bionic (1) spiped.1.gz

Provided by: spiped_1.6.0-2build1_amd64 bug

NAME
       spiped - secure pipe daemon


SYNOPSIS
       spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
       [-DFj] [-f | -g] [-n <max # connections>] [-o <connection timeout>] [-p <pidfile>] [-r <rtime> | -R]
       spiped -v


OPTIONS
       -e     Take  unencrypted  connections from the source socket and send encrypted connections to the target
              socket.

       -d     Take encrypted connections from the source socket and send unencrypted connections to  the  target
              socket.

       -s <source socket>
              Address on which spiped should listen for incoming connections.  The accepted formats are the same
              as the ones accepted by target socket.  Note that contrary to target socket hostnames are resolved
              when  spiped  is  launched  and  are not re-resolved later; thus if DNS entries change spiped will
              continue to accept connections at the expired address.

       -t <target socket>
              Address to which spiped should connect.  Must be in one of the following formats:

       •      /absolute/path/to/unix/socket

       •      host.name:port

       •      [ip.v4.ad.dr]:port

       •      [ipv6::addr]:port

              Hostnames are re-resolved every rtime seconds.

       -k <key file>
              Use the provided key file to authenticate and encrypt.  Pass "-" to read from standard input.

       -D     Wait for DNS.  Normally when spiped is launched it resolves addresses  and  binds  to  its  source
              socket  before  the  parent  process  returns;  with this option it will daemonize first and retry
              failed DNS lookups until they succeed.  This allows spiped to launch even if DNS isn't set up yet,
              but  at  the  expense  of  losing the guarantee that once spiped has finished launching it will be
              ready to create pipes.

       -f     Use fast/weak handshaking: This reduces the CPU time spent in  the  initial  connection  setup  by
              disabling the Diffie-Hellman handshake, at the expense of losing perfect forward secrecy.

       -g     Require perfect forward secrecy by dropping connections if the other host is using the -f option.

       -F     Run in foreground.  This can be useful with systems like daemontools.

       -j     Disable transport layer keep-alives.  (By default they are enabled.)

       -n <max # connections>
              Limit  on  the  number  of simultaneous connections allowed.  A value of 0 indicates that no limit
              should be imposed; this may be inadvisable in some circumstances, since spiped will  terminate  if
              it fails to allocate memory for handling a new connection.  Defaults to 100 connections.

       -o <connection timeout>
              Timeout,  in seconds, after which an attempt to connect to the target or a protocol handshake will
              be aborted (and the connection dropped) if not completed.  Defaults to 5s.

       -p <pidfile>
              File to which spiped's process ID should be  written.   Defaults  to  source  socket.pid  (in  the
              current  directory  if source socket is not an absolute path).  No file will be written if -F (run
              in foreground) is used.

       -r <rtime>
              Re-resolve the address of target socket every rtime seconds.  Defaults to re-resolution  every  60
              seconds.

       -R     Disable target address re-resolution.

       -v     Print version number.


SIGNALS
       spiped provides special treatment of the following signals:

       SIGTERM
              On  receipt  of  the SIGTERM signal spiped will stop accepting new connections and exit once there
              are no active connections left.


SEE ALSO
       spipe(1).