.\"- .\" Copyright (c) 2012 Andreas Olsson .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .TH SPIPED 1 "September 7, 2014" "spiped 1.4.1" "spiped README" .SH NAME spiped \- secure pipe daemon .SH SYNOPSIS .B spiped {\-e | \-d} \-s \-t \-k .br [\-DFj] [\-f | \-g] [\-n ] [\-o ] [\-p ] [\-r | \-R] .SH OPTIONS .TP .B \-e Take unencrypted connections from the source socket and send encrypted connections to the target socket. .TP .B \-d Take encrypted connections from the source socket and send unencrypted connections to the target socket. .TP .B \-s Address on which spiped should listen for incoming connections. Must be in one of the following formats: /absolute/path/to/unix/socket host.name:port [ip.v4.ad.dr]:port [ipv6::addr]:port Note that hostnames are resolved when spiped is launched and are not re\-resolved later; thus if DNS entries change spiped will continue to connect to the expired address. .TP .B \-t Address to which spiped should connect. .TP .B \-k Use the provided key file to authenticate and encrypt. .TP .B \-D Wait for DNS. Normally when spiped is launched it resolves addresses and binds to its source socket before the parent process returns; with this option it will daemonize first and retry failed DNS lookups until they succeed. This allows spiped to launch even if DNS isn't set up yet, but at the expense of losing the guarantee that once spiped has finished launching it will be ready to create pipes. .TP .B \-f Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy. .TP .B \-g Require perfect forward secrecy by dropping connections if the other host is using the \-f option. .TP .B \-F Run in foreground. This can be useful with systems like daemontools. .TP .B \-j Disable transport layer keep-alives. (By default they are enabled.) .TP .B \-n Limit on the number of simultaneous connections allowed. This value must be between 1 and 500. Defaults to 100 connections. .TP .B \-o Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed. Defaults to 5s. .TP .B \-p File to which spiped's process ID should be written. Defaults to .pid (in the current directory if is not an absolute path). .TP .B \-r Re-resolve the address of every seconds. Defaults to re-resolution every 60 seconds. .TP .B \-R Disable target address re-resolution. .SH SEE ALSO .BR spipe (1).