Provided by: spiped_1.6.2-3_amd64 bug

NAME

       spiped - secure pipe daemon

SYNOPSIS

       spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
       [-DFj] [-f | -g] [-n <max # connections>] [-o <connection timeout>]
       [-p <pidfile>] [-r <rtime> | -R] [--syslog]
       [-u <username> | <:groupname> | <username:groupname>]
       spiped -v

OPTIONS

       -e     Take  unencrypted connections from the source socket and send encrypted connections
              to the target socket.

       -d     Take encrypted connections from the source socket and send unencrypted  connections
              to the target socket.

       -s <source socket>
              Address  on  which  spiped  should  listen  for incoming connections.  The accepted
              formats are the same as the ones accepted by target socket.  Note that contrary  to
              target  socket  hostnames  are  resolved  when  spiped  is launched and are not re-
              resolved later;  thus  if  DNS  entries  change  spiped  will  continue  to  accept
              connections at the expired address.

       -t <target socket>
              Address to which spiped should connect.  Must be in one of the following formats:

       •      /absolute/path/to/unix/socket

       •      host.name:port

       •      [ip.v4.ad.dr]:port

       •      [ipv6::addr]:port

              Hostnames are re-resolved every rtime seconds.

       -k <key file>
              Use  the  provided  key  file  to  authenticate and encrypt.  Pass "-" to read from
              standard input.

       -D     Wait for DNS.  Normally when spiped is launched it resolves addresses and binds  to
              its  source  socket  before  the  parent  process returns; with this option it will
              daemonize first and retry failed DNS  lookups  until  they  succeed.   This  allows
              spiped  to  launch  even  if DNS isn't set up yet, but at the expense of losing the
              guarantee that once spiped has finished launching it will be ready to create pipes.

       -f     Use fast/weak  handshaking:  This  reduces  the  CPU  time  spent  in  the  initial
              connection  setup  by  disabling  the  Diffie-Hellman  handshake, at the expense of
              losing perfect forward secrecy.

       -g     Require perfect forward secrecy by dropping connections if the other host is  using
              the -f option.

       -F     Run in foreground.  This can be useful with systems like daemontools.

       -j     Disable transport layer keep-alives.  (By default they are enabled.)

       -n <max # connections>
              Limit  on  the  number of simultaneous connections allowed.  A value of 0 indicates
              that no limit should be imposed; this may be  inadvisable  in  some  circumstances,
              since  spiped  will  terminate  if  it  fails to allocate memory for handling a new
              connection.  Defaults to 100 connections.

       -o <connection timeout>
              Timeout, in seconds, after which an attempt to connect to the target or a  protocol
              handshake  will be aborted (and the connection dropped) if not completed.  Defaults
              to 5s.

       -p <pidfile>
              File to which spiped's process ID should be written.  Defaults to source socket.pid
              (in  the current directory if source socket is not an absolute path).  No file will
              be written if -F (run in foreground) is used.

       -r <rtime>
              Re-resolve the address of target socket  every  rtime  seconds.   Defaults  to  re-
              resolution every 60 seconds.

       -R     Disable target address re-resolution.

       --syslog
              After  daemonizing, send warnings to syslog instead of stderr.  Has no effect if -F
              (run in foreground) is used.

       -u <username> | <:groupname> | <username:groupname>
              After binding a socket, change the user to username and/or the group to groupname.

       -v     Print version number.

SIGNALS

       spiped provides special treatment of the following signals:

       SIGTERM
              On receipt of the SIGTERM signal spiped will stop  accepting  new  connections  and
              exit once there are no active connections left.

SEE ALSO

       spipe(1).