1

I'd like to use socat to redirect the STDIN/STDOUT of the process executing docker attach <container-id> to a listening TCP socket on my Linux system.

root@eve-ng:/opt/unetlab# tty
/dev/pts/2
root@eve-ng:/opt/unetlab#
root@eve-ng:/opt/unetlab# socat EXEC:'/usr/bin/docker attach afe29573-0030-4a69-8b3e-c04ededa8db7-0-4',pty TCP4-LISTEN:32000 &
[1] 1275378
root@eve-ng:/opt/unetlab#

The options for socat are the following:

  • EXEC:<cmd>,pty to say socat to start a process executing <cmd> allocating a pseudo-terminal pty attached to its STDIN/STDOUT (socat actually opens the master side multiplexer /dev/ptmx and then the fd for the pseudo-terminal pair's master ptm)

  • TCP4-LISTEN:32000 to say socat to open a tcp socket listening on port 32000

Indeed, in another terminal you can check:

root@eve-ng:~# tty
/dev/pts/5
root@eve-ng:~#
root@eve-ng:~# ps -ef | grep attach
root     1275378 1210230  0 08:43 pts/2    00:00:00 socat EXEC:/usr/bin/docker attach afe29573-0030-4a69-8b3e-c04ededa8db7-0-4,pty TCP4-LISTEN:32000
root     1275379 1275378  0 08:43 pts/2    00:00:00 /usr/bin/docker attach afe29573-0030-4a69-8b3e-c04ededa8db7-0-4
root@eve-ng:~#

docker attach actually attaches to a process running inside the container executing the exec executable, by the way you can see pts/1 is allocated to it (the container indeed was created using docker create -it)

root@eve-ng:~# ps -ef | grep exec
root     1284441  731051  2 08:52 pts/1    00:00:00 exec
root     1284583 1222614  0 08:53 pts/5    00:00:00 grep --color=auto exec
root@eve-ng:~#

The problem I'm facing to is that connecting to the tcp socket 127.0.0.1:32000 from a telnet client, the login process inside the container (exec) doesn't work as expected. It seems the username typed in (carlo) is repeated again not allowing to successfully login into the container.

Username: carlo
carlo
Password:
RP/0/RP0/CPU0:Jun 20 09:00:59.739 UTC: exec[68424]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from 'console' on 'con0_RP0_CPU0'

User Access Verification

Username:

Can you help me in understanding why ? Thanks.

P.s. digging into it using strace I noticed that socat actually reads from the relevant fd (of type tcp socket) twice instead of just once.

Improve this question
2
  • Any idea, yes. Good idea, no. I tried to replicate your problem and found that the problematic part seem to be the pty. But I could not figure why exactly works this borken. If you require the pty and cannot use a simple exec instead you may try the additional option rawer (so EXEC:<command>,pty,rawer). Maybe its the echo which screws you. Another option you might try instead of rawer is echo=0 because rawer also seem to affect the handling of `\r\n' line ends send by telnet. Commented Jun 23 at 8:16
  • @PaulPazderski thanks for replying. Yes, I tried also adding echo=0 option (EXEC:<cmd>,pty,echo=0) without luck. Commented Jun 23 at 11:51

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.