Provided by: spiped_1.6.0-4_amd64 bug


       spiped - secure pipe daemon


       spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
       [-DFj]  [-f  |  -g]  [-n <max # connections>] [-o <connection timeout>] [-p <pidfile>] [-r
       <rtime> | -R]
       spiped -v


       -e     Take unencrypted connections from the source socket and send encrypted  connections
              to the target socket.

       -d     Take  encrypted connections from the source socket and send unencrypted connections
              to the target socket.

       -s <source socket>
              Address on which spiped should  listen  for  incoming  connections.   The  accepted
              formats  are the same as the ones accepted by target socket.  Note that contrary to
              target socket hostnames are resolved when  spiped  is  launched  and  are  not  re-
              resolved  later;  thus  if  DNS  entries  change  spiped  will  continue  to accept
              connections at the expired address.

       -t <target socket>
              Address to which spiped should connect.  Must be in one of the following formats:

       ·      /absolute/path/to/unix/socket


       ·      []:port

       ·      [ipv6::addr]:port

              Hostnames are re-resolved every rtime seconds.

       -k <key file>
              Use the provided key file to authenticate and  encrypt.   Pass  "-"  to  read  from
              standard input.

       -D     Wait  for DNS.  Normally when spiped is launched it resolves addresses and binds to
              its source socket before the parent process  returns;  with  this  option  it  will
              daemonize  first  and  retry  failed  DNS  lookups until they succeed.  This allows
              spiped to launch even if DNS isn't set up yet, but at the  expense  of  losing  the
              guarantee that once spiped has finished launching it will be ready to create pipes.

       -f     Use  fast/weak  handshaking:  This  reduces  the  CPU  time  spent  in  the initial
              connection setup by disabling the  Diffie-Hellman  handshake,  at  the  expense  of
              losing perfect forward secrecy.

       -g     Require  perfect forward secrecy by dropping connections if the other host is using
              the -f option.

       -F     Run in foreground.  This can be useful with systems like daemontools.

       -j     Disable transport layer keep-alives.  (By default they are enabled.)

       -n <max # connections>
              Limit on the number of simultaneous connections allowed.  A value  of  0  indicates
              that  no  limit  should  be imposed; this may be inadvisable in some circumstances,
              since spiped will terminate if it fails to  allocate  memory  for  handling  a  new
              connection.  Defaults to 100 connections.

       -o <connection timeout>
              Timeout,  in seconds, after which an attempt to connect to the target or a protocol
              handshake will be aborted (and the connection dropped) if not completed.   Defaults
              to 5s.

       -p <pidfile>
              File to which spiped's process ID should be written.  Defaults to source
              (in the current directory if source socket is not an absolute path).  No file  will
              be written if -F (run in foreground) is used.

       -r <rtime>
              Re-resolve  the  address  of  target  socket  every rtime seconds.  Defaults to re-
              resolution every 60 seconds.

       -R     Disable target address re-resolution.

       -v     Print version number.


       spiped provides special treatment of the following signals:

              On receipt of the SIGTERM signal spiped will stop  accepting  new  connections  and
              exit once there are no active connections left.