Simulate TCP and TLS Proxy using SOcket CAT
SOCAT is a command line based utility that establishes two bidirectional byte streams and transfers data between them. We can leverage SOCAT’s support for different types of sources and sinks to simulate TCP and TLS proxies. This type of simulation helps us understand the impact of a proxy (between server and client) and establish a baseline for the latency and throughput.
TCP Proxy using SOCAT
SOCAT can be used to simulate a TCP proxy to proxy the data between the server and the client. TCP Proxy in this context is a sidecar process that proxies client or server data.
To simulate the TCP Proxy, use the following command:
socat -v TCP4-LISTEN:8888,fork,reuseaddr,ignoreeof TCP4:192.168.0.10:8088
This command spawns a process that listens for new connections on port 8888 and forwards the data to port 192.168.0.10:8088.
TLS Client Proxy using SOCAT
SOCAT can also be used to simulate TLS client proxy. TLS client proxy in this context is a sidecar process that upgrades a normal connection to a TLS connection.
To simulate a TLS client proxy, use the following command:
socat tcp4-listen:8888,fork,reuseaddr,ignoreeof openssl:192.168.0.10:8088,commonname=some-server,key=./client-key.pem,cert=./client-cert.pem,cafile=./ca.pem
This command spawns a process that listens for new plain text connections on port 8888 and proxies the data on TLS connection to 192.168.0.10:8088.
TLS Server Proxy using SOCAT
Similar to TLS client proxy, SOCAT can be used to simulate TLS server proxy too. TLS server proxy in this context is a sidecar process that terminates a TLS connection.
To simulate a TLS server proxy, use the following command:
socat openssl-listen:8888,fork,reuseaddr,ignoreeof tcp4:192.168.0.10:8088,commonname=some-server,key=./client-key.pem,cert=./client-cert.pem,cafile=./ca.pem
This command spawns a process that listens for TLS connections on port 8888, terminates the TLS connection and proxies the data on TCP connection to 192.168.0.10:8088.