FreeBSD Manual Pages
SPIPED(1) spiped README SPIPED(1) NAME spiped - secure pipe daemon SYNOPSIS spiped {-e | -d} -s <source socket> -t <target socket> -k <key file> [-DFj] [-b <bind address>] [-f | -g] [-n <max # connections>] [-o <connection timeout>] [-p <pidfile>] [-r <rtime> | -R] [--syslog] [-u <username> | <:groupname> | <username:groupname>] spiped -v OPTIONS -e Take unencrypted connections from the source socket and send en- crypted connections to the target socket. -d Take encrypted connections from the source socket and send unen- crypted connections to the target socket. -s <source socket> Address on which spiped should listen for incoming connections. The accepted formats are the same as the ones accepted by target socket. Note that contrary to target socket hostnames are re- solved when spiped is launched and are not re-resolved later; thus if DNS entries change spiped will continue to accept con- nections at the expired address. -t <target socket> Address to which spiped should connect. Must be in one of the following formats: • /absolute/path/to/unix/socket • host.name:port • [ip.v4.ad.dr]:port • [ipv6::addr]:port Hostnames are re-resolved every rtime seconds. -k <key file> Use the provided key file to authenticate and encrypt. Pass "-" to read from standard input. -b <bind address> Bind the outgoing address. If this is a network address, the port number may either be specified or left to the operating system. If you specify the port number, the operating system will not permit you to open a second connection until the first one has completely expired (i.e. the TCP state is no longer in the TIME-WAIT state). -D Wait for DNS. Normally when spiped is launched it resolves ad- dresses and binds to its source socket before the parent process returns; with this option it will daemonize first and retry failed DNS lookups until they succeed. This allows spiped to launch even if DNS isn't set up yet, but at the expense of los- ing the guarantee that once spiped has finished launching it will be ready to create pipes. -f Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup by disabling the Diffie-Hellman handshake, at the expense of losing perfect forward secrecy. -g Require perfect forward secrecy by dropping connections if the other host is using the -f option. -F Run in foreground. This can be useful with systems like daemon- tools. -j Disable transport layer keep-alives. (By default they are en- abled.) -n <max # connections> Limit on the number of simultaneous connections allowed. A value of 0 indicates that no limit should be imposed; this may be inadvisable in some circumstances, since spiped will termi- nate if it fails to allocate memory for handling a new connec- tion. Defaults to 100 connections. -o <connection timeout> Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connec- tion dropped) if not completed. Defaults to 5s. -p <pidfile> File to which spiped's process ID should be written. Defaults to source socket.pid (in the current directory if source socket is not an absolute path). No file will be written if -F (run in foreground) is used. -r <rtime> Re-resolve the address of target socket every rtime seconds. Defaults to re-resolution every 60 seconds. -R Disable target address re-resolution. --syslog After daemonizing, send warnings to syslog instead of stderr. Has no effect if -F (run in foreground) is used. -u <username> | <:groupname> | <username:groupname> After binding a socket, change the user to username and/or the group to groupname. -v Print version number. SIGNALS spiped provides special treatment of the following signals: SIGTERM On receipt of the SIGTERM signal spiped will stop accepting new connections and exit once there are no active connections left. SEE ALSO spipe(1). spiped 1.6.4 April 02, 2025 SPIPED(1)
NAME | SYNOPSIS | OPTIONS | SIGNALS | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=spiped&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>