socat running on ws - called from ?


I see socat running on whonix-workstation. I’m not objecting, I’m just curious as to what’s starting it.

netstat says rinetd has the ports, ps shows socat running the ports. Is rinetd calling socat?

Tor Browser?


D’OH. OK, so started by /usr/lib/anon-ws-disable-stacked-tor/socat-unix-sockets

So, what’s happening here / how is this working - rinetd does the redirecting, and socat does the catching / content processing? er, rinet redirects and socat is the actual listener, redirecting elsewhere?


No idea. My search skills are better than my comprehension skills. Maybe this helps: https://www.whonix.org/wiki/Dev/Whonix_Packages#anon-ws-disable-stacked-tor

rinetd (soon to be replaced by socat) listens on Tor’s default ports. system Tor’s, and TBB’s,, which prevents the default Tor Browser Bundle or Tor package by The Tor Project from opening these default ports, which will result in Tor failing to open its listening port and therefore exiting, thus preventing Tor over Tor.


The rationale becomes clear in the following ticket.

TBB's use of SocksSocket will break Whonix's Tor Browser implementation

It’s not fully functional / in use yet, because it’s not clear yet how TPO will proceed. However, when TBB starts using SocksSocket, half of the implementation will be already done. And this may require a stable upgrade. The delete to be introduced then will be smaller.


Perfect, thanks for that / pointing me to the right link.

So, in essence, socat is being run as a dummy to capture control of the ports before tor can.

But I’m still missing how rinetd can come along and wrest control of those ports from socat to do its own thing. Hmmm.

Race condition? i.e. rinetd gets there first (so socat calls fail - yet, why still running?), on ws, and does the desired, while rinetd not set to run on gateway (?), where tor has the ports, as desired - as tor over tor isn’t an issue there?


rinetd / socat currently are unrelated. One does not start the other.

rinetd is the existing solution to get workstation port 9150 redirected to the gateway 9150 etc.

In future, rinetd should be replaced with scoat. ( https://phabricator.whonix.org/T464

socat unix domain sockets are currently in place to cope up with TBB’s upcoming SocksSocket feature. To get the unix domain socket running on the workstation redirected a gateway Tor port in future.


I’m not following something, then.

I see, running ps on ws, socat’s such as: socat -t100 UNIX-LISTEN:/var/run/anon-ws-disable-stacked-tor/,mode=777,reuseaddr,fork TCP4:

- which feels like it’s setting up a listener on localhost:9050

rinetd.conf has: 9050 9050

and netstat shows: tcp* LISTEN /rinetd

So I’m missing something. Is socat not setting up a listener? (Getting superseded by rinet?)


Socat opens a unix domain socket listener file /var/run/anon-ws-disable-stacked-tor/ And forwards to local port 9050. No port listener.

Rinetd creates a local port listener on 9050.

As an exercise of de-mystification.

sudo service anon-ws-disable-stacked-tor stop

sudo bash -x /usr/lib/anon-ws-disable-stacked-tor/socat-unix-sockets

Learn the actual command being run is the following.

socat -t100 UNIX-LISTEN:/var/run/anon-ws-disable-stacked-tor/,mode=777,reuseaddr,fork TCP4:

Run that command in some non-Whonix VM and see what it does. (Make sure the var run … folder exists.)


D’OH. socat listening to file, not port. Thanks.

So, socat listens to file, forwards to port, rinet listens to port, redirecting as configured.