SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from openSUSE Tumbleweed socat-1.7.3.2-62.7.x86_64.rpm

socat

Section: (1)
Updated:
Index

 

NAME

socat - Multipurpose relay (SOcket CAT)

 

SYNOPSIS

socat [options] <address> <address>
socat -V
socat -h[h[h]] | -?[?[?]]
filan
procan

 

DESCRIPTION

Socat is a command line based utility that establishes two bidirectional bytestreams and transfers data between them. Because the streams can be constructedfrom a large set of different types of data sinks and sources (see address types), and because lots ofaddress options may be applied to the streams, socat canbe used for many different purposes.

Filan is a utility that prints information about its active filedescriptors to stdout. It has been written for debugging socat, but might beuseful for other purposes too. Use the -h option to find more infos.

Procan is a utility that prints information about process parameters tostdout. It has been written to better understand some UNIX process properties and for debugging socat, but might be useful for other purposes too.

The life cycle of a socat instance typically consists of four phases.

In the init phase, the command line options are parsed and logging isinitialized.

During the open phase, socat opens the first address and afterwards thesecond address. These steps are usually blocking; thus, especially for complex address types like socks,connection requests or authentication dialogs must be completed before the nextstep is started.

In the transfer phase, socat watches both streamscq read and write filedescriptors via select(), and, when data is available on one side andcan be written to the other side, socat reads it, performs newlinecharacter conversions if required, and writes the data to the write filedescriptor of the other stream, then continues waiting for more data in bothdirections.

When one of the streams effectively reaches EOF, the closing phasebegins. Socat transfers the EOF condition to the other stream,i.e. tries to shutdown only its write stream, giving it a chance toterminate gracefully. For a defined time socat continues to transfer data inthe other direction, but then closes all remaining channels and terminates.

 

OPTIONS

Socat provides some command line options that modify the behaviour of theprogram. They have nothing to do with so calledaddress options that are used as parts of address specifications.

-V
Print version and available feature information to stdout, and exit.
-h | -?
Print a help text to stdout describing command line options and available addresstypes, and exit.
-hh | -??
Like -h, plus a list of the short names of all available address options. Some options areplatform dependend, so this output is helpful for checking the particularimplementation.
-hhh | -???
Like -hh, plus a list of all available address option names.
-d
Without this option, only fatal and error messages are generated; applyingthis option also prints warning messages. See DIAGNOSTICSfor more information.
-d -d
Prints fatal, error, warning, and notice messages.
-d -d -d
Prints fatal, error, warning, notice, and info messages.
-d -d -d -d
Prints fatal, error, warning, notice, info, and debugmessages.
-D
Logs information about file descriptors before starting the transfer phase.
-ly[<facility>]
Writes messages to syslog instead of stderr; severity as defined with -doption. With optional <facility>, the syslog type canbe selected, default is dqdaemondq. Third party libraries might not obey thisoption.
-lf <logfile>
Writes messages to <logfile> [filename] instead ofstderr. Some third party libraries, in particular libwrap, might not obeythis option.
-ls
Writes messages to stderr (this is the default). Some third party libraries might not obey this option, in particular libwrap appears to only log tosyslog.
-lp<progname>
Overrides the program name printed in error messages and used forconstructing environment variable names.
-lu
Extends the timestamp of error messages to microsecond resolution. Does notwork when logging to syslog.
-lm[<facility>]
Mixed log mode. During startup messages are printed to stderr; when socat starts the transfer phase loop or daemon mode (i.e. after opening allstreams and before starting data transfer, or, with listening sockets withfork option, before the first accept call), it switches logging to syslog. With optional <facility>, the syslog type can beselected, default is dqdaemondq.
-lh
Adds hostname to log messages. Uses the value from environment variableHOSTNAME or the value retrieved with uname() if HOSTNAME is not set.
-v
Writes the transferred data not only to their target streams, but also tostderr. The output format is text with some conversions for readability, andprefixed with dq> dq or dq< dq indicating flow directions.
-x
Writes the transferred data not only to their target streams, but also tostderr. The output format is hexadecimal, prefixed with dq> dq or dq< dqindicating flow directions. Can be combined with -v.
-b<size>
Sets the data transfer block <size> [size_t].At most <size> bytes are transferred per step. Default is 8192 bytes.
-s
By default, socat terminates when an error occurred to prevent the processfrom running when some option could not be applied. With thisoption, socat is sloppy with errors and tries to continue. Even with thisoption, socat will exit on fatals, and will abort connection attempts whensecurity checks failed.
-t<timeout>
When one channel has reached EOF, the write part of the other channel is shutdown. Then, socat waits <timeout> [timeval] secondsbefore terminating. Default is 0.5 seconds. This timeout only applies toaddresses where write and read part can be closed independently. When duringthe timeout interval the read part gives EOF, socat terminates withoutawaiting the timeout.
-T<timeout>
Total inactivity timeout: when socat is already in the transfer loop andnothing has happened for <timeout> [timeval] seconds(no data arrived, no interrupt occurred...) then it terminates.Useful with protocols like UDP that cannot transfer EOF.
-u
Uses unidirectional mode. The first address is only used for reading, and thesecond address is only used for writing (example).
-U
Uses unidirectional mode in reverse direction. The first address is onlyused for writing, and the second address is only used for reading.
-g
During address option parsing, doncqt check if the option is considereduseful in the given address environment. Use it if you want to force, e.g.,appliance of a socket option to a serial device.
-L<lockfile>
If lockfile exists, exits with error. If lockfile does not exist, creates itand continues, unlinks lockfile on exit.
-W<lockfile>
If lockfile exists, waits until it disappears. When lockfile does not exist,creates it and continues, unlinks lockfile on exit.
-4
Use IP version 4 in case that the addresses do not implicitly or explicitlyspecify a version; this is the default.
-6
Use IP version 6 in case that the addresses do not implicitly or explicitlyspecify a version.

 

ADDRESS SPECIFICATIONS

With the address command line arguments, the user gives socat instructions andthe necessary information for establishing the byte streams.

An address specification usually consists of an address typekeyword, zero or more required address parameters separated by cq:cq from the keyword andfrom each other, and zero or more address options separated by cq,cq.

The keyword specifies the address type (e.g., TCP4, OPEN, EXEC). For somekeywords there exist synonyms (cq-cq for STDIO, TCP for TCP4). Keywords are caseinsensitive.For a few special address types, the keyword may be omitted:Address specifications starting with a number are assumed to be FD (raw filedescriptor) addresses; if a cq/cq is found before the first cq:cq or cq,cq, GOPEN (generic file open) isassumed.

The required number and type of address parameters depend on the addresstype. E.g., TCP4 requires a server specification (name or address), and a portspecification (number or service name).

Zero or more address options may be given with each address. They influence theaddress in some ways. Options consist of an option keyword or an option keyword and a value,separated by cq=cq. Option keywords are case insensitive.For filtering the options that are useful with an addresstype, each option is member of one option group. Foreach address type there is a set of option groups allowed. Only optionsbelonging to one of these address groups may be used (except with option -g).

Address specifications following the above schema are also called singleaddress specifications.Two single addresses can be combined with dq!!dq to form a dual typeaddress for one channel. Here, the first address is used by socat for readingdata, and the second address for writing data. There is no way to specify an option only oncefor being applied to both single addresses.

Usually, addresses are opened in read/writemode. When an address is part of a dual address specification, or whenoption -u or -U is used, an address might beused only for reading or for writing. Considering this is important with someaddress types.

With socat version 1.5.0 and higher, the lexical analysis tries to handlequotes and parenthesis meaningfully and allows escaping of special characters. If one of the characters ( { [ cq is found, the corresponding closing character - ) } ] cq - is looked for; they may also be nested. Within theseconstructs, socats special characters and strings : , !! are not handledspecially. All those characters and strings can be escaped with \ or within dqdq

 

ADDRESS TYPES

This section describes the available address types with their keywords,parameters, and semantics.

CREATE:<filename>
Opens <filename> with creat()and uses the filedescriptor for writing. This address type requires write-only context, because a file opened withcreatcannot be read from.
Flags like O_LARGEFILE cannot be applied. If you need them useOPEN with optionscreate,create.
<filename> must be a valid existing or not existing path.If <filename> is a named pipe, creat()might block;if <filename> refers to a socket, this is an error.
Option groups: FD,REG,NAMED
Useful options:mode,user,group,unlink-early,unlink-late,append
See also: OPEN, GOPEN
EXEC:<command-line>
Forks a sub process that establishes communication with its parent processand invokes the specified program with execvp().<command-line> is a simple commandwith arguments separated by single spaces. If the program namecontains a cq/cq, the part after the last cq/cq is taken as ARGV[0]. If theprogram name is a relative path, the execvp()semantics for finding the program via$PATHapply. After successful program start, socat writes data to stdin of theprocess and reads from its stdout using a UNIX domain socket generated bysocketpair()per default. (example)
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options:path,fdin,fdout,chroot,su,su-d,nofork,pty,stderr,ctty,setsid,pipes,login,sigint,sigquit
See also: SYSTEM
FD:<fdnum>
Uses the file descriptor <fdnum>. It must already exist asvalid UN*X file descriptor.
Option groups: FD (TERMIOS,REG,SOCKET)
See also:STDIO,STDIN,STDOUT,STDERR
GOPEN:<filename>
(Generic open) This address type tries to handle any file system entryexcept directories usefully. <filename> may be arelative or absolute path. If it already exists, its type is checked. In case of a UNIX domain socket, socat connects; if connecting fails,socat assumes a datagram socket and uses sendto()calls.If the entry is not a socket, socat opens it applying the O_APPENDflag. If it does not exist, it is opened with flagO_CREATas a regular file (example).
Option groups: FD,REG,SOCKET,NAMED,OPEN
See also:OPEN,CREATE,UNIX-CONNECT
IP-SENDTO:<host>:<protocol>
Opens a raw IP socket. Depending on host specification or option pf, IP protocol version4 or 6 is used. It uses <protocol> to send packetsto <host> [IP address] and receives packets fromhost, ignores packets from other hosts. Protocol 255 uses the raw socket with the IP header being part of thedata.
Option groups: FD,SOCKET,IP4,IP6
Useful options:pf,ttl
See also:IP4-SENDTO,IP6-SENDTO,IP-RECVFROM,IP-RECV,UDP-SENDTO,UNIX-SENDTO
INTERFACE:<interface>
Communicates with a network connected on an interface using raw packetsincluding link level data. <interface> is the name ofthe network interface. Currently only available on Linux.Option groups: FD,SOCKET
Useful options:pf,type
See also: ip-recv
IP4-SENDTO:<host>:<protocol>
Like IP-SENDTO, but always uses IPv4.
Option groups: FD,SOCKET,IP4
IP6-SENDTO:<host>:<protocol>
Like IP-SENDTO, but always uses IPv6.
Option groups: FD,SOCKET,IP6

IP-DATAGRAM:<address>:<protocol>
Sends outgoing data to the specified address which may in particular be abroadcast or multicast address. Packets arriving on the local socket arechecked if their source addresses matchRANGE or TCPWRAPoptions. This address type can for example be used for implementingsymmetric or asymmetric broadcast or multicast communications.
Option groups: FD, SOCKET,IP4, IP6, RANGE
Useful options:bind,range,tcpwrap,broadcast,ip-multicast-loop,ip-multicast-ttl,ip-multicast-if,ip-add-membership,ttl,tos,pf
See also:IP4-DATAGRAM,IP6-DATAGRAM,IP-SENDTO,IP-RECVFROM,IP-RECV,UDP-DATAGRAM
IP4-DATAGRAM:<host>:<protocol>
Like IP-DATAGRAM, but always uses IPv4.(example)
Option groups: FD,SOCKET,IP4,RANGE
IP6-DATAGRAM:<host>:<protocol>
Like IP-DATAGRAM, but always uses IPv6. Pleasenote that IPv6 does not know broadcasts.
Option groups: FD,SOCKET,IP6,RANGE

IP-RECVFROM:<protocol>
Opens a raw IP socket of <protocol>. Depending on option pf, IP protocol version4 or 6 is used. It receives one packet from an unspecified peer and may send one or more answer packets to that peer.This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.This allows a behaviour similar to typical UDP based servers like ntpd ornamed.
Please note that the reply packets might be fetched as incoming traffic whensender and receiver IP address are identical because there is no port numberto distinguish the sockets.
This address works well with IP-SENDTO address peers (see above).Protocol 255 uses the raw socket with the IP header being part of thedata.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options:pf,fork,range,ttl,broadcast
See also:IP4-RECVFROM,IP6-RECVFROM,IP-SENDTO,IP-RECV,UDP-RECVFROM,UNIX-RECVFROM
IP4-RECVFROM:<protocol>
Like IP-RECVFROM, but always uses IPv4.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
IP6-RECVFROM:<protocol>
Like IP-RECVFROM, but always uses IPv6.
Option groups: FD,SOCKET,IP6,CHILD,RANGE

IP-RECV:<protocol>
Opens a raw IP socket of <protocol>. Depending on option pf, IP protocol version4 or 6 is used. It receives packets from multiple unspecified peers and merges the data.No replies are possible.It can be, e.g., addressed by socat IP-SENDTO address peers.Protocol 255 uses the raw socket with the IP header being part of thedata.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options:pf,range
See also:IP4-RECV,IP6-RECV,IP-SENDTO,IP-RECVFROM,UDP-RECV,UNIX-RECV
IP4-RECV:<protocol>
Like IP-RECV, but always uses IPv4.
Option groups: FD,SOCKET,IP4,RANGE
IP6-RECV:<protocol>
Like IP-RECV, but always uses IPv6.
Option groups: FD,SOCKET,IP6,RANGE

OPEN:<filename>
Opens <filename> using the open()system call(example).This operation fails on UNIX domain sockets.
Note: This address type is rarely useful in bidirectional mode.
Option groups: FD,REG,NAMED,OPEN
Useful options:creat,excl,noatime,nofollow,append,rdonly,wronly,lock,readbytes,ignoreeof
See also:CREATE,GOPEN,UNIX-CONNECT
OPENSSL:<host>:<port>
Tries to establish a SSL connection to <port> [TCPservice] on <host> [IP address] using TCP/IP version 4 or 6depending on address specification, name resolution, or optionpf.
NOTE: Up to version 1.7.2.4the server certificate was only checked for validity against the systemcertificate store or cafile orcapath,but not for match with the servercqs name or its IP address.Since version 1.7.3.0 socat checks the peer certificate for match with the<host> parameter or the value of the openssl-commonname option.Socat tries to match it against the certificates subject commonName,and the certifications extension subjectAltName DNS names. Wildcards in thecertificate are supported.
Option groups: FD,SOCKET,IP4,IP6,TCP,OPENSSL,RETRY
Useful options:cipher,method,verify,commonnamecafile,capath,certificate,key,compress,bind,pf,connect-timeout,sourceport,retry
See also:OPENSSL-LISTEN,TCP
OPENSSL-LISTEN:<port>
Listens on tcp <port> [TCP service].The IP version is 4 or the one specified withpf. When aconnection is accepted, this address behaves as SSL server.
Note: You probably want to use the certificate option with this address.
NOTE: The client certificate is only checked for validity againstcafile or capath,but not for match with the clientcqs name or its IP address!
Option groups: FD,SOCKET,IP4,IP6,TCP,LISTEN,OPENSSL,CHILD,RANGE,RETRY
Useful options:pf,cipher,method,verify,commonnamecafile,capath,certificate,key,compress,fork,bind,range,tcpwrap,su,reuseaddr,retry
See also:OPENSSL,TCP-LISTEN
PIPE:<filename>
If <filename> already exists, it is opened.If it does not exist, a named pipe is created and opened. Beginning withsocat version 1.4.3, the named pipe is removed when the address is closed(but see option unlink-close
Note: When a pipe is used for both reading and writing, it worksas echo service.
Note: When a pipe is used for both reading and writing, and socat triesto write more bytes than the pipe can buffer (Linux 2.4: 2048 bytes), socatmight block. Consider using socat option, e.g., -b 2048
Option groups: FD,NAMED,OPEN
Useful options:rdonly,nonblock,group,user,mode,unlink-early
See also: unnamed pipe
PIPE
Creates an unnamed pipe and uses it for reading and writing. It works as anecho, because everything written to it appeares immediately as read data.
Note: When socat tries to write more bytes than the pipe can queue (Linux2.4: 2048 bytes), socat might block. Consider, e.g., usingoption -b 2048
Option groups: FD
See also: named pipe
PROXY:<proxy>:<hostname>:<port>
Connects to an HTTP proxy server on port 8080 using TCP/IP version 4 or 6depending on address specification, name resolution, or optionpf, and sends a CONNECTrequest for hostname:port. If the proxy grants access and succeeds toconnect to the target, data transfer between socat and the target canstart. Note that the traffic need not be HTTP but can be an arbitraryprotocol.
Option groups: FD,SOCKET,IP4,IP6,TCP,HTTP,RETRY
Useful options:proxyport,ignorecr,proxyauth,resolve,crnl,bind,connect-timeout,mss,sourceport,retry
See also: SOCKS, TCP
PTY
Generates a pseudo terminal (pty) and uses its master side. Another processmay open the ptycqs slave side using it like a serial line or terminal.(example). Ifboth the ptmx and the openpty mechanisms are available, ptmx is used(POSIX).
Option groups: FD,NAMED,PTY,TERMIOS
Useful options:link,openpty,wait-slave,mode,user,group
See also:UNIX-LISTEN,PIPE,EXEC, SYSTEM
READLINE
Uses GNU readline and history on stdio to allow editing and reusing inputlines (example). This requires the GNU readline and history libraries. Note that stdio should be a (pseudo) terminal device,otherwise readline does not seem to work.
Option groups: FD,READLINE,TERMIOS
Useful options:history,noecho
See also:STDIO
SCTP-CONNECT:<host>:<port>
Establishes an SCTP stream connection to the specified <host> [IPaddress] and <port> [TCP service]using TCP/IP version 4 or 6 depending on address specification, nameresolution, or option pf.
Option groups: FD,SOCKET,IP4,IP6,SCTP,CHILD,RETRY
Useful options:bind,pf,connect-timeout,tos,mtudiscover,sctp-maxseg,sctp-nodelay,nonblock,sourceport,retry,readbytes
See also:SCTP4-CONNECT,SCTP6-CONNECT,SCTP-LISTEN,TCP-CONNECT
SCTP4-CONNECT:<host>:<port>
Like SCTP-CONNECT, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,SCTP,CHILD,RETRY
SCTP6-CONNECT:<host>:<port>
Like SCTP-CONNECT, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,SCTP,CHILD,RETRY
SCTP-LISTEN:<port>
Listens on <port> [TCP service] and accepts aTCP/IP connection. The IP version is 4 or the one specified withaddress option pf, socat option(-4, -6), or environment variable SOCAT_DEFAULT_LISTEN_IP.Note that openingthis address usually blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,SCTP,RETRY
Useful options:crnl,fork,bind,range,tcpwrap,pf,max-children,backlog,sctp-maxseg,sctp-nodelay,su,reuseaddr,retry,cool-write
See also:SCTP4-LISTEN,SCTP6-LISTEN,TCP-LISTEN,SCTP-CONNECT
SCTP4-LISTEN:<port>
Like SCTP-LISTEN, but only supports IPv4protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,SCTP,RETRY
SCTP6-LISTEN:<port>
Like SCTP-LISTEN, but only supports IPv6protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,SCTP,RETRY
SOCKET-CONNECT:<domain>:<protocol>:<remote-address>
Creates a stream socket using the first and second given socket parametersand SOCK_STREAM (see man socket(2)) and connects to the remote-address.The two socket parameters have to be specified by intnumbers. Consult your OS documentation and include files to find theappropriate values. The remote-address must be the datarepresentation of a sockaddr structure without sa_family and (BSD) sa_lencomponents.
Please note that you can - beyond the options of the specified groups - alsouse options of higher level protocols when you apply socat option-g.
Option groups: FD,SOCKET,CHILD,RETRY
Useful options:bind,setsockopt-int,setsockopt-bin,setsockopt-string
See also:TCP,UDP-CONNECT,UNIX-CONNECT,SOCKET-LISTEN,SOCKET-SENDTO
SOCKET-DATAGRAM:<domain>:<type>:<protocol>:<remote-address>
Creates a datagram socket using the first three given socket parameters (seeman socket(2)) and sends outgoing data to the remote-address. The threesocket parameters have to be specified by intnumbers. Consult your OS documentation and include files to find theappropriate values. The remote-address must be the datarepresentation of a sockaddr structure without sa_family and (BSD) sa_lencomponents.
Please note that you can - beyond the options of the specified groups - alsouse options of higher level protocols when you apply socat option-g.
Option groups: FD,SOCKET,RANGE
Useful options:bind,range,setsockopt-int,setsockopt-bin,setsockopt-string
See also:UDP-DATAGRAM,IP-DATAGRAM,SOCKET-SENDTO,SOCKET-RECV,SOCKET-RECVFROM
SOCKET-LISTEN:<domain>:<protocol>:<local-address>
Creates a stream socket using the first and second given socket parametersand SOCK_STREAM (see man socket(2)) and waits for incoming connectionson local-address. The two socket parameters have to be specified byint numbers. Consult your OS documentation and include filesto find the appropriate values. The local-address must be thedata representation of a sockaddr structure withoutsa_family and (BSD) sa_len components.
Please note that you can - beyond the options of the specified groups - alsouse options of higher level protocols when you apply socat option-g.
Option groups: FD,SOCKET,LISTEN,RANGE,CHILD,RETRY
Useful options:setsockopt-int,setsockopt-bin,setsockopt-string
See also:TCP,UDP-CONNECT,UNIX-CONNECT,SOCKET-LISTEN,SOCKET-SENDTO,SOCKET-SENDTO
SOCKET-RECV:<domain>:<type>:<protocol>:<local-address>
Creates a socket using the three given socket parameters (see man socket(2))and binds it to <local-address>. Receives arriving data. The threeparameters have to be specified by int numbers. Consult yourOS documentation and include files to find the appropriate values. Thelocal-address must be the data representation of a sockaddrstructure without sa_family and (BSD) sa_len components.
Option groups: FD,SOCKET,RANGE
Useful options:range,setsockopt-int,setsockopt-bin,setsockopt-string
See also:UDP-RECV,IP-RECV,UNIX-RECV,SOCKET-DATAGRAM,SOCKET-SENDTO,SOCKET-RECVFROM
SOCKET-RECVFROM:<domain>:<type>:<protocol>:<local-address>
Creates a socket using the three given socket parameters (see man socket(2))and binds it to <local-address>. Receives arriving data and sends repliesback to the sender. The first three parameters have to be specified asint numbers. Consult your OS documentation and include filesto find the appropriate values. The local-address must be thedata representation of a sockaddr structure withoutsa_family and (BSD) sa_len components.
Option groups: FD,SOCKET,CHILD,RANGE
Useful options:fork,range,setsockopt-int,setsockopt-bin,setsockopt-string
See also:UDP-RECVFROM,IP-RECVFROM,UNIX-RECVFROM,SOCKET-DATAGRAM,SOCKET-SENDTO,SOCKET-RECV
SOCKET-SENDTO:<domain>:<type>:<protocol>:<remote-address>
Creates a socket using the three given socket parameters (see mansocket(2)). Sends outgoing data to the given address and receives replies.The three parameters have to be specified as intnumbers. Consult your OS documentation and include files to find theappropriate values. The remote-address must be the datarepresentation of a sockaddr structure without sa_family and (BSD) sa_lencomponents.
Option groups: FD,SOCKET
Useful options:bind,setsockopt-int,setsockopt-bin,setsockopt-string
See also:UDP-SENDTO,IP-SENDTO,UNIX-SENDTO,SOCKET-DATAGRAM,SOCKET-RECVSOCKET-RECVFROM
SOCKS4:<socks-server>:<host>:<port>
Connects via <socks-server> [IP address]to <host> [IPv4 address]on <port> [TCP service],using socks version 4 protocol over IP version 4 or 6 depending on address specification, name resolution, or optionpf (example).
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
Useful options:socksuser,socksport,sourceport,pf,retry
See also:SOCKS4A,PROXY,TCP
SOCKS4A:<socks-server>:<host>:<port>
like SOCKS4, but uses socks protocol version 4a, thusleaving host name resolution to the socks server.
Option groups: FD,SOCKET,IP4,IP6,TCP,SOCKS4,RETRY
STDERR
Uses file descriptor 2.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
STDIN
Uses file descriptor 0.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options:readbytes
See also: FD
STDIO
Uses file descriptor 0 for reading, and 1 for writing.
Option groups: FD (TERMIOS,REG,SOCKET)
Useful options:readbytes
See also: FD
STDOUT
Uses file descriptor 1.
Option groups: FD (TERMIOS,REG,SOCKET)
See also: FD
SYSTEM:<shell-command>
Forks a sub process that establishes communication with its parent processand invokes the specified program with system(). Please note that<shell-command> [string] must not contain cq,cq or dq!!dq, and that shell meta characters may have to beprotected.After successful program start, socat writes data to stdin of the process and reads from its stdout.
Option groups: FD,SOCKET,EXEC,FORK,TERMIOS
Useful options:path,fdin,fdout,chroot,su,su-d,nofork,pty,stderr,ctty,setsid,pipes,sigint,sigquit
See also: EXEC
TCP:<host>:<port>
Connects to <port> [TCP service] on<host> [IP address] using TCP/IP version 4 or 6depending on address specification, name resolution, or optionpf.
Option groups: FD,SOCKET,IP4,IP6,TCP,RETRY
Useful options:crnl,bind,pf,connect-timeout,tos,mtudiscover,mss,nodelay,nonblock,sourceport,retry,readbytes
See also:TCP4,TCP6,TCP-LISTEN,UDP,SCTP-CONNECT,UNIX-CONNECT
TCP4:<host>:<port>
Like TCP, but only supports IPv4 protocol (example).
Option groups: FD,SOCKET,IP4,TCP,RETRY
TCP6:<host>:<port>
Like TCP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,TCP,RETRY
TCP-LISTEN:<port>
Listens on <port> [TCP service] and accepts aTCP/IP connection. The IP version is 4 or the one specified withaddress option pf, socat option(-4, -6), or environment variable SOCAT_DEFAULT_LISTEN_IP.Note that openingthis address usually blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,TCP,RETRY
Useful options:crnl,fork,bind,range,tcpwrap,pf,max-children,backlog,mss,su,reuseaddr,retry,cool-write
See also:TCP4-LISTEN,TCP6-LISTEN,UDP-LISTEN,SCTP-LISTEN,UNIX-LISTEN,OPENSSL-LISTEN,TCP-CONNECT
TCP4-LISTEN:<port>
Like TCP-LISTEN, but only supports IPv4protocol (example).
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,TCP,RETRY
TCP6-LISTEN:<port>
Like TCP-LISTEN, but only supports IPv6protocol.
Additional useful option:ipv6only
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6,TCP,RETRY
TUN[:<if-addr>/<bits>]
Creates a Linux TUN/TAP device and optionally assignes it the address andnetmask given by the parameters. The resulting network interface is almostready for use by other processes; socat serves its dqwire sidedq. This addressrequires read and write access to the tunnel cloning device, usually/dev/net/tun, as well as permission to set some ioctl()s.Option iff-up is required to immediately activate the interface!
Option groups: FD,NAMED,OPEN,TUN
Useful options:iff-up,tun-device,tun-name,tun-type,iff-no-pi
See also:ip-recv
UDP:<host>:<port>
Connects to <port> [UDP service] on<host> [IP address] using UDP/IP version 4 or 6depending on address specification, name resolution, or optionpf.
Please note that,due to UDP protocol properties, no real connection is established; data hasto be sent for `connectingcq to the server, and no end-of-file condition canbe transported.
Option groups: FD,SOCKET,IP4,IP6
Useful options:ttl,tos,bind,sourceport,pf
See also:UDP4,UDP6,UDP-LISTEN,TCP,IP
UDP4:<host>:<port>
Like UDP, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4
UDP6:<host>:<port>
Like UDP, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6
UDP-DATAGRAM:<address>:<port>
Sends outgoing data to the specified address which may in particular be abroadcast or multicast address. Packets arriving on the local socket arechecked for the correct remote port and if their source addresses matchRANGE or TCPWRAPoptions. This address type can for example be used for implementingsymmetric or asymmetric broadcast or multicast communications.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options:bind,range,tcpwrap,broadcast,ip-multicast-loop,ip-multicast-ttl,ip-multicast-if,ip-add-membership,ttl,tos,sourceport,pf
See also:UDP4-DATAGRAM,UDP6-DATAGRAM,UDP-SENDTO,UDP-RECVFROM,UDP-RECV,UDP-CONNECT,UDP-LISTEN,IP-DATAGRAM
UDP4-DATAGRAM:<address>:<port>
Like UDP-DATAGRAM, but only supports IPv4protocol (example1,example2).
Option groups: FD,SOCKET,IP4, RANGE
UDP6-DATAGRAM:<address>:<port>
Like UDP-DATAGRAM, but only supports IPv6protocol.
Option groups: FD,SOCKET,IP6,RANGE
UDP-LISTEN:<port>
Waits for a UDP/IP packet arriving on <port>[UDP service] and `connectscq back to sender.The accepted IP version is 4 or the one specified with optionpf.Please note that,due to UDP protocol properties, no real connection is established; data hasto arrive from the peer first, and no end-of-file condition can betransported. Note that opening this address usually blocks until a client connects.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6
Useful options:fork,bind,range,pf
See also:UDP,UDP4-LISTEN,UDP6-LISTEN,TCP-LISTEN
UDP4-LISTEN:<port>
Like UDP-LISTEN, but only support IPv4protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP4
UDP6-LISTEN:<port>
Like UDP-LISTEN, but only support IPv6protocol.
Option groups: FD,SOCKET,LISTEN,CHILD,RANGE,IP6
UDP-SENDTO:<host>:<port>
Communicates with the specified peer socket, defined by <port> [UDPservice] on<host> [IP address], using UDP/IP version 4 or 6depending on address specification, name resolution, or optionpf. It sends packets to and receives packetsfrom that peer socket only. This address effectively implements a datagram client.It works well with socat UDP-RECVFROM and UDP-RECV address peers.
Option groups: FD,SOCKET,IP4,IP6
Useful options:ttl,tos,bind,sourceport,pf
See also:UDP4-SENDTO,UDP6-SENDTO,UDP-RECVFROM,UDP-RECV,UDP-CONNECT,UDP-LISTEN,IP-SENDTO
UDP4-SENDTO:<host>:<port>
Like UDP-SENDTO, but only supports IPv4protocol.
Option groups: FD,SOCKET,IP4
UDP6-SENDTO:<host>:<port>
Like UDP-SENDTO, but only supports IPv6protocol.
Option groups: FD,SOCKET,IP6
UDP-RECVFROM:<port>
Creates a UDP socket on <port> [UDP service] usingUDP/IP version 4 or 6 depending on option pf.It receives one packet from an unspecified peer and may send one or moreanswer packets to that peer. This mode is particularly useful with forkoption where each arriving packet - from arbitrary peers - is handled by its own subprocess. This allows a behaviour similar to typical UDP based servers like ntpdor named. This address works well with socat UDP-SENDTO address peers.
Option groups: FD,SOCKET,IP4,IP6,CHILD,RANGE
Useful options:fork,ttl,tos,bind,sourceport,pf
See also:UDP4-RECVFROM,UDP6-RECVFROM,UDP-SENDTO,UDP-RECV,UDP-CONNECT,UDP-LISTEN,IP-RECVFROM,UNIX-RECVFROM
UDP4-RECVFROM:<port>
Like UDP-RECVFROM, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,CHILD,RANGE
UDP6-RECVFROM:<port>
Like UDP-RECVFROM, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,CHILD,RANGE
UDP-RECV:<port>
Creates a UDP socket on <port> [UDP service] using UDP/IP version 4 or 6depending on option pf.It receives packets from multiple unspecified peers and merges the data.No replies are possible. It works well with, e.g., socat UDP-SENDTO address peers; it behaves similar to a syslog server.
Option groups: FD,SOCKET,IP4,IP6,RANGE
Useful options:fork,pf,bind,sourceport,ttl,tos
See also:UDP4-RECV,UDP6-RECV,UDP-SENDTO,UDP-RECVFROM,UDP-CONNECT,UDP-LISTEN,IP-RECV,UNIX-RECV
UDP4-RECV:<port>
Like UDP-RECV, but only supports IPv4 protocol.
Option groups: FD,SOCKET,IP4,RANGE
UDP6-RECV:<port>
Like UDP-RECV, but only supports IPv6 protocol.
Option groups: FD,SOCKET,IP6,RANGE
UNIX-CONNECT:<filename>
Connects to <filename> assuming it is a UNIX domainsocket.If <filename> does not exist, this is an error;if <filename> is not a UNIX domain socket, this is an error;if <filename> is a UNIX domain socket, but no process is listening, this isan error.
Option groups: FD,SOCKET,NAMED,RETRY,UNIX
)Useful options:bind
See also:UNIX-LISTEN,UNIX-SENDTO,TCP
UNIX-LISTEN:<filename>
Listens on <filename> using a UNIX domain streamsocket and accepts a connection.If <filename> exists and is not a socket, this is an error.If <filename> exists and is a UNIX domain socket, binding to the addressfails (use option unlink-early!).Note that opening this address usually blocks until a client connects.Beginning with socat version 1.4.3, the file system entry is removed whenthis address is closed (but see option unlink-close) (example).
Option groups: FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
Useful options:fork,umask,mode,user,group,unlink-early
See also:UNIX-CONNECT,UNIX-RECVFROM,UNIX-RECV,TCP-LISTEN
UNIX-SENDTO:<filename>
Communicates with the specified peer socket, defined by [<filename>] assuming it is a UNIX domain datagram socket.It sends packets to and receives packets from that peer socket only.Please note that it might be necessary to bind thelocal socket to an address (e.g. /tmp/sock1, which must not existbefore).This address type works well with socat UNIX-RECVFROM and UNIX-RECV addresspeers.
Option groups: FD,SOCKET,NAMED,UNIX
Useful options:bind
See also:UNIX-RECVFROM,UNIX-RECV,UNIX-CONNECT,UDP-SENDTO,IP-SENDTO
UNIX-RECVFROM:<filename>
Creates a UNIX domain datagram socket [<filename>].Receives one packet and may send one or more answer packets to that peer.This mode is particularly useful with fork option where each arriving packet - from arbitrary peers - is handled by its own sub process.This address works well with socat UNIX-SENDTO address peers.
Option groups: FD,SOCKET,NAMED,CHILD,UNIX
Useful options:fork
See also:UNIX-SENDTO,UNIX-RECV,UNIX-LISTEN,UDP-RECVFROM,IP-RECVFROM
UNIX-RECV:<filename>
Creates a UNIX domain datagram socket [<filename>].Receives packets from multiple unspecified peers and merges the data.No replies are possible. It can be, e.g., addressed by socat UNIX-SENDTO address peers.It behaves similar to a syslog server.Option groups: FD,SOCKET,NAMED,UNIX
See also:UNIX-SENDTO,UNIX-RECVFROM,UNIX-LISTEN,UDP-RECV,IP-RECV
UNIX-CLIENT:<filename>
Communicates with the specified peer socket, defined by[<filename>] assuming it is a UNIX domain socket.It first tries to connect and, if that fails, assumes it is a datagramsocket, thus supporting both types.
Option groups: FD,SOCKET,NAMED,UNIX
Useful options:bind
See also:UNIX-CONNECT,UNIX-SENDTO,GOPEN
ABSTRACT-CONNECT:<string>
ABSTRACT-LISTEN:<string>
ABSTRACT-SENDTO:<string>
ABSTRACT-RECVFROM:<string>
ABSTRACT-RECV:<string>
ABSTRACT-CLIENT:<string>
The ABSTRACT addresses are almost identical to the related UNIX addressesexcept that they do not address file system based sockets but an alternateUNIX domain address space. To archieve this the socket address strings areprefixed with dq\0dq internally. This feature is available (only?) on Linux.Option groups are the same as with the related UNIX addresses, except thatthe ABSTRACT addresses are not member of the NAMED group.

 

ADDRESS OPTIONS

Address options can be applied to address specifications to influence theprocess of opening the addresses and the properties of the resulting data channels.

For technical reasons not every option can beapplied to every address type; e.g., applying a socket option to a regular filewill fail. To catch most useless combinations as early as in the open phase,the concept of option groups was introduced. Each option belongs to oneor more option groups. Options can be used only with address types that supportat least one of their option groups (but see option -g).

Address options have data types that their values must conform to. Every address option consists of just a keyword or a keyword followed bydq=valuedq, where value must conform to the options type.Some address options manipulate parameters of system calls;e.g., option sync sets the O_SYNCflag with the open()call. Other options cause a system or library call; e.g., with option `ttl=valuecqthe setsockopt(fd, SOL_IP, IP_TTL, value, sizeof(int))call is applied.Otheroptions set internal socat variables that are used during data transfer;e.g., `crnlcq causes explicit character conversions. A few options have more complex implementations; e.g., su-d(substuser-delayed) inquires some user and group infos, stores them, andapplies them later after a possible chroot()call.

If multiple options are given to an address, their sequence in the address specification has (almost) noeffect on the sequence of their execution/application. Instead, socat hasbuilt in an option phase model that tries to bring the options in a usefulorder. Some options exist in different forms (e.g., unlink, unlink-early, unlink-late) to control the time of their execution.

If the same option is specified more than once within one addressspecification, with equal or different values, the effect depends on the kind of option. Optionsresulting in function calls like setsockopt()cause multipleinvocations. With options that set parameters for a required call likeopen()or set internal flags, the value of the last option occurrence is effective.

The existence or semantics of many options are system dependent. Socatusually does NOT try to emulate missing libc or kernel features, it justprovides an interface to the underlying system. So, if an operating system lacks a feature,the related option is simply not available on this platform.

The following paragraphs introduce just the more common address options. Fora more comprehensive reference and to find information about canonical optionnames, alias names, option phases, and platforms see file xio.help.


FD option group

This option group contains options that are applied to a UN*Xstyle file descriptor, no matter how it was generated.Because all current socat address types are file descriptor based, theseoptions may be applied to any address.
Note: Some of these options are also member of another option group, thatprovides another, non-fd based mechanism.For these options, it depends on the actual address type and its option groups which mechanism is used. The second, non-fd based mechanism is prioritized.

cloexec=<bool>
Sets the FD_CLOEXECflag with the fcntl()system call to value<bool>. If set,the file descriptor is closed on exec()family function calls. Socatinternally handles this flag for the fds it controls, so in most cases there will be no need toapply this option.
setlk
Tries to set a discretionary write lock to the whole file using the fcntl(fd,F_SETLK, ...)system call. If the file is already locked, this call resultsin an error. On Linux, when the file permissions for group are dqSdq (g-x,g+s), and thefile system is locally mounted with the dqmanddq option, the lock ismandatory, i.e. prevents other processes from opening the file.
setlkw
Tries to set a discretionary waiting write lock to the whole file using thefcntl(fd, F_SETLKW, ...)system call. If the file is already locked,this call blocks. See option setlk for information about making thislock mandatory.
setlk-rd
Tries to set a discretionary read lock to the whole file using the fcntl(fd,F_SETLK, ...)system call. If the file is already write locked, this callresults in an error. See option setlk for information about making thislock mandatory.
setlkw-rd
Tries to set a discretionary waiting read lock to the whole file using thefcntl(fd, F_SETLKW, ...)system call. If the file is already writelocked, this call blocks. See option setlk for information about making thislock mandatory.
flock-ex
Tries to set a blocking exclusive advisory lock to the file using theflock(fd, LOCK_EX)system call. Socat hangs in this call if the fileis locked by another process.
flock-ex-nb
Tries to set a nonblocking exclusive advisory lock to the file using theflock(fd, LOCK_EX|LOCK_NB)system call. If the file is already locked,this option results in an error.
flock-sh
Tries to set a blocking shared advisory lock to the file using theflock(fd, LOCK_SH)system call. Socat hangs in this call if the fileis locked by another process.
flock-sh-nb
Tries to set a nonblocking shared advisory lock to the file using theflock(fd, LOCK_SH|LOCK_NB)system call. If the file is already locked,this option results in an error.
lock
Sets a blocking lock on the file. Uses the setlk or flock mechanismdepending on availability on the particular platform. If both are available,the POSIX variant (setlkw) is used.
user=<user>
Sets the <user> (owner) of the stream.If the address is member of the NAMED option group,socat uses the chown()system call after opening thefile or binding to the UNIX domain socket (race condition!).Without filesystem entry, socat sets the user of the stream using the fchown()system call.These calls might require root privilege.
user-late=<user>
Sets the owner of the fd to <user> with the fchown()system call after opening or connecting the channel.This is useful only on file system entries.
group=<group>
Sets the <group> of the stream.If the address is member of the NAMED option group,socat uses the chown()system call after opening thefile or binding to the UNIX domain socket (race condition!).Without filesystem entry, socat sets the group of the stream with the fchown()system call. These calls might require group membership or root privilege.
group-late=<group>
Sets the group of the fd to <group> with thefchown()system call after opening or connecting the channel.This is useful only on file system entries.
mode=<mode>
Sets the <mode> [mode_t] (permissions) of the stream.If the address is member of the NAMED option group anduses the open()or creat()call, the mode is applied with these.If the address is member of the NAMED option group without using thesesystem calls, socat uses the chmod()system call after opening thefilesystem entry or binding to the UNIX domain socket (race condition!).Otherwise, socat sets the mode of the streamusing fchmod(). These calls might require ownership or root privilege.
perm-late=<mode>
Sets the permissions of the fd to value <mode>[mode_t] using the fchmod()system call afteropening or connecting the channel.This is useful only on file system entries.
append=<bool>
Always writes data to the actual end of file.If the address is member of the OPEN option group, socat uses the O_APPENDflag with the open()system call(example).Otherwise, socat applies the fcntl(fd, F_SETFL, O_APPEND)call.
nonblock=<bool>
Tries to open or use file in nonblocking mode. Its only effects are that theconnect()call of TCP addresses does not block, and that opening anamed pipe for reading does not block.If the address is member of the OPEN option group,socat uses the O_NONBLOCKflag with the open()system call.Otherwise, socat applies the fcntl(fd, F_SETFL, O_NONBLOCK)call.
binary
Opens the file in binary mode to avoid implicit line terminatorconversions (Cygwin).
text
Opens the file in text mode to force implicit line terminator conversions(Cygwin).
noinherit
Does not keep this file open in a spawned process (Cygwin).
cool-write
Takes it easy when write fails with EPIPE or ECONNRESET and logs the messagewith notice level instead of error.This prevents the log file from being filled with useless error messageswhen socat is used as a high volume server or proxy where clients oftenabort the connection.
This option is experimental.
end-close
Changes the (address dependent) method of ending a connection to just closethe file descriptors. This is useful when the connection is to be reused byor shared with other processes (example).
Normally, socket connections will be ended with shutdown(2) whichterminates the socket even if it is shared by multiple processes. close(2) dqunlinksdq the socket from the process but keeps it active aslong as there are still links from other processes.
Similarly, when an address of type EXEC or SYSTEM is ended, socat usuallywill explicitly kill the sub process. With this option, it will just closethe file descriptors.
shut-none
Changes the (address dependent) method of shutting down the write part of aconnection to not do anything.
shut-down
Changes the (address dependent) method of shutting down the write part of aconnection to shutdown(fd, SHUT_WR). Is only useful with sockets.
shut-close
Changes the (address dependent) method of shutting down the write part of aconnection to close(fd).
shut-null
When one address indicates EOF, socat will send a zero sized packet to thewrite channel of the other address to transfer the EOF condition. This isuseful with UDP and other datagram protocols. Has been tested againstnetcat and socat with option null-eof.
null-eof
Normally socat will ignore empty (zero size payload) packets arriving ondatagram sockets, so it survives port scans. With this option socatinterprets empty datagram packets as EOF indicator (seeshut-null).
ioctl-void=<request>
Calls ioctl() with the request value as second argument and NULL asthird argument. This option allows utilizing ioctls that are notexplicitly implemented in socat.
ioctl-int=<request>:<value>
Calls ioctl() with the request value as second argument and the integervalue as third argument.
ioctl-intp=<request>:<value>
Calls ioctl() with the request value as second argument and a pointer tothe integer value as third argument.
ioctl-bin=<request>:<value>
Calls ioctl() with the request value as second argument and a pointer tothe given data value as third argument. This data must be specified in<dalan> form.
ioctl-string=<request>:<value>
Calls ioctl() with the request value as second argument and a pointer tothe given string as third argument.<dalan> form.


NAMED option group

These options work on file system entries.
See also options user, group, andmode.

user-early=<user>
Changes the <user> (owner) of the file system entry beforeaccessing it, using the chown()system call. This call might require root privilege.
group-early=<group>
Changes the <group> of the file system entry beforeaccessing it, using the chown()system call. This call might require group membership or rootprivilege.
perm-early=<mode>
Changes the <mode> [mode_t] of the file system entrybefore accessing it, using the chmod()system call. This call might require ownership or rootprivilege.
umask=<mode>
Sets the umask of the process to <mode> [mode_t] beforeaccessing the file system entry (useful with UNIX domain sockets!). This call might affect all further operationsof the socat process!
unlink-early
Unlinks (removes) the file before opening it and even before applyinguser-early etc.
unlink
Unlinks (removes) the file before accessing it, but after user-early etc.
unlink-late
Unlinks (removes) the file after opening it to make it inaccessible forother processes after a short race condition.
unlink-close
Removes the addresses file system entry when closing the address.For named pipes,listening unix domain sockets,and the symbolic links of pty addresses,the default is 1; for created files,opened files,generic opened files, andclient unix domain sockets the default is 0.


OPEN option group

The OPEN group options allow setting flags with the open()system call. E.g., option `creatcq sets the O_CREATflag.
See also options append andnonblock.

creat=<bool>
Creates the file if it does not exist (example).
dsync=<bool>
Blocks write()calls until metainfo is physically written to media.
excl=<bool>
With option creat, if file exists this is an error.
largefile=<bool>
On 32 bit systems, allows a file larger than 2^31 bytes.
noatime
Sets the O_NOATIME options, so reads do not change the access timestamp.
noctty=<bool>
Does not make this file the controlling terminal.
nofollow=<bool>
Does not follow symbolic links.
nshare=<bool>
Does not allow sharing this file with other processes.
rshare=<bool>
Does not allow other processes to open this file for writing.
rsync=<bool>
Blocks write()until metainfo is physically written to media.
sync=<bool>
Blocks write()until data is physically written to media.
rdonly=<bool>
Opens the file for reading only.
wronly=<bool>
Opens the file for writing only.
trunc
Truncates the file to size 0 during opening it.


REG and BLK option group

These options are usually applied to a UN*X file descriptor, but theirsemantics make sense only on a file supporting random access.

seek=<offset>
Applies the lseek(fd, <offset>, SEEK_SET)(or lseek64) systemcall, thus positioning the file pointer absolutely to <offset>[off_t or off64_t]. Please note that amissing value defaults to 1, not 0.
seek-cur=<offset>
Applies the lseek(fd, <offset>, SEEK_CUR)(or lseek64) systemcall, thus positioning the file pointer <offset> [off_t oroff64_t] bytes relatively to its current position (whichis usually 0). Please note that a missing value defaults to 1, not 0.
seek-end=<offset>
Applies the lseek(fd, <offset>, SEEK_END)(or lseek64) systemcall, thus positioning the file pointer <offset> [off_t oroff64_t] bytes relatively to the files current end. Pleasenote that a missing value defaults to 1, not 0.
ftruncate=<offset>
Applies the ftruncate(fd, <offset>)(or ftruncate64if available) system call, thustruncating the file at the position <offset> [off_t or off64_t]. Please note that a missing value defaults to 1,not 0.
secrm=<bool>
unrm=<bool>
compr=<bool>
ext2-sync=<bool>
immutable=<bool>
ext2-append=<bool>
nodump=<bool>
ext2-noatime=<bool>
journal-data=<bool>
notail=<bool>
dirsync=<bool>
These options change non standard file attributes on operating systems andfile systems that support these features, like Linux with ext2fs,ext3fs, or reiserfs. See man 1 chattr for information on these options.Please note that there might be a race condition between creating the fileand applying these options.


PROCESS option group

Options of this group change the process properties instead of just affectingone data channel.For EXEC and SYSTEM addresses and for LISTEN and CONNECT type addresses withoption FORK, these options apply to the child processes instead of the main socat process.

chroot=<directory>
Performs a chroot()operation to <directory>after processing the address (example). This call might require root privilege.
chroot-early=<directory>
Performs a chroot()operation to <directory>before opening the address. This call might require root privilege.
setgid=<group>
Changes the primary <group> of the process afterprocessing the address. This call might require root privilege. Please notethat this option does not drop other group related privileges.
setgid-early=<group>
Like setgit but is performed before opening the address.
setuid=<user>
Changes the <user> (owner) of the process after processingthe address. This call might require root privilege. Please note that thisoption does not drop group related privileges. Check if optionsu better fits your needs.
setuid-early=<user>
Like setuid but is performed before opening theaddress.
su=<user>
Changes the <user> (owner) and groups of the process afterprocessing the address (example). This call might require root privilege.
su-d=<user>
Short name for substuser-delayed.Changes the <user>(owner) and groups of the process after processing the address (example).The user and his groups are retrieved before a possiblechroot(). This call might require root privilege.
setpgid=<pid_t>
Makes the process a member of the specified process group<pid_t>. If no value is given, or if the value is 0 or 1, the process becomes leader of a newprocess group.
setsid
Makes the process the leader of a new session (example).


READLINE option group

These options apply to the readline address type.

history=<filename>
Reads and writes history from/to <filename> (example).
noprompt
Since version 1.4.0, socat per default tries to determine a prompt - that is then passed to the readline call - by remembering the lastincomplete line of the output. With this option, socat does not pass aprompt to readline, so it begins line editing in the first columnof the terminal.
noecho=<pattern>
Specifies a regular pattern for a prompt that prevents the following inputline from being displayed on the screen and from being added to the history.The prompt is defined as the text that was output to the readline address after the lastest newline character and before an input character wastyped. The pattern is a regular expression, e.g.dq^[Pp]assword:.*$dq or dq([Uu]ser:|[Pp]assword:)dq. See regex(7) for details.(example)
prompt=<string>
Passes the string as prompt to the readline function. readline prints thisprompt when stepping through the history. If this string ma