Socat Serial Telnet

Network Device Server and Client ComputerAs it can be seen in the illustration, the application on the client computer is routing the data through the TCP socket. This kind of connection makes it necessary that the application running on the client supports socket connections. In our case the LucidIoCtrl command line tool and the dotNet library offer currently support of TCP socket connection in addition to the standard virtual serial port connection.For client applications that rely on local serial devices there exists a a flexible method which creates virtual devices on the client computer that are connected to a remote device on a network device server. This allows e.g. Using existing software working with local serial ports without adaption of the source code. USB IO Module Network Device Server with socat and ser2netThe picture shows the principle of this method.

On the network device server there is no change necessary and ser2net is running with the same options.On the client computer the Linux tool comes into the game. It is a powerful program that can redirect data streams in general.

Socat establishes bidirectional data streams between files, pipes, devices (serial line or a pseudo terminal) and different kind of sockets (UNIX, IP4, IP6 – raw, UDP, TCP and SSL).More information on socat including many examples can be found and.I concentrate in the following on using socat in order to create a virtual serial device on a client computer which is routed to a TCP socket created on the network device server by ser2net. Socat pty,link=/dev/lio0,nonblock,raw,echo=0,ignoreof,waitslave tcp:RPI-AZ-2:4001This instruction creates a device /dev/lio0 which is connected to port 4001 of the network device server RPI-AZ-2. The option nonblock opens the device in non-blocking mode, raw instructs socat to send data unprocessed and echo=0 switches local echo off. In our tests these three options could be omitted without any influences. But, the option ignoreof is important and causes that socat stays active after the port was closed by the client application.

The LucidIoCtrl command line tool closes the serial port when it returns, socat must not close the device in order to be responsive for further calls.As a short form the following call of socat is working well. (socat pty,link=/dev/lio0,ignoreof,waitslave tcp:RPI-AZ-2:4001) &By calling socat this way a background process is started.

Socat Serial Port Telnet

The prompt returns immediately after the process has been installed and a script running this line does also not block anymore.Note: It might be necessary to run socat as root. In this case socat assigns the root user as owner of the created device what prevents other users from accessing the device. This is not desired as it would require all applications accessing the created virtual port need to have root permissions. (socat pty,link=/dev/lio0,user=klaus,group=dialout,mode=660,ignoreof,waitslave tcp:RPI-AZ-2:4001) &The parameters user, group and mode make it possible to specify the privileges of the created device. In this example the device /dev/lio0 belongs to the user klaus, the group dialout and can be accessed by the user and the group. All users accessing any serial port must be member of the group dialout, so it makes sense to create also the virtual device with this group assigned.When socat is running, the virtual device is accessible and LucidIoCtrl can communicate with the remote device like this. Socat tcp-l:4001,fork,keepalive,nodelay,reuseaddr /dev/ttyACM0,b115200,rawThis call uses the local device /dev/ttyACM0 and listens to TCP port 4001.

Socat Serial Telnet Password

It routes all data for this port to the device like ser2net does. The parameter fork creates a child process, the parameter keepalive supports TCP keepalive packets, nodelay opens the port with non-delay options and reuseaddr allows reusing an address even if it is already used by socat. Raw data transmission is used and the baudrate is set to 115200bps. Since the USB IO modules are virtual serial devices, which do not need an initialization of the serial port parameters, some parameters can be omitted.I use a reduced parameter set which works without any implications, and we start a background process listening on TCP port 4001. Encrypting Data Streams with socatOpening a TCP port that is routed to a device can become a security leak and there is a potential risk that data are eavesdropped, intercepted or injected from a manipulating communication partner. This could result e.g. In wrong temperatures being transmitted or unintentional changes of the state of a digital output by some fraudulent computer.If security aspects are important for a relayed port, socat supports encryption based SSL certificates that can be created by using.

Beside of the data encryption this method allows also to grant different access rights to some USB IO modules connected to a network device server. These access rights can be granted on module level what means that e.g. An USB analog output module and a USB analog input module, both connected to the same computer, can have different access privileges. USB IO Module Network Device Server with socat and SSL Data EncryptionThe picture shows the principle how the data encryption works. All configuration for the data encryption is done by socat parameters and it is not necessary to change the application running on the client computer when adding secure data encryption.SSL is consists of a private key and trust certificates that can be distributed on any computer that is trustworthy.OpenSSL is used in order to create private keys and trust certificates for the network device server and all client computers. A good tutorial for this can be found.The created trust certificates can be exchanged between all communication partners.

Socat Tcp Listen

The generated private key files and the merged PEM files must be securely saved on the related computer.After the certificates have been distributed, socat is ready for SSL encryption. (sudo socat pty,link=/dev/lio0,user=klaus,group=dialout,mode=660,nonblock,raw,ignoreof, waitslave openssl-connect:RPI-AZ-1:4001,cert/$HOME/client.pem,cafile=$HOME/server.crt) &This command creates a virtual device /dev/lio0 on the client computer. All data sent to this device are encrypted with the client private key stored in client.pem.Compared to the calls of socat explained earlier, the last two calls are only extended by the parameters cert and cafile. The parameter cert refers to the PEM file which contains the private key and the public certificate of the communication partner. The parameter cafile links to a file which contains all trusted certificates. ConclussionIn this article I have shown how a USB IO module can be shared within a network as a device having an entity in the /dev folder. The advantage of this method over the TCP port sharing is that existing software, which is using device names, can be used without adaption.socat is a powerful tool that can create bidirectional redirections of data streams.

In the first part of the article I have shown how a client running socat can connect to a network device server running ser2net what is a very convenient way.In the second part of this article I explained how to use socat on the client computer as well as on the network device server replacing ser2net on the network device server. The reason for this was that employing socat on the network device server offers more functionality such as data encryption.The SSL encryption supported by socat adds more security to the transmitted data and is the foundation of the further work.

Remserial-The remserial program acts as a communications bridge between a TCP/IPnetwork port and a Linux device such as a serial port. Any character-orientedLinux /dev device will work.The program can also use pseudo-ttys as the device. A pseudo-tty is likea serial port in that it has a /dev entry that can be opened by a programthat expects a serial port device, except that instead of belonging toa physical serial device, the data can be intercepted by another program.The remserial program uses this to connect a network port to the'master' (programming) side of the pseudo-tty allowing the device driver(slave) side to be used by some program expecting a serial port. See example3 below for details.The program can operate as a server accepting network connections fromother machines, or as a client, connecting to remote machine thatis running the remserial program or some other program that acceptsa raw network connection.