillary messages are not supported by
|
||
socat/xio)
|
||
|
||
Set the IP_RECVTOS socket option which enables IP_TOS ancillary message
|
||
passing.
|
||
|
||
|
||
Option: ip-recvttl
|
||
Aliases: iprecvttl, recvttl
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
Implementation status: No results.
|
||
|
||
Set the IP_RECVTTL socket option.
|
||
|
||
|
||
Option: ip-recvopts
|
||
Aliases: iprecvopts, recvopts
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
Implementation status: No results.
|
||
|
||
Set the IP_RECVOPTS socket option.
|
||
|
||
|
||
Option: ip-retopts
|
||
Aliases: ipretopts, retopts
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
Implementation status: No results.
|
||
|
||
Set the IP_RETOPTS socket option.
|
||
|
||
|
||
Option: ip-tos=value
|
||
Aliases: iptos=value, tos=value
|
||
|
||
Logical type: byte
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the TOS (type of service) flags for the outgoing IP headers of the
|
||
socket. My Linux 2.2 does not allow to set values other than 0 (probably
|
||
needs some optional kernel features).
|
||
|
||
|
||
Option: ip-ttl=value
|
||
Aliases: ipttl=value, ttl=value
|
||
|
||
Logical type: byte
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the TTL (time to live) field for the outgoing IP headers of the socket.
|
||
0 does not seem to be useful and gives "invalid argument" error in Linux.
|
||
This option can be used to implement a "poor mans traceroute" in conjunction
|
||
with tcpdump.
|
||
|
||
|
||
Option: ip-hdrincl
|
||
Aliases: iphdrincl, hdrincl
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Set the IP_HDRINCL socket option. User will supply IP header before user
|
||
data. For raw IP sockets only. Not tested.
|
||
|
||
|
||
Option: ip-recverr
|
||
Aliases: iprecverr, recverr
|
||
|
||
Type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Set the IP_RECVERR socket option.
|
||
Implementation status: No results.
|
||
|
||
|
||
Option: ip-mtu-discover=value
|
||
Aliases: ipmtudiscover=value, mtudiscover=value
|
||
|
||
Type: INT (0..2)
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the IP_MTU_DISCOVER flag of the IP socket. In Linux there are three values
|
||
defined: 0..dont(never), 1..want(per route), 2..do(always)
|
||
|
||
|
||
Option: ip-mtu
|
||
Aliases: ipmtu, mtu
|
||
|
||
Type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the MTU (maximal transfer unit) of the socket. In Linux this is a
|
||
read-only parameter and results in a "protocol not available" error.
|
||
|
||
|
||
Option: ip-freebind
|
||
Aliases: ipfreebind, freebind
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Allows the socket to locally bind to any address, even those that are
|
||
not covered by an interface address, alias address or a local subnet. Even
|
||
broadcast and multicast addresses are possible.
|
||
Note: this option has been found on Linux 2.4 in <linux/in.h>. This file might
|
||
not be included per default, because it creates errors.
|
||
To make this option available, "make" socat with the CCOPT environment
|
||
variable set to "-DIP_FREEBIND=15"
|
||
|
||
|
||
Option: ip-router-alert=value
|
||
Aliases: iprouteralert, routeralert
|
||
|
||
Type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the IP_ROUTER_ALERT socket option. Only works with raw sockets.
|
||
"Invalid argument"
|
||
|
||
|
||
Option: ip-add-membership=multicast-address:interface-address
|
||
ip-add-membership=multicast-address:interface-name
|
||
ip-add-membership=multicast-address:interface-index
|
||
ip-add-membership=multicast-address:interface-address:interface-name
|
||
ip-add-membership=multicast-address:interface-address:interface-index
|
||
Aliases: add-membership
|
||
ip-membership
|
||
|
||
Type: IP_MREQN
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Makes the socket member of the specified multicast group. This is currently
|
||
only implemented for IPv4. The option takes the IP address of the multicast
|
||
group and info about the desired network interface. The most common syntax
|
||
is the first one, while the others are only available on systems that
|
||
provide tt(struct mreqn) (Linux).nl()
|
||
The indices of active network interfaces can be shown using the utility
|
||
procan().
|
||
|
||
|
||
Option: ip-drop-membership
|
||
|
||
Not implemented.
|
||
|
||
|
||
#! Option: ipv6-join-group
|
||
|
||
|
||
Option: ip-multicast-ttl=byte
|
||
Aliases: ipmulticastttl, multicastttl
|
||
|
||
Type: BYTE
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the TTL used for outgoing multicast traffic. Default is 1.
|
||
|
||
|
||
Option: ip-multicast-loop
|
||
Aliases: ipmulticastloop, multicastloop
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Specifies if outgoing multicast traffic should loop back to the interface.
|
||
|
||
|
||
Option: ip-multicast-if=hostname
|
||
Aliases: multicast-if
|
||
|
||
Type: IP4NAME
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Specifies hostname or address of the network interface to be used for
|
||
multicast traffic.
|
||
|
||
|
||
Option: ip-pktoptions
|
||
Aliases: ippktoptions, pktoptions, pktopts
|
||
|
||
Type: INT?
|
||
Option group: SOCK_IP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Set the IP_PKTOPTIONS socket option. No docu found.
|
||
Implementation status: "Protocol not available".
|
||
|
||
|
||
Option: res-debug
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the debug resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-aaonly
|
||
Aliases: aaonly
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the aaonly resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-usevc
|
||
Aliases: usevc
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the usevc resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-primary
|
||
Aliases: primary
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the primary resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-igntc
|
||
Aliases: igntc
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the igntc resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-recurse
|
||
Aliases: recurse
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the recurse resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-defnames
|
||
Aliases: defnames
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the defnames resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-stayopen
|
||
Aliases: stayopen
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the stayopen resolver option to all queries of this XIO address.
|
||
|
||
|
||
Option: res-dnsrch
|
||
Aliases: dnsrch
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Apply the dnsrch resolver option to all queries of this XIO address.
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
IP6 options
|
||
|
||
|
||
Option: ipv6-v6only=value
|
||
Alias: ipv6only, v6only
|
||
|
||
Type: BOOL
|
||
Option group: SOCK_IP6
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Apply the IPV6_V6ONLY socket option to the file descriptor. This controls if
|
||
the socket listens only on the IPv6 protocol or also on IPv4.
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
IPAPP (TCP and UDP) options
|
||
|
||
|
||
Option: sourceport=value
|
||
Alias: sp=value
|
||
|
||
Type: 2BYTE
|
||
Option group: IPAPP (IP_TCP and IP_UDP)
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
For outgoing (client) TCP and UDP connections, it sets the source port (local port, client side port) of
|
||
the socket connection. For server type addresses, requires the client to use
|
||
this sourceport, otherwise socat immediately shuts down the connection.
|
||
On UNIX class operating systems root privilege are required to set a source
|
||
port between 1 and 1023 incl. 0 gives a "random" port number >= 1024, which is
|
||
the default.
|
||
|
||
|
||
Option: lowport
|
||
|
||
Type: BOOL
|
||
Option group: IPAPP (IP_TCP and IP_UDP)
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
For outgoing (client) TCP and UDP connections, it sets the source
|
||
to an unused random port between 640 and 1023 incl. On UN*X type operating
|
||
systems, this requires root privilege, and thus guaranties the peer to be
|
||
root authorized.
|
||
With TCP or UDP listen addresses, socat immediately shuts down the
|
||
connection if the client does not use a sourceport <= 1023.
|
||
This mechanism can provide limited authorization under some circumstances.
|
||
|
||
-------------------------------------------------------------------------------
|
||
TCP options
|
||
|
||
|
||
Option: tcp-nodelay
|
||
Aliases: nodelay
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Sets the TCP_NODELAY flag of the TCP socket. This turns off Nagles algorithm.
|
||
|
||
|
||
Option: tcp-maxseg
|
||
Aliases: maxseg, mss
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: all
|
||
|
||
Limits the MAXSEG (MSS) value of the TCP socket. This option is applied before
|
||
the connect or listen call, so it is transferred in the SYN packet to the peer
|
||
socket.
|
||
Linux client: 0 gives "invalid argument", higher values are used in SYN
|
||
negotiation, but effective MSS is n-12, at least 8.
|
||
On AIX, this is a read-only option.
|
||
|
||
|
||
Option: tcp-maxseg-late
|
||
Aliases: maxseg-late, mss-late
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: CONNECTED
|
||
Platforms: all
|
||
|
||
Limits the MAXSEG (MSS) value of the TCP socket. This option is applied past
|
||
the connect or accept call, so it is not transferred as MSS to the peer socket.
|
||
Observation with Linux 2.2: does not influence the size of packets generated
|
||
by the local socket.
|
||
|
||
|
||
Option: tcp-cork
|
||
Aliases: cork
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_CORK option.
|
||
|
||
|
||
Option: tcp-stdurg
|
||
Aliases: stdurg
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Applies the TCP_STDURG option with setsockopt. This enables RFC 1122 compliant
|
||
urgent point handling.
|
||
|
||
|
||
Option: tcp-rfc1323
|
||
Aliases: rfc1323
|
||
|
||
Logical type: bool
|
||
Physical type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Applies the TCP_RFC1323 option with setsockopt. This enables RFC1323 TCP
|
||
enhancements (window scale, timestamp).
|
||
|
||
|
||
Option: tcp-keepidle
|
||
Aliases: keepidle
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_KEEPIDLE value of the socket with setsockopt(). Starts keepalive
|
||
after this period (in seconds?)
|
||
|
||
|
||
Option: tcp-keepintvl
|
||
Aliases: keepintvl
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_KEEPINTVL value of the socket with setsockopt(). Interval between
|
||
keepalives (in seconds?)
|
||
|
||
|
||
Option: tcp-keepcnt
|
||
Aliases: keepcnt
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_KEEPCNT value of the socket with setsockopt(). Number of
|
||
keepalives before death.
|
||
|
||
|
||
Option: tcp-syncnt
|
||
Aliases: syncnt
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_SYNCNT value of the socket with setsockopt(). Number of SYN
|
||
retransmits.
|
||
|
||
|
||
Option: tcp-linger2
|
||
Aliases: linger2
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_LINGER2 value of the socket with setsockopt(). Life time of
|
||
orphaned FIN-WAIT-2 state.
|
||
|
||
|
||
Option: tcp-defer-accept
|
||
Aliases: defer-accept
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_DEFER_ACCEPT value of the socket with setsockopt(). accept() of
|
||
the listener will only return when data arrived at the new connection. The
|
||
value is converted to seconds by some algorithm.
|
||
|
||
|
||
Option: tcp-window-clamp
|
||
Aliases: window-clamp
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_WINDOW_CLAMP value of the socket with setsockopt(). "Bound advertised
|
||
window".
|
||
|
||
|
||
Option: tcp-info
|
||
Aliases: info
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Sets the TCP_INFO value of the socket with setsockopt(). Is a read only option,
|
||
so it always generates an error.
|
||
|
||
|
||
Option: tcp-quickack
|
||
Aliases: quickack
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: Linux
|
||
|
||
Sets the TCP_QUICKACK option with setsockopt().
|
||
|
||
|
||
Option: tcp-md5sig
|
||
Aliases: md5sig
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Enables generation of MD5 digests on the packets.
|
||
|
||
|
||
Option: tcp-noopt
|
||
Aliases: noopt
|
||
|
||
Type: INT
|
||
Option: group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD
|
||
|
||
Disables use of TCP options.
|
||
|
||
|
||
Option: tcp-nopush
|
||
Aliases: nopush
|
||
|
||
Type: INT
|
||
Option: group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: FreeBSD
|
||
|
||
Sets the TCP_NOPUSH option.
|
||
|
||
|
||
Option: tcp-sack-disable
|
||
Aliases: sack-disable
|
||
|
||
Type: INT
|
||
Option: group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Disables use the selective acknowledge feature.
|
||
|
||
|
||
Option: tcp-signature-enable
|
||
Aliases: signature-enable
|
||
|
||
Type: INT
|
||
Option: group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Enables generation of MD5 digests on the packets.
|
||
|
||
|
||
Option: tcp-abort-threshold
|
||
Aliases: abort-threshold
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: HP-UX, SunOS
|
||
|
||
Sets the time to wait for an answer of the peer on an established connection.
|
||
|
||
|
||
Option: tcp-conn-abort-threshold
|
||
Aliases: conn-abort-threshold
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: HP-UX, SunOS
|
||
|
||
Sets the time to wait for an answer of the server during the initial connect.
|
||
|
||
|
||
Option: tcp-keepinit
|
||
Aliases: keepinit
|
||
|
||
Type: INT
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Sets the time to wait for an answer of the server during connect() before
|
||
giving up. Value in half seconds, default is 150 (75s).
|
||
|
||
|
||
Option: tcp-paws
|
||
Aliases: paws
|
||
|
||
Type: BOOL
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Enables the "protect against wrapped sequence numbers" feature.
|
||
|
||
|
||
Option: tcp-sackena
|
||
Aliases: sackena
|
||
|
||
Type: BOOL
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Enables selective acknowledge.
|
||
|
||
|
||
Option: tcp-tsoptena
|
||
Aliases: tsoptena
|
||
|
||
Type: BOOL
|
||
Option group: IP_TCP
|
||
Phase: PASTSOCKET
|
||
Platforms: none
|
||
|
||
Enables the time stamp option that allows RTT recalculation on existing
|
||
connections.
|
||
|
||
|
||
===============================================================================
|
||
SOCKS options
|
||
|
||
|
||
Option: socksport
|
||
|
||
Type: STRING
|
||
Option group: IP_SOCKS4
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Overrides the default socks server port 1080
|
||
|
||
|
||
Option: socksuser
|
||
|
||
Type: NAME
|
||
Option group: IP_SOCKS4
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Overrides the system derived socks user name ($USER or $LOGNAME or "anonymous")
|
||
|
||
|
||
===============================================================================
|
||
HTTP options
|
||
|
||
|
||
Option: proxyport
|
||
|
||
Type: STRING
|
||
Option group: HTTP
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Overrides the default HTTP proxy port 8080.
|
||
|
||
|
||
Option: ignorecr
|
||
|
||
Type: BOOL
|
||
Option group: HTTP
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
The HTTP protocol requires the use of CR+NL as line terminator. When a proxy
|
||
server violates this standard, socat might not understand its answer.
|
||
This option directs socat to interprete NL as line terminator and
|
||
to ignore CR in the answer. Nevertheless, socat sends CR+NL to the proxy.
|
||
|
||
|
||
Option: proxyauth
|
||
|
||
Type: STRING
|
||
Option group: HTTP
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Provide "basic" authentication to the proxy server. The argument to the option
|
||
must be the username followed by ':' followed by the password. This string is
|
||
used with a "Proxy-Authorize: Base" header in base64 encoded form.
|
||
|
||
|
||
Option: resolve
|
||
|
||
Type: BOOL
|
||
Option group: HTTP
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Per default, socat sends to the proxy a CONNECT request containing the target
|
||
hostname. With this option, socat resolves the hostname locally and sends the
|
||
IP address.
|
||
|
||
|
||
===============================================================================
|
||
TERMIOS options
|
||
|
||
These options are applied with tcsetattr calls with a struct termios.
|
||
Attention: Applying these options to stdin/stdout when they refer to your
|
||
terminal might directly effect your terminal!
|
||
See Linux:"man 3 termios" and Linux:"man 2 stty"
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS combined modes
|
||
|
||
|
||
Option: raw
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Is equivalent to
|
||
ignbrk=0,brkint=0,ignpar=0,parmrk=0,inpck=0,istrip=0,inlcr=0,igncr=0,icrnl=0,ixon=0,ixoff=0,iuclc=0,ixany=0,imaxbel=0,opost=0,isig=0,icanon=0,xcase=0,vmin=1,vtime=0
|
||
|
||
|
||
Option: sane
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Is equivalent to
|
||
cread,ignbrk=0,brkint,inlcr=0,igncr=0,icrnl,ixoff=0,iuclc=0,-ixany=0,imaxbel,opost,olcuc=0,ocrnl=0,onlcr,onocr=0,onlret=0,ofill=0,ofdel=0,nl0,cr0,tab0,bs0,vt0,ff0,isig,icanon,iexten,echo,echoe,echok,echonl=0,noflsh=0,xcase=0,tostop=0,echoprt=0,echoctl,echoke
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS input mode flags
|
||
|
||
|
||
Option: ignbrk
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IGNBRK flag of the terminal driver.
|
||
|
||
|
||
Option: brkint
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the BRKINT flag of the terminal driver.
|
||
|
||
|
||
Option: ignpar
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IGNPAR flag of the terminal driver.
|
||
|
||
|
||
Option: parmrk
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the PARMRK flag of the terminal driver.
|
||
|
||
|
||
Option: inpck
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the INPCK flag of the terminal driver. Enables input parity checking.
|
||
|
||
|
||
Option: istrip
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ISTRIP flag of the terminal driver. Strips off the eighth bit.
|
||
|
||
|
||
Option: inlcr
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the INLCR flag of the terminal driver. Translates NL to CR on input.
|
||
|
||
|
||
Option: igncr
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IGNCR flag of the terminal driver. Ignores CR character on input.
|
||
|
||
|
||
Option: icrnl
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ICRNL flag of the terminal driver. Translates CR to NL on input. This
|
||
option is ignored when IGNCR is set.
|
||
|
||
|
||
Option: iuclc
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the IUCLC flag of the terminal driver. Changes characters in input from
|
||
uppercase to lowercase.
|
||
|
||
|
||
Option: ixon
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IXON flag of the terminal driver. Enables XON/XOFF flow control on
|
||
output (?).
|
||
|
||
|
||
Option: ixany
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IXANY flag of the terminal driver. Enables any character to restart
|
||
output.
|
||
|
||
|
||
Option: ixoff
|
||
Aliases: tandem
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IXOFF flag of the terminal driver. Enables XON/XOFF flow control on
|
||
input.
|
||
|
||
|
||
Option: imaxbel
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IMAXBEL flag of the terminal driver. Rings the bell when the input
|
||
queue is full.
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS output mode flags
|
||
|
||
|
||
Option: opost
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the OPOST flag of the terminal driver.
|
||
|
||
|
||
Option: olcuc
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the OLCUC flag of the terminal driver.
|
||
|
||
|
||
Option: onlcr
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ONLCR flag of the terminal driver.
|
||
|
||
|
||
Option: ocrnl
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the OCRNL flag of the terminal driver.
|
||
|
||
|
||
Option: onocr
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ONOCR flag of the terminal driver.
|
||
|
||
|
||
Option: onlret
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ONLRET flag of the terminal driver.
|
||
|
||
|
||
Option: ofill
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the OFILL flag of the terminal driver.
|
||
|
||
|
||
Option: ofdel
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the OFDEL flag of the terminal driver.
|
||
|
||
|
||
Option: nldly
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the NLDLY flag of the terminal driver. 0 sets the value to NL0, and 1 to
|
||
NL1. See nl0, nl1.
|
||
|
||
|
||
Option: nl0
|
||
|
||
Type: CONST (const bool, always sets 0)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field NLDLY to the value NL0.
|
||
|
||
|
||
Option: nl1
|
||
|
||
Type: CONST (const bool, always sets 1)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field NLDLY to the value NL1.
|
||
|
||
|
||
Option: crdly=value
|
||
|
||
Type: UINT (0..3)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field CRDLY to the given value.
|
||
See cr0, cr1, cr2, cr3.
|
||
|
||
|
||
Option: cr0
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the CRDLY field to the value CR0.
|
||
See crdly.
|
||
|
||
|
||
Option: cr1
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the CRDLY field to the value CR1.
|
||
See crdly.
|
||
|
||
|
||
Option: cr2
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the CRDLY field to the value CR2.
|
||
See crdly.
|
||
|
||
|
||
Option: cr3
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the CRDLY field to the value CR3.
|
||
See crdly.
|
||
|
||
|
||
Option: tab0
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the horizontal tab delay mask to TAB0.
|
||
See tabdly.
|
||
|
||
|
||
Option: tab1
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the horizontal tab delay mask to TAB1.
|
||
See tabdly.
|
||
|
||
|
||
Option: tab2
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the horizontal tab delay mask to TAB2.
|
||
See tabdly.
|
||
|
||
|
||
Option: tab3
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the horizontal tab delay mask to TAB3.
|
||
See tabdly.
|
||
|
||
|
||
Option: tabdly=value
|
||
|
||
Type: UINT (0..3)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field TABDLY to the given value.
|
||
See tab0, tab1, tab2, and tab3.
|
||
|
||
|
||
Option: xtabs
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the horizontal tab delay mask to XTABS.
|
||
|
||
|
||
Option: bs0
|
||
|
||
Type: CONST (0)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field BSDLY to the value BS0
|
||
|
||
|
||
Option: bs1
|
||
|
||
Type: CONST (1)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field BSDLY to the value BS1
|
||
|
||
|
||
Option: bsdly
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the BSDLY flag of the terminal driver. 0 sets the value to BS0, and 1 to
|
||
BS1. See bs0, bs1.
|
||
|
||
|
||
Option: vt0
|
||
|
||
Type: CONST (0)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field VTDLY to the value VT0
|
||
|
||
|
||
Option: vt1
|
||
|
||
Type: CONST (1)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field VTDLY to the value VT1
|
||
|
||
|
||
Option: vtdly
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the VTDLY flag of the terminal driver. 0 sets the value to VT0, and 1 to
|
||
VT1. See vt0, vt1.
|
||
|
||
|
||
Option: ff0
|
||
|
||
Type: CONST (0)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field FFDLY to the value FF0
|
||
See ffdly.
|
||
|
||
|
||
Option: ff1
|
||
|
||
Type: CONST (1)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the field FFDLY to the value FF1
|
||
See ffdly.
|
||
|
||
|
||
Option: ffdly
|
||
|
||
Type: BOOL (0..1)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the FFDLY flag of the terminal driver. 0 sets the value to FF0, and 1 to
|
||
FF1. See ff0, ff1.
|
||
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS control mode flags
|
||
|
||
|
||
Option: cs5
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the field CSIZE to the value CS5
|
||
|
||
|
||
Option: cs6
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the field CSIZE to the value CS6
|
||
|
||
|
||
Option: cs7
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the field CSIZE to the value CS7
|
||
|
||
|
||
Option: cs8
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the field CSIZE to the value CS8
|
||
|
||
|
||
Option: csize
|
||
|
||
Type: UINT (0..3)
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the field CSIZE. 0..CS5, 1..CS6, 2..CS7, 3..CS8
|
||
|
||
|
||
Option: cstopb
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the flag CSTOPB.
|
||
|
||
|
||
Option: cread
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the value of the CREAD flag.
|
||
|
||
|
||
Option: parenb
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the PARENB flag of the terminal driver.
|
||
|
||
|
||
Option: parodd
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the PARODD flag of the terminal driver.
|
||
|
||
|
||
Option: hupcl
|
||
Aliases: hup
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the HUPCL flag of the terminal driver.
|
||
|
||
|
||
Option: clocal
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the CLOCAL flag of the terminal driver.
|
||
|
||
|
||
Option: crtscts
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux, SunOS
|
||
|
||
Sets the CRTSCTS flag of the terminal driver.
|
||
|
||
|
||
Option: b0 (HP-UX, Linux, SunOS)
|
||
Option: b50 (HP-UX, Linux, SunOS)
|
||
Option: b75 (HP-UX, Linux, SunOS)
|
||
Option: b110 (HP-UX, Linux, SunOS)
|
||
Option: b134 (HP-UX, Linux, SunOS)
|
||
Option: b150 (HP-UX, Linux, SunOS)
|
||
Option: b200 (HP-UX, Linux, SunOS)
|
||
Option: b300 (HP-UX, Linux, SunOS)
|
||
Option: b600 (HP-UX, Linux, SunOS)
|
||
Option: b900 (HP-UX)
|
||
Option: b1200 (HP-UX, Linux, SunOS)
|
||
Option: b1800 (HP-UX, Linux, SunOS)
|
||
Option: b2400 (HP-UX, Linux, SunOS)
|
||
Option: b3600 (HP-UX)
|
||
Option: b4800 (HP-UX, Linux, SunOS)
|
||
Option: b7200 (HP-UX)
|
||
Option: b9600 (HP-UX, Linux, SunOS)
|
||
Option: b19200 (HP-UX, Linux, SunOS)
|
||
Option: b38400 (HP-UX, Linux, SunOS)
|
||
Option: b57600 (HP-UX, Linux, SunOS)
|
||
Option: b115200 (HP-UX, Linux, SunOS)
|
||
Option: b230400 (HP-UX, Linux, SunOS)
|
||
Option: b460800 (HP-UX, Linux, SunOS)
|
||
Option: b500000 (Linux)
|
||
Option: b576000 (Linux)
|
||
Option: b921600 (Linux)
|
||
Option: b1000000 (Linux)
|
||
Option: b1152000 (Linux)
|
||
Option: b1500000 (Linux)
|
||
Option: b2000000 (Linux)
|
||
Option: b2500000 (Linux)
|
||
Option: b3000000 (Linux)
|
||
Option: b3500000 (Linux)
|
||
Option: b4000000 (Linux)
|
||
|
||
Type: CONST
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
|
||
Sets the baud rate to the implied value. b0 "hangs up" the connection.
|
||
|
||
|
||
Option: ispeed
|
||
|
||
Type: UINT
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Sets the input baud rate to the specified value. This works on systems where
|
||
struct termios has a special c_ispeed field.
|
||
|
||
|
||
Option: ospeed
|
||
|
||
Type: UINT
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux
|
||
|
||
Sets the input baud rate to the specified value. This works on systems where
|
||
struct termios has a special c_ospeed field.
|
||
|
||
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS local mode flags
|
||
|
||
|
||
Option: isig
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ISIG flag of the terminal driver.
|
||
|
||
|
||
Option: icanon
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ICANON flag of the terminal driver.
|
||
|
||
|
||
Option: xcase
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: HP-UX, Linux, SunOS
|
||
|
||
Sets the XCASE flag of the terminal driver.
|
||
|
||
|
||
Option: echo
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHO flag of the terminal driver.
|
||
|
||
|
||
Option: echoe
|
||
Aliases: crterase
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHOE flag of the terminal driver.
|
||
|
||
|
||
Option: echok
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHOK flag of the terminal driver.
|
||
|
||
|
||
Option: echonl
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHONL flag of the terminal driver.
|
||
|
||
|
||
Option: echoctl
|
||
Aliases: ctlecho
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHOCTL flag of the terminal driver.
|
||
|
||
|
||
Option: echoprt
|
||
Aliases: prterase
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHOPRT flag of the terminal driver.
|
||
|
||
|
||
Option: echoke
|
||
Aliases: crtkill
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the ECHOKE flag of the terminal driver.
|
||
|
||
|
||
Option: flusho
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the FLUSHO flag of the terminal driver.
|
||
|
||
|
||
Option: noflsh
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the NOFLSH flag of the terminal driver.
|
||
|
||
|
||
Option: tostop
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the TOSTOP flag of the terminal driver.
|
||
|
||
|
||
Option: pendin
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the PENDIN flag of the terminal driver.
|
||
|
||
|
||
Option: iexten
|
||
|
||
Type: BOOL
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the IEXTEN flag of the terminal driver.
|
||
|
||
|
||
-------------------------------------------------------------------------------
|
||
TERMIOS options for functional characters
|
||
|
||
Option: vintr=value
|
||
Aliases: intr=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VINTR character that interrupts the current process.
|
||
On UNIX systems the preset value usually is 3 (^C).
|
||
|
||
|
||
Option: vquit=value
|
||
Aliases: quit=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VQUIT character that quits the current process.
|
||
On my Linux 2.2 system the preset value is 0x1c (^\).
|
||
|
||
|
||
Option: verase=value
|
||
Aliases: erase=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VERASE character that erases the last character.
|
||
On many UNIX systems the preset value is 0x7f.
|
||
|
||
|
||
Option: vkill=value
|
||
Aliases: kill=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VKILL character that kills (erases) the current line.
|
||
On my Linux 2.2 system systems the preset value is 0x15 (^U).
|
||
|
||
|
||
Option: veof=value
|
||
Aliases: eof=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VEOF character that kills indicate end of file.
|
||
On most UNIX systems the preset value is 0x04 (^D).
|
||
|
||
|
||
Option: vtime=value
|
||
Aliases: time=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: not tested
|
||
|
||
Sets the value of VTIME. See "man 1 stty" / time.
|
||
On my Linux 2.2 system the preset value is 0.
|
||
|
||
|
||
Option: vmin=value
|
||
Aliases: min=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: not tested
|
||
|
||
Sets the value of VMIN. See "man 1 stty" / time.
|
||
On my Linux 2.2 system the preset value is 1.
|
||
|
||
|
||
Option: vswtc=value
|
||
Aliases: swtc=value, swtch=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: Linux
|
||
Status: not tested
|
||
|
||
Sets the value of VSWTC. "Switches to a different shell layer".
|
||
On my Linux 2.2 system the preset value is 0.
|
||
|
||
|
||
Option: vstart=value
|
||
Aliases: start=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VSTART character that resumes data flow after a stop.
|
||
Usually the preset value is 0x11 (^Q).
|
||
|
||
|
||
Option: vstop=value
|
||
Aliases: stop=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VSTOP character that stops output.
|
||
Usually the preset value is 0x13 (^S)
|
||
|
||
|
||
Option: vsusp=value
|
||
Aliases: susp=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VSUSP character that suspends the current foreground
|
||
process and reactivates the shell.
|
||
Usually the preset value is 0x1a (^Z)
|
||
|
||
|
||
Option: vdsusp=value
|
||
Aliases: dsusp=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, HP-UX, SunOS
|
||
Status: tested
|
||
|
||
Sets the value for the VDSUSP character that suspends the current foreground
|
||
process and reactivates the shell.
|
||
|
||
|
||
Option: veol=value
|
||
Aliases: eol=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested with awkward results
|
||
|
||
Sets the value for the VEOL character that should indicate end of line.
|
||
Not clear what differentiates it from the return key; xterm window put "xterm"
|
||
into the input buffer.
|
||
On my Linux 2.2 system the preset value is 0 (disabled)
|
||
|
||
|
||
Option: vreprint=value
|
||
Aliases: reprint=value, rprnt=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux, SunOS
|
||
Status: not tested
|
||
|
||
Sets the value for the VREPRINT character that should reprint the current line.
|
||
On my Linux 2.2 system the preset value is 0x12 (^R). Nevertheless, bash
|
||
enters backward search mode.
|
||
|
||
|
||
Option: vdiscard=value
|
||
Aliases: discard=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: FreeBSD, Linux, SunOS
|
||
Status: not tested
|
||
|
||
Sets the value for the VDISCARD character.
|
||
On my Linux 2.2 system the preset value is 0x0f (^O)
|
||
|
||
|
||
Option: vwerase=value
|
||
Aliases: werase=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VWERASE character that erases the last word.
|
||
On my Linux 2.2 system the preset value is 0x17 (^W)
|
||
|
||
|
||
Option: vlnext=value
|
||
Aliases: lnext=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: tested
|
||
|
||
Sets the value for the VLNEXT character that lets the next input character raw
|
||
(not interpreted).
|
||
On my Linux 2.2 system the preset value is 0x16 (^V)
|
||
|
||
|
||
Option: veol2=value
|
||
Aliases: eol2=value
|
||
|
||
Type: BYTE
|
||
Option group: TERMIOS
|
||
Phase: FD
|
||
Platforms: all
|
||
Status: not tested
|
||
|
||
Sets the value for the VEOL2 character.
|
||
On my Linux 2.2 system the preset value is 0 (disabled).
|
||
|
||
|
||
===============================================================================
|
||
READLINE options
|
||
|
||
Option: history-file=filename
|
||
Aliases: history=filename
|
||
|
||
Type: STRING
|
||
Option group: READLINE
|
||
Phase: LATE
|
||
Platforms: (depends on libreadline installation)
|
||
|
||
Without this option, the readline address uses only a per process history
|
||
list. With this option, socat tries to read history lines during initialization
|
||
from the given file, and on termination writes the old and new lines to the
|
||
file.
|
||
NOTE: currently, no mechanism is implemented for limiting the length of the
|
||
history file.
|
||
NOTE: filename must be a valid relativ or absolute path; "~" is not supported!
|
||
|
||
|
||
Option: noprompt
|
||
|
||
Type: BOOL
|
||
Option group: READLINE
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Since version 1.3.3, socat per default tries to determine a prompt -
|
||
that is then passed to the readline call - by remembering the last
|
||
incomplete line of the output. With this option, socat does not pass a
|
||
prompt to the readline call, so it might set the cursor to the first column
|
||
of the terminal.
|
||
|
||
|
||
Option: noecho
|
||
|
||
Type: STRING
|
||
Option group: READLINE
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Specifies a regular pattern for a prompt that prevents the following input
|
||
line from being displayed on the screen and from being added to the history.
|
||
The prompt is defined as the text that was output to the readline address
|
||
after the lastest newline character and before an input character was
|
||
typed. The pattern is a regular expression, e.g.
|
||
"^[Pp]assword:.*$" or "([Uu]ser:|[Pp]assword:)". See regex(7) for details.
|
||
|
||
|
||
Option: prompt
|
||
|
||
Type: STRING
|
||
Option group: READLINE
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
Passes the string as prompt to the readline function. readline prints this
|
||
prompt when stepping through the history. If this string matches a constant
|
||
prompt issued by an interactive program on the other socat address,
|
||
consistent look and feel can be archieved.
|
||
|
||
===============================================================================
|
||
OPENSSL options
|
||
|
||
Option: openssl-cipherlist=string
|
||
Aliases: cipherlist=string, ciphers=string, cipher=string
|
||
|
||
Type: STRING
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Selects the list of ciphers that may be used for the connection.
|
||
See the man page ciphers(1), section CIPHER LIST FORMAT, for
|
||
detailed information about syntax, values, and default of the cipherlist
|
||
string.
|
||
Several cipher strings may be given, separated by ':'.
|
||
Some simple cipher strings:
|
||
3DES Uses a cipher suite with triple DES.
|
||
MD5 Uses a cipher suite with MD5.
|
||
aNULL Uses a cipher suite without authentication.
|
||
NULL Does not use encryption.
|
||
HIGH Uses a cipher suite with "high" encryption.
|
||
Note that the peer must support the selected property, or the negotiation
|
||
will fail.
|
||
|
||
|
||
Option: openssl-method=string
|
||
Aliases: method=string
|
||
|
||
Type: STRING
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Sets the protocol version to be used. Valid strings (not case sensitive) are:
|
||
SSLv2 Select SSL protocol version 2.
|
||
SSLv3 Select SSL protocol version 3.
|
||
SSLv23 Select SSL protocol version 2 or 3. This is the default when
|
||
this option is not provided.
|
||
TLSv1 Select TLS protocol version 1.
|
||
|
||
|
||
Option: openssl-verify=bool
|
||
Aliases: verify=bool
|
||
|
||
Type: BOOL
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Controls check of the peer's certificate. Default is 1 (true). Disabling
|
||
verify might open your socket for everyone!
|
||
|
||
|
||
Option: openssl-certificate=file
|
||
Aliases: cert=file
|
||
|
||
Type: FILENAME
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Specifies the file with the certificate. The certificate must be
|
||
in OpenSSL format (*.pem). With openssl-listen, this option is strongly
|
||
recommended: except with cipher aNULL, "no shared ciphers" error might
|
||
occur when no certificate is given.
|
||
|
||
|
||
Option: openssl-key=file
|
||
Aliases: key
|
||
|
||
Type: FILENAME
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Specifies the file with the private key. The private key may be in this
|
||
file or in the file given with the ref(cert) option. The party that has
|
||
to proof that it is the owner of a certificate needs the private key.
|
||
|
||
|
||
Option: openssl-cafile=file
|
||
Aliases: cafile
|
||
|
||
Type: FILENAME
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Specifies the file with the trusted (root) authority certificates. The file
|
||
must be in PEM format and should contain one or more certificates.
|
||
|
||
|
||
Option: openssl-capath=directory
|
||
Aliases: capath
|
||
|
||
Type: FILENAME
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
Specify the directory with the trusted (root) certificates. The directory
|
||
must contain certificates in PEM format and their hashes (see OpenSSL
|
||
documentation)
|
||
|
||
|
||
Option: openssl-egd=file
|
||
Aliases: egd
|
||
|
||
Type: FILENAME
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
On some systems, openssl requires an explicit source of random data. Specify
|
||
the socket name where an entropy gathering daemon like egd provides random
|
||
data, e.g. /dev/egd-pool.
|
||
|
||
|
||
Option: openssl-pseudo
|
||
Aliases: pseudo
|
||
|
||
Type: BOOL
|
||
Option group: OPENSSL
|
||
Phase: SPEC
|
||
Platforms: (depends on openssl installation)
|
||
|
||
On systems where openssl cannot find an entropy source and where no entropy
|
||
gathering daemon can be utilized, this option activates a mechanism for
|
||
providing pseudo entropy. This is archieved by taking the current time in
|
||
microseconds for feeding the libc pseudo random number generator with an
|
||
initial value. openssl is then feeded with output from random calls.
|
||
NOTE:This mechanism is not sufficient for generation of secure keys!
|
||
|
||
|
||
Option: openssl-fips
|
||
Aliases: fips
|
||
|
||
Type: BOOL
|
||
Option group: BOOL
|
||
Phase: SPEC
|
||
Platforms: (depends on OpenSSL installation and FIPS implementation)
|
||
|
||
Enables FIPS mode if compiled in. For info about the FIPS encryption
|
||
implementation standard see http://oss-institute.org/fips-faq.html.
|
||
This mode might require that the involved certificates are generated with a
|
||
FIPS enabled version of openssl. Setting or clearing this option on one
|
||
socat address affects all OpenSSL addresses of this process.
|
||
|
||
|
||
===============================================================================
|
||
Application specific address options
|
||
|
||
|
||
Option: ignoreeof
|
||
Aliases: ignoreof
|
||
|
||
Type: BOOL
|
||
Option group: APPL
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
This option has to be supported by the application. For socat it means that an
|
||
EOF condition on this data source does not trigger termination procedures, but
|
||
instead the read/write loop waits for one second and then tries to read more
|
||
input data. This behaviour emulates "tail -f" and might not be useful for all
|
||
kinds of input devices, but regular files and /dev/null are good candidates.
|
||
Termination of socat then can only occur by EOF condition of the other input
|
||
device, an error, or by external events.
|
||
|
||
|
||
Option: cr
|
||
|
||
Type: CONST
|
||
Option group: APPL
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
The appropriate data endpoint uses CR ('\r', 0x0d) as line terminator
|
||
character. Convert data to and from this stream appropriately.
|
||
This is useful for, e.g., modems.
|
||
|
||
|
||
Option: crnl
|
||
Aliases: crlf
|
||
|
||
Type: CONST
|
||
Option group: APPL
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
The appropriate data endpoint uses CR+LF ("\r\n", 0x0d0a ) as line terminator
|
||
string. Convert data to and from this stream appropriately.
|
||
This is useful for, e.g., TCP protocols like SMTP and FTP.
|
||
|
||
|
||
Option: readbytes=num
|
||
Aliases: bytes
|
||
|
||
Type: SIZE_T
|
||
Option group: APPL
|
||
Phase: LATE
|
||
Platforms: all
|
||
|
||
socat reads only so many bytes from this address (the address provides
|
||
only so many bytes for transfer and pretends to be at EOF afterwards).
|
||
|
||
|
||
Option: lockfile=filename
|
||
|
||
Type: FILENAME
|
||
Option group: APPL
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
If lockfile exists, exits with error. If lockfile does not exist, creates it
|
||
and continues; removes lockfile on exit.
|
||
|
||
|
||
Option: waitlock=filename
|
||
|
||
Type: FILENAME
|
||
Option group: APPL
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
If lockfile exists, waits until it disappears. When lockfile does not exist,
|
||
creates it and continues; removes lockfile on exit.
|
||
|
||
===============================================================================
|
||
RETRY options
|
||
|
||
Option: retry=<num>
|
||
|
||
Type: UINT
|
||
Option group: RETRY
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Number of retries before the connection or listen attempt is aborted.
|
||
Default is 0, which means just one attempt.
|
||
|
||
|
||
Option: interval=<double>
|
||
|
||
Type: TIMESPEC
|
||
Option group: RETRY
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Time between consecutive attempts (seconds). Default is 1 second.
|
||
|
||
|
||
Option: forever
|
||
|
||
Type: BOOL
|
||
Option group: RETRY
|
||
Phase: INIT
|
||
Platforms: all
|
||
|
||
Performs an unlimited number of retry attempts.
|
||
|
||
===============================================================================
|
||
EXT2 options
|
||
|
||
Option: ext2-secrm=<bool>
|
||
Aliases: secrm=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the secrm file attribute on the file.
|
||
|
||
|
||
Option: ext2-unrm=<bool>
|
||
Aliases: unrm=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the unrm file attribute on the file.
|
||
|
||
|
||
Option: ext2-compr=<bool>
|
||
Aliases: compr=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the compr file attribute on the file.
|
||
|
||
|
||
Option: ext2-sync=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the sync file attribute on the file.
|
||
|
||
|
||
Option: ext2-immutable=<bool>
|
||
Aliases: immutable=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the immutable file attribute on the file.
|
||
|
||
|
||
Option: ext2-append=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: all
|
||
|
||
Sets the append file attribute on the file.
|
||
|
||
|
||
Option: ext2-nodump=<bool>
|
||
Aliases: nodump=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the nodump file attribute on the file.
|
||
|
||
|
||
Option: ext2-noatime=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the noatime file attribute on the file.
|
||
|
||
|
||
Option: ext2-journal-data=<bool>
|
||
Aliases: journal-data=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the journal-data file attribute on the file.
|
||
|
||
|
||
Option: ext2-notail=<bool>
|
||
Aliases: notail=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: none
|
||
|
||
Sets the notail file attribute on the file.
|
||
|
||
|
||
Option: ext2-dirsync=<bool>
|
||
Aliases: dirsync=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the dirsync file attribute on the file.
|
||
|
||
|
||
Option: ext2-topdir=<bool>
|
||
Aliases: topdir=<bool>
|
||
|
||
Type: BOOL
|
||
Option group: REG
|
||
Phase: FD
|
||
Platforms: Linux
|
||
|
||
Sets the topdir file attribute on the file.
|
||
|
||
|
||
===============================================================================
|
||
|
||
Appendix: generating a sandbox (chroot environment)
|
||
|
||
While it is possible to generate a sandbox almost anywhere in the file system,
|
||
I recommend to use a file system that has been mounted with restrictions,
|
||
especially nosuid and maybe nodev, or even ro.
|
||
|
||
You may mount a dedicated file system for the sandbox, so it gets a little
|
||
harder for the guests to determine for sure if they are within a sandbox when
|
||
using "ls -id /"
|
||
|
||
The following desribes typical steps for generating a sandbox. Depending on
|
||
your operating system, application, and security requirements, your mileage may
|
||
vary. With the below steps, you will be able to run some check programs to play
|
||
around with the sandbox.
|
||
|
||
I Installation
|
||
1) Create a sandbox group - but give it and all following "sandbox" ids a more
|
||
cryptic name!
|
||
2) Create a sandbox user, only in sandbox group. If this user must never login,
|
||
give it a useless shell like /bin/false
|
||
3) Check the sandbox home directory (e.g. /home/sandbox) and save and remove
|
||
all .profile, public_html/ etc.
|
||
4) Optionally mount a new file system over the new home directory
|
||
5) Generate subdirectories bin, lib, etc, usr, usr/bin, usr/lib.
|
||
Set their permissions and ownership equal to the original directories (or use
|
||
only root.root)
|
||
6) Generate subdirectory home/sandbox (or similarly; like sandbox home)
|
||
7) Generate etc/passwd with users sandbox and root, but do not store original
|
||
password hashes there!
|
||
8) Generate etc/group with only groups sandbox and root (or system on AIX)
|
||
9) Copy test programs and utilities to bin, e.g. su, id, ls, mount, strace (but
|
||
without SUID/SGID)
|
||
10) Copy the required shared libraries and the shared library loader to their
|
||
directories.
|
||
On Linux, e.g. /lib/ld-linux.so.2, /lib/libnss_compat.so.2
|
||
Note: it is often difficult to find out what shared libraries are (still) not
|
||
installed in the sandbox. The programs invoked in the sandbox typically do not
|
||
give useful error messages. If chroot's exec call gives an error like "no such
|
||
file or directory", and you do not know if it even found the program itself,
|
||
then remove the test programs execute permission; the error message should
|
||
change to "execute permission denied" or so. Redo the execute permissions and
|
||
look for the shared libraries...
|
||
List required libraries of a program:
|
||
Linux: ldd <program>
|
||
AIX: xdb <program>
|
||
map
|
||
|
||
11) For testing purposes, install id, ls, su, mount, strace, and maybe sh in
|
||
the sandbox. Test it.
|
||
|
||
II Customization
|
||
12) Copy your applications, configuration files, and data to the appropriate
|
||
directories within the sandbox.
|
||
Test function of the application in the sandbox, and add missing files and
|
||
libraries. If an application program gets killed immediately after start, it
|
||
might miss a shared library.
|
||
|
||
III Cleanup, check
|
||
13) Implement your own tricks how to improve security of the sandbox
|
||
14) Remove test programs like bin/sh, id, ls, mount, strace
|
||
|
||
|
||
===============================================================================
|
||
socket types, modes and their security features:
|
||
IP.v4.TCP.connect
|
||
IP.v4.TCP.listen range tcpwrap srcport lowport
|
||
IP.v4.UDP.connect
|
||
IP.v4.UDP.listen range tcpwrap srcport lowport
|
||
IP.v4.UDP.sendto
|
||
IP.v4.UDP.recvfrom range tcpwrap srcport lowport
|
||
IP.v4.UDP.recv range tcpwrap srcport lowport
|
||
IP.v4.raw.sendto
|
||
IP.v4.raw.recvfrom range tcpwrap
|
||
IP.v4.raw.recv range tcpwrap
|
||
IP.v6.TCP.connect
|
||
IP.v6.TCP.listen range tcpwrap srcport lowport
|
||
IP.v6.UDP.connect
|
||
IP.v6.UDP.listen range tcpwrap srcport lowport
|
||
IP.v6.UDP.sendto
|
||
IP.v6.UDP.recvfrom range tcpwrap srcport lowport
|
||
IP.v6.UDP.recv range tcpwrap srcport lowport
|
||
IP.v6.raw.sendto
|
||
IP.v6.raw.recvfrom range tcpwrap
|
||
IP.v6.raw.recv srcport lowport
|
||
UNIX.stream.connect
|
||
UNIX.stream.listen
|
||
UNIX.dgram.sendto
|
||
UNIX.dgram.recvfrom
|
||
UNIX.dgram.recv
|
||
OPENSSL.connect
|
||
OPENSSL.TCP4.listen range tcpwrap srcport lowport
|
||
OPENSSL.TCP6.listen range tcpwrap srcport lowport
|
||
|
||
===============================================================================
|
||
Missing features and Caveats:
|
||
|
||
. no support for SIGIO mechanism
|
||
. no support for socket ancillary messages
|
||
. Probably many ioctls not implemented due to missing documentation
|
||
. only limited implementation of raw sockets and interfaces,
|
||
. no support for high level sockets beyond UNIX, INET, and INET6 domains
|