[jump to content][No Software Patents]Tools (new) : socklinger [ Home | Scylla+Charybdis old home | Tools (old) | Tools (new) | FAQ | Downloads ]

Moving to GitHub, slowly

The software on this pages will slowly be moved to GitHub https://github.com/hilbix/. The CVS repository will be migrated to GIT as well, so the history will be preserved, a bit. See FAQ.

Scylla and Charybdis, socklinger - Tools

The tools are developed under Linux with ESR's paradigm release early, release often in mind.
So you can consider this beta software, or alpha, or pre-alpha, or even worse ;)

Have a look in the download directory for all downloads.
As always here, all you get is the source. No binaries here.

socklinger 2.4.0-20100126-154808

Execute quick hack shell scripts connected to a socket.


⇒ ⇒ ⇒ The development shifted to another location. All future versions will be published at https://github.com/hilbix/socklinger   ⇐ ⇐ ⇐


If you look for something of more wide use perhaps have a look at socat (this is from somebody else, don't ask me about socat, however I highly recommend socat if you are not satisfied with socklinger!).

Socklinger is thought for admins in a networked environment, who want to write some quick hack bash scripts to rapidly implement a socket based thingie just to get something done and reuse this solution for themself later on, too. Socklinger definitively is not designed to offer a production service to customers. But it's just what *you* need to get *your* weird network script running for *your* needs, saving *your* time.

When you want to write a quick hack, shell is convenient. However when you want to do this with networking scripts you often will observe stange effects if you call scripts from inetd. This is, because the "lingering" on sockets is extremely short (or missing) nowadays to protect against DoS-attacks. The effect is, that you will observe that the end of the output of the script just is not transmitted to the other side. Socklinger fixes this and restores, what you know from your good old and reliable SunOS from 1988.

Note that you might be tempted to use the exec-option of netcat, too. However netcat cannot reuse sockets on stdin like in inetd usage or when something is running under tcpd-control. And you don't have control over the number of scripts running in parallel.

Note that you can run scripts under tcpserver, too. However you will observe the linger-problem there. Often you can fix the problem by adding a "sleep 10" at the end of the script. However the hope that 10 seconds are long enough is no solution in my eyes. And often the sleep period slows down the other side, because the othere side waits until the socket is closed. (Any software which relies on the kernel linger implementation may fall into the same trap as tcpserver.)

Socklinger is designed as a solution for quick hacks, so it's enough to only run one script in parallel. This way you don't have to bother about race conditions in the script. Socklinger also allows you to reuse the socket which comes from stdin or run it in a simple accept-loop.

The source code of socklinger is so easy and lightweight that it can be adapted to other environments easily. It has been tested under several Linux distributions and Cygwin. (Well, not each version!)

There is an example Debian installation proxy which caches all files downloaded in example/ . All you need is some machine with an Internet connection (probably a windows with Cygwin installed) and you can use the network install ISO image for your Debian. Please note that this is another step to reach my real goal: HilbiX, a 1.44 MB floppy sized console-less networked Linux install.

New features:

Options, like delay (-d).

`killall -1 socklinger` shuts down socklingers gracefully.

With -n0 (or -s) only a single accept() can be done (no looping). Options disable the old commandline behavior (prefixes n@ and src>dest).

Old features (deprecated, use commandline options):

If given socket is of form "src>dest" it is connected to. src is the address to bind to (can be empty). If @ is missing, only one single connect is done, else the connect is done in a loop (beware!).

Alternat fork method (postfork) with negative count. Default for CygWin, as accept() does not work with postfork under windows.

Future note:

It is likely that Socklinger will be merged into some other of my tools. You will read, where you then can find it. This is because I need support for non-TCP sockets, too.

CygWin note:

If socklinger does not compile under CygWin try following (do not overwrite tino/getopt.h!):

echo >getopt.h; make

This is a problem with the include chain of system headers I was unable to fix, but I don't want to "clutter" the release with a file which usually is not needed.

History:

version 2.4.0-20100126-154808

download (266574 bytes) sig

Script sockets implemented, Options -f -t -w.

All are somewhat experimental.

If the socket starts with a pipe character (|) it now is a program to execute. This allows two scripts to talk to each other, like in

socklinger -v "|bash -c 'while read a; do echo \"\$a\" >&2; done'" bash -c 'echo hello world'

Option -f is thought to change the FD on which the socket is handed to the script.

Option -t gives an upper bound to the connect timeout. This only works on connect mode.

Option -w limits the lingering to a maximum time. This is in contrast to -l which restarts on data received.

version 2.3.0-20100125-171839

download (263845 bytes) sig

Options -p and -u added for timestamping, new environment variables SOCKLINGER_NOW and SOCKLINGER_PID, now installs into /usr/local/bin

SOCKLINGER_PID is when you need to kill the outer loop for some reason, like security issues. Try following at your own risk:

#!/bin/bash
[ -n "$SOCKLINGER_PID" ] || exec env -i /usr/local/bin/socklinger -pn -5 :12345 "$0"

Also source update to latest library changes

version 2.2.0-20080422-010236

download (222823 bytes) sig

Option -r added

Postforking now even more usable with the new option -r and the two environment variables SOCKLINGER_COUNT and SOCKLINGER_MAX. This is to be able to do statistics and cleanups to notekeeping.

When forks are guaranteed to be slow (or with a high delay setting) such that there cannot be any race condition, then you can use the environment variables to do the cleanup.

On a high fork frequency you can use option -r, such that the process slots are cycled. As each slot then is visited in a round robin fashion, you can do the notekeeping (and possible cleanups) at the beginning.

version 2.1.0-20070508-054313

download (191854 bytes)

Options -q (quiet) -v (verbose) and -l (linger timeout) -m (max linger)

Now you can control the lingering process better with setting a timeout and maximum amount of data to read. The default (0:unlimited) is somewhat unsuitable for most(!) situations, however it is impossible to give a better default value. So if you have a lot of "hanging" processes in socklinger, try option -l.

version 2.0.2-20070410-142800

download (177189 bytes)

Improved alarm/delay handling (perhaps a bugfix).

The improvements are only in tinolib, but they are significant. On a very old Linux distro option -d did not work, as this platform blocks some signals. This now is compensated, as flags of used signals are now set to sane values before using them.

version 2.0.1-20070404-130531

download (174310 bytes)

Cosmetics in output, option -i added, internal structure optimized

Option -i ignores certain errors in loops, such that socklinger isn't terminated if fork() fails etc.

Also a lot of internal things were improved (for option -i), such that the code is much more cleaner now (I hope).

If you wonder where the 2.0.0 is, it's disguised in the 1.5.0 which carries a wrong version number.

Some notes to version numbers in case you wonder:

Versioning is major.minor.revision with all numbers start at 0 (or sometimes sub-zero).

The major number is incremented only for important changes, such like important changes in commandline arguments, internal incompatibilities, complete rewrites or (official) stable releases. However if something is heavily beta or very incomplete it stays at it's major (0 usually) and the minor takes over this part.

From 1.4.1 to 1.5.0 there was such an important commandline change: -5@:port does not work anymore, it must be given as "-- -5@:port", because commandline options were introduced. Therefor socklinger now gets the major incremented, not because of internal restructuring in this release but because of the changes done from 1.4.1 to 1.5.0. However beeing a 2.x does not mean it's more stable or more debugged than 1.x or 0.x versions, perhaps the 1.4.1 sometimes does a better job, who knows.

Note that even if I completely rewrite most parts of a code but keep the functionality the same, this means, that only the revision number is incremented. But often complete rewrites bring important changes, then you will see the minor or major incremented instead. But not in this case. The 1.5.0 just is wrongly numbered.

Some notes to CygWin

There are CygWin releases which need a fix befor socklinger compiles. I don't know how to fix it else. This is, you must create an empty file named "getopt.h" in the build directory. This can be done with

echo >getopt.h; make
Note that the includes inform about this fact under CygWin.

version 1.5.0-20070403-044314

download (172697 bytes)

Version with options.

This slowly now moves to commandline arguments. Old commandline still is supported if no options are present.

To force the new behavior use option -s. With -s (or -n0) you can do a single accept() call now.

Again beware:

'-n0 :port' is not the same as '0@:port', the latter loops! Use '-n1 :port' to get a loop. However this sets SOCKLINGER_NR=1.

So with the new behavior if you see SOCKLINGER_NR<1 you know, it's a single-shot.

New option -d (for delay) means that fork()s are delayed as follows:

Preforking (option -n >0): A child sleeps the given seconds after the connection terminated (after the linger). To spread the values, the initial fork()ing is delayed as given, too. (Note that preforking is not available for accept-mode under CygWin.)

Postforking (option -n <0): After a fork delay() seconds must elaps before another new fork is done. If a child returns in this time, fork() is available immediately again.

version 1.4.1-20061212-125333

download (155833 bytes)

Bugfix, alternate fork method (fix for CygWin) and connect method.

This version is only tested a little bit.

Preforking does not work under CygWin. So fork on demand is implemented now, too. If you give a negative fork count, you can use this method under Unix as well.

Additionally a "connect" method now is implemented, such that you can run a script after connecting to the destination. The syntax is "source>destination" where source can be empty which does not bind to a specific interface. If you give no @ only a single connect is done. Else the connects are done in loops (according to preforking or postforking based on the number given).

There is no good connect timeout yet. However system connect timeout shall be there anyway.

version 1.4.0-20061212-113700

download (154359 bytes)

Additional environment variable and Portcullis script.

Now socklinger sets SOCKLINGER_SOCK to the socketname (from commandline). The child's return status is processed and printed correctly now.

Also there is now the Portcullis script in example.sh which can be used to protect system services against intruders. It's very simple:

Just start it with a password script and a service to invoke. For example:

/usr/local/bin/socklinger 10@:23 /usr/local/sbin/portcullis.sh '[ .127.0.0.1 = ".$IP" ] || echo Password' /usr/sbin/sshd -i

This invokes sshd on the telnet port in case the connection is from localhost. If you are from another host, you first must telnet in and enter the password (which here is 'Password' for obvious reasons).

version 1.3.3-20060412-000840

download (151168 bytes)

No improvements, only current version of tinolib included.

This version is untested.

If you have any trouble with this version, try the previous one, it's successfully used for some time now.

version 1.3.2-20060210-004617

download (140684 bytes)

Bugfix release and output improvement

Now the open socket is closed for the forked program. (It was not intended to stay open.)

Also the diagnostic output is somewhat more generalized.

This version is nearly untested as always.

version 1.3.1-20060125-043118

download (131898 bytes)

bugfix release and some improvements

You can give it a HUP to gracefully abort. This means, it exits the accept()-loop if it's waiting, but it's not going away until application returns.

accept() can return an error if everything is OK. In this case socklinger broke.

Also I tried to resolve the SO_REUSEADDR problem, where you cannot restart socklinger when there still is one running. However, it still does not work.

This version was not been tested much.

version 1.3.0-20051030-042448

download (117682 bytes)

Now based on tinolib. SUID supported. Env-vars added.

The environment variables SOCKLINGER_NR and SOCKLINGER_PEER are set.

Socklinger now gives up elevated privileges (SUID) before it runs the script, such that you can bind to system ports. All you need is to install it SUID root (and only give the users access to it who are allowed to wait on system ports). But I do not recommend this, as it's dangerous to use SUID programs this way.

This version was not been tested much.

version 1.2.1-20040920-042336

download (14435 bytes)

Clarifications on example/proxy.sh

version 1.2.0-20040920-032009

First version.

Tested under Cygwin and SuSE Linux 8.0. Compiles under RedHat 9.

License and Disclaimer

All you can see here is free software according to the GNU GPL.
Copyright (C)2000-2011 by Valentin Hilbig
Note that the software comes with absolutely no warranty of any kind.
You use the software at your own risk.
Valentin Hilbig cannot be hold responsible for any unintended damage,
lost data or malfunction of the software you can find here.

[FSFE contributor 2007]

[end of page - jump back to content][hacker culture]
Last modified: 2011-09-12 by Valentin Hilbig [ Imprint / Impressum ]