v4.0.0-alpha3

Links

• Websocat4 documentation - tracks the websocat4 branch, not specific to the release.
• Missing Websocat1 features list for voting.

Notes for pre-built files

• i686-unknown-linux-musl lacks TLS support
• arm-unknown-linux-musleabi uses Rustls instead of OpenSSL
• Other Linux and the FreeBSD executable embed OpenSSL 3.5.4.
• Windows and Mac should use native TLS.

Changelog

compared to v4.0.0-alpha2:

New endpoints:

• zero: - like /dev/zero
• mirror: - both for byte streams and for datagrams
• registry-send: to aid --compose mode.
• registry-datagram-{listen,connect}:

New overlays:

• write-splitof: to divert outgoing datagrams to other chain (specified using --write-splitoff option).
• defragment: to cache datagram fragments and propagate the whole thing.
• tee: to also write datagrams (and maybe read) to other chain

New options:

• --filter and --filter-reverse to construct circuits of more than two endpoints.
• --async-fd-force to use even non-epoll-able async-fd:s.
• --enable-sslkeylog (only for Rustls mode)
• --separator-inline to leave \ns inside WebSocket messages
• A lot of socket options for TCP (including setting up keepalive) and UDP (including for multicast)
• --tcp-race-interval-ms - happy eyeballs TCP client race is now paced by 20ms by default.

Other changes:

• More thorough tests with the help of mock_stream_socket: endpoint
• Exit code of Websocat process now indicates what stage of WebSocket client mode has failed.

Maintainance release

Changes

• Switched from a dedicated release script to generic one (so no _max variants anymore, no _nossl postfix for filenames), a bit more platforms though.
• In verbose mode, Websocat1 now prints response headers
• Updated OpenSSL for pre-built executables where it is used.

Notes about pre-bult executables

• i686-unknown-linux-musl, arm-unknown-linux-musleabi, loongarch64-unknown-linux-musl and riscv64gc-unknown-linux-musl lack TLS support, as it is tricky to cross-compile. Note that for previous version (1.14.0) arm-unknown-linux-musleabi does have OpenSSL. As there are few changes between 1.14.0 and 1.14.1, it is recommended to just use the previous version.
• Other Linux and the FreeBSD executables embed OpenSSL 3.5.4.
• Windows and Mac should use native TLS.

Other notes

• You are invited to try Websocat4 and file bugs for broken things and/or vote for features to be ported from Websocat1.

Second preview of Websocat4

TLS

• Linux, FreeBSD and Android builds are based on OpenSSL 3.4.0
• i686-unknown-linux-musl does not have TLS support
• Mac and Windows builds should use native TLS support

Documentation

• Websocat4 documentation - it describes some unreleased things too, not only that in 4.0.0-alpha2.
• doc.md is a documentation specifically for 4.0.0-alpha2.

Changelog

Comparing to v4.0.0-alpha1, Websocat4 gained:

ported from Websocat1

• --oneshot to serve just one connection
• protection from excessively large messages that may overflow memory (it works not the same as in Websocat1 though)
• random: endpoint
• lengthprefixed: overlay
• --inhibit-pongs
• --stdout-announce-listening-ports
• Ability to inherit socket listeners and other async FDs from parent process, e.g. SystemD
• reuse-raw:
• readfile:, writefile:, appendfile: (with some additional features for writefile:)
• --origin, --ua, -0 helpers

#276 tracks progress of the porting and can sometimes serve as a migration guide.

new

• --exec-dup2 and --exec-dup2-execve to connect sockets (not WebSockets, though) obtained by Websocat4 directly to the process
• --random-seed
• Additional features for lengthprefixed: mode.
• --global-timeout-ms, --sleep-ms-before-start
• --exec-after-listen (variation of --stdout-announce-listening-ports)
• --compose mode to combine multiple Websocat invocations into one using special arithmetic.
• mock_stream_socket: to use Websocat for testing things (or test Websocat itself).
• "Registry"-based connections within Websocat (for tests and --compose mode)

Nearing sunset

Websocat v1's dependencies are getting increasingly obsolete; Websocat v1 may be nearing EOL. There will probably be future releases from v1 branch, but users of Websocat should start thinking about switching to future's Websocat4. First step is to go through #276 and submit reactions to the features you use in Websocat1. You are also welcome to try the v4.0.0-alpha1 release and report if something is wrong (besides missing features).

Changelog:

• Attempt to priorize ping requests and replies over normal traffic
• More options to supply password for basic auth: --basic-auth-file and WEBSOCAT_BASIC_AUTH
• drop_on_backpressure: overlay to ignore content when writing is too slow
• --ua shortcut for -H User-Agent:
• SOCKS5 authentication

Prebuilt Linux, FreeBSD and Android executables should contain OpenSSL version 3.4.0.

Update: Added websocat.arm-unknown-linux-musleabi per user request.

First prerelease of Websocat4

First preliminary release of Websocat4 - rewritten Websocat.

• Not all features are supported. Vote for features to be ported at #276 . This issue may also serve as a migration guide in some cases.
• Websocat1 is still the recommended version. Personally I still use Websocat1 when I need websockets. There will be a 1.14.0 release soon.
• Unfortunately, v4 is more bloated than v1 and it is likely to stay that way.
• DESIGN.md explains why it is not v2.0.
• doc.md is a reference documentation.
• Pre-built Linux and Android executables contain OpenSSL v3.4.0.

You are recommended to try this version and see if it suits you needs (and use #276 if something is missing), but stay with the v1 version for a while until stable release.

v1.13.0

Changes

• waitfordata: overlay to delay connection initiation until first data is attempted to be written to it
• Dockerfile updates
• lengthprefixed: overlay - binary alternative to base64 mode
• Fix for #23 - "happy eyeballs" for ws:// and wss:// URLs.

Full Changelog: v1.12.0...v1.13.0

Most files are not tested, except of one manual websocat wss://ws.vi-server.org/mirror smoke-check.

Linux, Android and Freebsd builds embed OpenSSL version 3.2.1.

Maintainance release

• Option to stop sending or replying to WebSocket pings after specified amount of sent or received pings (for testing idling disconnection behaviour of counterparts).
• --exec-exit-on-disconnect
• Print Location: header value in error message when facing a redirect instead of a WebSocket connection.
• Other minor fixes
• Some pre-built artifacts should contain OpenSSL version 3.1.2

Note that arm-unknown-linux-musleabi version is flawed. Use previous release if you need a static version.

Still keeping v1 afloat instead of concentrating on v3

Changelog

• --preamble (-p) options to prepend static text to Websocat sessions. For use to authenticate and subscribe to something over WebSocket. Note that specifying passwords on command line may be insecure. Also command line handling around -p is finicky. There is also --preamble-reverse (-P) option to prepend similar chunk in the reverse direction.
• --compress-{zlib,deflate,gzip} and respective --uncompress-... options to modify binary WebSocket messages going to/from a WebSocket. Note that it is not related to permessage-deflate, which does similar thing, but on lower level.
• exit_on_specific_byte: overlay to trigger exit when specific byte is encountered. For interactive tty usage.
• --client-pkcs12-der to specify client identity certificate for connecting to wss:// or ssl: that requires mutual authentication.
• openssl-probe is now active by default on Linux, to support for overriding CA lists using environment variables.
• Incoming WebSocket frames and message are now limited by default, to prevent memory stuffing denial of service. But the default limit is big (100 megabytes). Use --max-ws-frame-length and --max-ws-message-length options to override.
• Cargo.lock is now oriented for building with modern Rust compiler. There is Cargo.lock.legacy with dependencies manually locked to versions that support Rust 1.46.0.

Release artifacts

(downloads below the table)

File	TLS support	Tested by author	Notes
websocat.x86_64-unknown-linux-musl	built-in OpenSSL 1.1.1q	no
websocat.x86_64-apple-darwin	uses system crypto	no
websocat.x86_64-pc-windows-gnu.exe	uses system crypto	no	Malware scanners detect problems with this file for some reason. Use the next file as an alternative.
websocat_rebuild.x86_64-pc-windows-gnu.exe	uses system crypto	no	rebuilt due #172
websocat.i686-pc-windows-gnu.exe	uses system crypto	no
websocat.aarch64-linux-android	built-in OpenSSL 1.1.1q	no
websocat.armv7-linux-androideabi	built-in OpenSSL 1.1.1q	no
websocat.arm-unknown-linux-musleabi	built-in OpenSSL 1.1.1q	no
websocat.aarch64-unknown-linux-musl	built-in OpenSSL 1.1.1q	no
websocat.x86_64-unknown-freebsd	built-in OpenSSL 1.1.1q	no	Contains additional features
websocat_nossl.i686-unknown-linux-musl	none	no	see some previous release notes for the reason of why no ssl
websocat_max.x86_64-unknown-linux-musl	built-in OpenSSL 1.1.1q	no	Contains additional features
websocat_max.aarch64-unknown-linux-musl	built-in OpenSSL 1.1.1q	no	Contains additional features
websocat_mini.x86_64-unknown-linux-gnu	depends on libssl.so.1.1	no	panic_immeidate_abort, system TLS, upx
websocat.riscv64gc-unknown-linux-musl	built-in OpneSSL 1.1.1t	no	panic_immeidate_abort, a bit newer code
debug.7z			unstripped versions of all executables above

The table may be updated in future.

Some fixes, some features.

Changelog

• Add --close-status-code and --close-reason
• Fix --queue-len option that took no effect
• Fix racing to connect to multiple resolved addresses in tcp: specifier (i.e. "happy eyeballs") - now it skips errors if there is a working connection. This does not fix ws://localhost unfortunately.
• crypto: overlay and associated options
• prometheus: overlay and associated options
• random: specifier

Release artifacts

(downloads below the table)

File	TLS support	Tested by author	Notes
websocat.x86_64-unknown-linux-musl	built-in OpenSSL 1.1.1n	using similar build myself
websocat.x86_64-pc-windows-gnu.exe	uses system crypto	no
websocat.x86_64-apple-darwin	uses system crypto	no
websocat.i686-pc-windows-gnu.exe	uses system crypto	no
websocat.aarch64-linux-android	built-in OpenSSL 1.1.1n	basic test only
websocat.armv7-linux-androideabi	built-in OpenSSL 1.1.1n	basic test only
websocat.arm-unknown-linux-musleabi	built-in OpenSSL 1.1.1n	basic test only
websocat.aarch64-unknown-linux-musl	built-in OpenSSL 1.1.1n	no
websocat.x86_64-unknown-freebsd	built-in OpenSSL 1.1.1n	basic test only
websocat_nossl.i686-unknown-linux-musl	none	basic test only	see some previous release notes for the reason of why no ssl
debug.7z			unstripped versions of all executables above

Early preview of future's Websocat.

You are recommended to use Websocat 1.9.0, not this release. This release does not necessarily preclude Websocat 1.10.0 in the future.

This release showcases rewritten Websocat using Tokio 1, Hyper 0.14 and Tungstenite instead of legacy dependencies. This opens up a world of QUIC, rfc8441 and other new things to keep Websocat relevant. A lot of features from Websocat1 are not yet implemented, CLI UI compatibility with Websocat1 is also not implemented yet. Help is partially implemented. Book is just started. Release artifacts build script is not dockerised.

It's "3.0" instead of "2.0" because of Websocat2 was supposed to be version based on Tokio 0.2 + Hyper 0.12 (or Hyper-less), split to multiple crates; but that was abandoned.

websocat3.i686-pc-windows-gnu, websocat3.x86_64-apple-darwin and websocat3.x86_64-pc-windows-gnu are built against native-tls, all the rest is built against rustls + webpki-roots.