socat - Multipurpose relay

Abstract

what: "netcat++" (extended design, new implementation)
OS:   AIX, BSD, Linux, Solaris e.a. (UNIX)
lic:  GPL2
inst: tar x...; ./configure; make; make install
doc:  README; socat.html, socat.1
ui:   command line
exa:  socat TCP6-LISTEN:8080,reuseaddr,fork PROXY:proxy:www.domain.com:80
keyw: tcp, udp, ipv6, raw ip, unix-socket, pty, pipe, listen, socks4, socks5,
      proxy-connect, ssl-client, ssl-server, filedescriptor, readline, stdio,
      exec, system, file, open, tail -f, termios, setsockopt, chroot,
      fork, perm, owner, trace, dump, dgram, ext3, resolver, datagram,
      multicast, broadcast, interface, socket, udplite, dccp, sctp, generic, ioctl

What's new?

Recent Releases

2025-02-21: Socat version 1.8.0.3 has been released. It fixes a lot of minor issues and provides some minor improvements, see file CHANGES. The experimental POSIXMQ feature has been improved, got a few new options, and is now considered stable.

2024-12-11: Socat version 1.8.0.2 has been released. It fixes an arbitrary file overwrite vulnerability in readline.sh (Socat security advisory 9, CVE-2024-54661)

2024-08-24: Socat version 1.8.0.1 has been released. It fixes a couple of regressions in version 1.8.0.0 (see below), and a few other minor issues, see file CHANGES

Failures report for 1.8.0.0

A group of failures in Socat version 1.8.0.0 have been reported for commands that worked fine in previous versions (regression). They affect addresses using IP protocols without explicit IP version, with options bind and/or range. Examples are TCP-LISTEN, UDP, UDP-RECV, OPENSSL. The error messages are:

E syntax error in "localhost"
E syntax error in range "127.0.0.1/8" of unspecified address family: use <addr>:<mask>
E xioopen_ipdgram_listen(): unknown address family 0
E getaddrinfo("127.0.0.1", "NULL", {0x01,10,2,17}, {}): Address family for hostname not supported
E xioparsenetwork_ip6("localhost:255.255.255.255",,): missing mask bits delimiter '/'
E missing brackets for IPv6 range definition "127.0.0.1/8"

These issues will be addressed by version 1.8.0.1, planned for August; possible workarounds are:

Use Socat up to version 1.7.4.4 (or 1.7.4.5 from git)
Apply option -4 (does not help in some cases)
Use explicit IP version in address key word like TCP4-LISTEN, UDP4 etc;
Add address option pf=ip4 (esp.with OPENSSL)

2023-11-13: Socat version 1.8.0.0 has been released. It adds a couple of new features:

Support for network namespaces (option netns)
TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
New script socat-mux.sh allows n-to-1 / 1-to-n communications
New script socat-broker.sh allows group communications
Experimental socks5 client feature
Address ACCEPT-FD for systemd "inetd" mode
UDP-Lite and DCCP address types
Addresses SOCKETPAIR and SHELL
New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
Simple statistics output with Socat option --statistics and with SIGUSR1
A couple of new options, many fixes and corrections, see file CHANGES

Notes to distribution maintainers and packagers:

Socat now installs as socat1, and a symlink socat points to it, same with man page
test.sh now provides option "--expect-fail 123,216" to gain rc=0 even with some failures

History

2022-10-30: Socat version 1.7.4.4 is another bug fix release. It fixes UDP-RECVFROM failures and a couple of other bugs.

2022-01-08: Socat version 1.7.4.3 fixes the TCP_INFO issue that broke building on non-Linux platforms. Furthermore, building on AIX works again. A few more corrections and improvements have been added.

2021-10-31: Socat version 1.7.4.2 fixes a lot of bugs, e.g., for options -r and -R.

2021-01-10: Socat version 1.7.4.1 fixes compilation on 32 bit systems and file transfer with OpenSSL.

2021-01-04: Socat version 1.7.4.0 fixes a couple of bugs including a very theoretical security issue, restauration of DTLS using UDP, some porting issues, and last but not least several new features: VSOCK support, OpenSSL SNI, raw data dump, and more. See file CHANGES and Release Notes.
Thanks to all contributors for their invaluable patches!

Get it!

You can download socat 1.8.0.0 in source form (.gz, .bz2). Feel free to check the md5 or sha256 hashes.

Git repository is git://repo.or.cz/socat.git
(Project page is https://repo.or.cz/socat.git)

Documentation

Classical documentation:

README file
socat man page in HTML format.
examples section of the man page

Mini tutorials:

Securing traffic between two socat instances using SSL
IP multicasting with socat
Building TUN based virtual networks with socat
socat-gender.txt contains a simple TCP `gender changer´ example.
Generic sockets with socat

Contact

If you have more questions, please contact socat@dest-unreach.org