Spiped is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
Home Page: http://www.tarsnap.com/spiped.html
License: Other
Tarsnap is a secure, efficient online backup service: "Online backups for the truly paranoid".
❗ We strongly recommend that people follow the installation instructions at https://www.tarsnap.com/download.html to use an official release.
This repository is intended for developers who may wish to watch changes in progress, investigate bugs, or test new (unreleased) features.
A list of major changes in each version is given in NEWS.md.
If you would like to compile Tarsnap manually, see BUILDING.
spipe appears to hang when it's pointed at an unreachable socket:
$ ./spipe/spipe -t /bad-sock-name -k /dev/null
spipe: Could not connect
(the same applies for an IP address that isn't in use, such as 192.168.2.123:8001 on my local network)
It's easy to cancel it with ^C, but it would be nicer if it could quit by itself (with exit code 1, rather than 130 for the SIGINT I sent it manualy).
Requested by tblackwell.
Original issue reported on code.google.com by [email protected] on 9 Sep 2011 at 3:03
Line 98 has ENOENT instead of EINTR:
while(write(fd[1], &dummy, 1) == -1) {
if(errno == ENOENT)
continue;
/* ... */
}
btw, thank you for writing spiped -- I'm not going to use it atm, but the code
is definitely pleasant to read!
Original issue reported on code.google.com by [email protected] on 5 Jul 2011 at 4:03
Off by default since I normally want a pipe to exist at the point that the
parent spiped process exits, but for pipes created at boot time this could be
useful.
Original issue reported on code.google.com by [email protected] on 9 Sep 2011 at 3:01
Hi Again,
I suspect this is a variation on the compile errors with OpenSUSE I opened an issue for last November, and again related to quirks in the host OS, but would be grateful for any guidance.
I'm trying to compile spiped for a legacy SLES 11 SP3 host. The "posix_cc" package is installed along with gcc and it's list of partner packages.
If I cd into the extracted spiped tarball directory and just run 'make install' I get:
xapps-dev2root@xapps-dev2:~/spiped-1.6.0# make install
export CFLAGS="${CFLAGS:--O2}"; \
export LDADD_POSIX=`export CC="cc"; cd libcperciva/POSIX && command -p sh posix-l.sh "$PATH"`; \
export CFLAGS_POSIX=`export CC="cc"; cd libcperciva/POSIX && command -p sh posix-cflags.sh "$PATH"`; \
. ./cpusupport-config.h; \
for D in spiped spipe tests/nc-client tests/nc-server tests/valgrind; do \
( cd ${D} && make all ) || exit 2; \
done
WARNING: POSIX violation: /bin/bash's command -p resets $PATH
WARNING: POSIX violation: make's CC doesn't understand -lxnet
WARNING: POSIX violation: /bin/bash's command -p resets $PATH
WARNING: POSIX violation: cc does not accept 'restrict' keyword
/root/spiped-1.6.0/spiped
make[1]: Entering directory `/root/spiped-1.6.0/spiped'
cc -O2 /root/spiped-1.6.0/libcperciva/POSIX
/root/spiped-1.6.0/libcperciva/POSIX: file not recognized: Is a directory
collect2: ld returned 1 exit status
make[1]: *** [main.o] Error 1
make[1]: Leaving directory `/root/spiped-1.6.0/spiped'
make: *** [all] Error 2
xapps-dev2root@xapps-dev2:~/spiped-1.6.0#
This time the "cc -O2" doesn't seem to be the problem, as it was for OpenSUSE.
I've also tried 'CC="gcc -std=c99" make install' on a guess from your previous posts, and the process makes it considerably further before failing at the same "file not recognized" error.
Again, any guidance would be great...
Randy
Seattle
Trying to launch spiped in k8s and have a problem:
spiped: WARNING: Applying workaround for Docker signal-handling bug
spiped: Error looking up [0.0.0.0]: Name does not resolve
spiped: Error resolving socket address: [0.0.0.0]:6379
Dockerfile
FROM alpine:3.8
RUN addgroup -S spiped \
&& adduser -S -G spiped spiped
RUN apk add --no-cache libssl1.0
ENV SPIPED_DOWNLOAD_URL https://www.tarsnap.com/spiped/spiped-1.6.0.tgz
ENV SPIPED_DOWNLOAD_SHA256 e6f7f8f912172c3ad55638af8346ae7c4ecaa92aed6d3fb60f2bda4359cba1e4
RUN set -x \
&& apk add --no-cache --virtual .build-deps \
curl \
gcc \
make \
musl-dev \
openssl-dev \
tar \
&& curl -fsSL "$SPIPED_DOWNLOAD_URL" -o spiped.tar.gz \
&& echo "$SPIPED_DOWNLOAD_SHA256 *spiped.tar.gz" |sha256sum -c - \
&& mkdir -p /usr/local/src/spiped \
&& tar xzf "spiped.tar.gz" -C /usr/local/src/spiped --strip-components=1 \
&& rm "spiped.tar.gz" \
&& CC=gcc make -C /usr/local/src/spiped \
&& make -C /usr/local/src/spiped install \
&& rm -rf /usr/local/src/spiped \
&& apk del .build-deps
WORKDIR /opt
USER spiped:spiped
ENTRYPOINT ["/usr/local/bin/spiped"]
k8s
spec:
containers:
- name: spiped
image: 1.2.3.4/spiped:latest
ports:
- name: tcp
containerPort: 6379
args:
- '-F'
- '-e'
- '-s [0.0.0.0]:6379'
- '-t [1.2.3.4]:16379'
- '-k /opt/spiped.key'
- '-o 30
Not trying to rip down your tool or say that it isn't necessary, it just seems that IPSec tunnels would be more suitable within the scheme that you're creating here with Tarsnap. https://github.com/Tarsnap/spiped
Specifically, I'm referring to LibreSwan or StrongSwan (either or)
Forgive my ignorance if I'm wrong on this. And if I am, I would definitely love to be enlightened. Perhaps I'm not understanding correctly here.
How to run it on Windows?
Hi there,
Could you please explain how I get spiped working with ssh?
I see vague terms like "firewall off port 22", so does that mean I need to edit the sshd_config? I DO have sshd listening on port 8022, but that doesn't make a difference. Having it on port 22 didn't seem to connect either.
I have this process running on a computer as the server:
spiped -d -s [0.0.0.0]:8022 -t [127.0.0.1]:22 -k /usr/local/etc/ssh/spiped.key
Here's the client .ssh/config for the client:
Host system
ProxyCommand spipe -t %h:8022 -k ~/.ssh/spiped.key
Does the key name need to contain the hostname?
When I do ssh system, this is what I see:
ssh_exchange_identification: Connection closed by remote host
Running git master on both machines. One is freebsd 11.1 and another is ubuntu-like.
client ssh: OpenSSH_7.4p1, OpenSSL 1.0.2g 1 Mar 2016
server ssh: OpenSSH_7.6p1, OpenSSL 1.0.2k-freebsd 26 Jan 2017
Looks like this wasn't adjusted when ch changed from being a character to a string?
Line 60 in 5eab671
c99 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -I.. -I../proto -I../libcperciva/alg -I../libcperciva/datastruct -I../lib/dnsthread -I../lib/util -I../libcperciva/util -I../libcperciva/cpusupport -I../libcperciva/events -I../libcperciva/network -I../libcperciva/crypto -O2 -c main.c -o main.o
c99: invalid option -- '2'
usage: c99 [-c] [-D name[=value]] [...] [-E] [-g] [-I directory ...]
[-L directory ...] [-o outfile] [-O] [-s] [-U name ...] operand ...
where operand is one or more of file.c, file.o, file.a
or -llibrary
Makefile:42: recipe for target 'main.o' failed
make: *** [all] Error 2I think it's M that is being padded, not P, right?
Original issue reported on code.google.com by [email protected] on 5 May 2012 at 9:51
Attachments:
Now that we have poll-based networking, we don't need to limit the -n parameter.
We might also want to change the default connection limit; but maybe it's safer to leave it at 100 for now and change it in a future release if users ask for it. It's just possible that someone is relying on knowing that spiped will never pass more than 100 connections through to their backend...
Hi, we are using spiped to link servers to our redis instance. The relevant commands are:
/usr/bin/spiped -e -D -g -F -k /etc/spiped/redis-client.key -s [127.0.0.1]:6379 -t [10.0.0.5]:4678
And
/usr/bin/spiped -d -g -F -k /etc/spiped/redis.key -s [0.0.0.0]:4678 -t [127.0.0.1]:6379
The two servers are on a vlan within the same hosting provider.
A cuple of times now we have experienced connection timeouts when connecting to spiped. The errors happen for about 20 seconds to 50 seconds.
We cannot seem to see anything from spiped in the logs regarding this.
So, first question is, is there a way to get Spiped to log connection errors or network problems -assuming that it is not spiped that is the problem.
The second question is; Will spiped log something if it reaches limits wrt to open files or other variables?
Take care,
Tarjei
I was just updating my spiped Docker image and wanted to incorporate the new tests during the build.
Unfortunately they fail for the Alpine based image, where ps is part of busybox:
+ make -C /usr/local/src/spiped test
make: Entering directory '/usr/local/src/spiped'
VERBOSE=1 tests/test_spiped.sh
System spiped not found.
Running tests
-------------
01-connection-open-close-single... ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
SUCCESS!
02-connection-open-timeout-single... ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
SUCCESS!
03-connection-open-close-double... ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
SUCCESS!
04-send-data-spipe... ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
SUCCESS!
05-send-data-spiped... ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
ps: bad -o argument 'command', supported arguments: user,group,comm,args,pid,ppid,pgid,etime,nice,rgroup,ruser,time,tty,vsz,stat,rss
SUCCESS!
06-send-data-system-spiped... no system spiped, or it is too old... SKIP!
make: Leaving directory '/usr/local/src/spiped'
I cannot comment on whether busybox is wrong or your assumptions are wrong, thus reporting for you to evaluate this.
PS: A quick googling shows that replacing command with comm should do what's intended.
I'm using spiped to securely connect to Postgres from a Cygwin Windows client to a Ubuntu Linux server. Unfortunately, my connection closes after 4-5 minutes. I figured maybe I was hitting the spiped timeout, so I tried using "-o 900" hoping that would at least give me 15 minutes, but there was no change. My connection remains good so long as I continually use it, but once it's idle for a stretch of 4-5 minutes, it breaks. Any suggestions?
Version 1.6.0 on CentOS 7, when I do systemctl restart [email protected], I get:
Rgp 01 15:52:20 host systemd[1]: Stopping Spipe tunnel daemon service remote1-sentinel...
Rgp 01 15:52:21 host spiped[19882]: *** Error in `/usr/local/bin/spiped': double free or corruption (!prev): 0x00000000013597a0 ***
Rgp 01 15:52:21 host spiped[19882]: ======= Backtrace: =========
Rgp 01 15:52:21 host spiped[19882]: /lib64/libc.so.6(+0x81609)[0x7f5f4ad91609]
Rgp 01 15:52:21 host spiped[19882]: /usr/local/bin/spiped[0x408d22]
Rgp 01 15:52:21 host spiped[19882]: /usr/local/bin/spiped[0x4092b9]
Rgp 01 15:52:21 host spiped[19882]: /usr/local/bin/spiped[0x402f9b]
Rgp 01 15:52:21 host spiped[19882]: /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f5f4ad32495]
Rgp 01 15:52:21 host spiped[19882]: /usr/local/bin/spiped[0x403013]
Rgp 01 15:52:21 host spiped[19882]: ======= Memory map: ========
Rgp 01 15:52:21 host spiped[19882]: 00400000-00412000 r-xp 00000000 fd:00 25524780 /usr/local/bin/spiped
Rgp 01 15:52:21 host spiped[19882]: 00611000-00612000 r--p 00011000 fd:00 25524780 /usr/local/bin/spiped
Rgp 01 15:52:21 host spiped[19882]: 00612000-00613000 rw-p 00012000 fd:00 25524780 /usr/local/bin/spiped
Rgp 01 15:52:21 host spiped[19882]: 01357000-01378000 rw-p 00000000 00:00 0 [heap]
Rgp 01 15:52:21 host spiped[19882]: 7f5f44000000-7f5f44021000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f44021000-7f5f48000000 ---p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f498ac000-7f5f498c1000 r-xp 00000000 fd:00 25838600 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
Rgp 01 15:52:21 host spiped[19882]: 7f5f498c1000-7f5f49ac0000 ---p 00015000 fd:00 25838600 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
Rgp 01 15:52:21 host spiped[19882]: 7f5f49ac0000-7f5f49ac1000 r--p 00014000 fd:00 25838600 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
Rgp 01 15:52:21 host spiped[19882]: 7f5f49ac1000-7f5f49ac2000 rw-p 00015000 fd:00 25838600 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
Rgp 01 15:52:21 host spiped[19882]: 7f5f49ac2000-7f5f49ac3000 ---p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f49ac3000-7f5f4a2c3000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a2c3000-7f5f4a2d9000 r-xp 00000000 fd:00 25838616 /usr/lib64/libresolv-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a2d9000-7f5f4a4d8000 ---p 00016000 fd:00 25838616 /usr/lib64/libresolv-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a4d8000-7f5f4a4d9000 r--p 00015000 fd:00 25838616 /usr/lib64/libresolv-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a4d9000-7f5f4a4da000 rw-p 00016000 fd:00 25838616 /usr/lib64/libresolv-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a4da000-7f5f4a4dc000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a4dc000-7f5f4a4e1000 r-xp 00000000 fd:00 25650242 /usr/lib64/libnss_dns-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a4e1000-7f5f4a6e1000 ---p 00005000 fd:00 25650242 /usr/lib64/libnss_dns-2.17.so
Rgp 01 15:52:21 host systemd[1]: [email protected]: main process exited, code=killed, status=6/ABRT
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a6e1000-7f5f4a6e2000 r--p 00005000 fd:00 25650242 /usr/lib64/libnss_dns-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a6e2000-7f5f4a6e3000 rw-p 00006000 fd:00 25650242 /usr/lib64/libnss_dns-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a6e3000-7f5f4a6ef000 r-xp 00000000 fd:00 25838603 /usr/lib64/libnss_files-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a6ef000-7f5f4a8ee000 ---p 0000c000 fd:00 25838603 /usr/lib64/libnss_files-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a8ee000-7f5f4a8ef000 r--p 0000b000 fd:00 25838603 /usr/lib64/libnss_files-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a8ef000-7f5f4a8f0000 rw-p 0000c000 fd:00 25838603 /usr/lib64/libnss_files-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a8f0000-7f5f4a8f6000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a8f6000-7f5f4a90b000 r-xp 00000000 fd:00 25838638 /usr/lib64/libz.so.1.2.7
Rgp 01 15:52:21 host spiped[19882]: 7f5f4a90b000-7f5f4ab0a000 ---p 00015000 fd:00 25838638 /usr/lib64/libz.so.1.2.7
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ab0a000-7f5f4ab0b000 r--p 00014000 fd:00 25838638 /usr/lib64/libz.so.1.2.7
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ab0b000-7f5f4ab0c000 rw-p 00015000 fd:00 25838638 /usr/lib64/libz.so.1.2.7
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ab0c000-7f5f4ab0e000 r-xp 00000000 fd:00 25524792 /usr/lib64/libdl-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ab0e000-7f5f4ad0e000 ---p 00002000 fd:00 25524792 /usr/lib64/libdl-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ad0e000-7f5f4ad0f000 r--p 00002000 fd:00 25524792 /usr/lib64/libdl-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ad0f000-7f5f4ad10000 rw-p 00003000 fd:00 25524792 /usr/lib64/libdl-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4ad10000-7f5f4aed2000 r-xp 00000000 fd:00 25279505 /usr/lib64/libc-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4aed2000-7f5f4b0d2000 ---p 001c2000 fd:00 25279505 /usr/lib64/libc-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b0d2000-7f5f4b0d6000 r--p 001c2000 fd:00 25279505 /usr/lib64/libc-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b0d6000-7f5f4b0d8000 rw-p 001c6000 fd:00 25279505 /usr/lib64/libc-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b0d8000-7f5f4b0dd000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b0dd000-7f5f4b0e4000 r-xp 00000000 fd:00 25838618 /usr/lib64/librt-2.17.so
Rgp 01 15:52:21 host systemd[1]: Stopped Spipe tunnel daemon service remote1-sentinel.
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b0e4000-7f5f4b2e3000 ---p 00007000 fd:00 25838618 /usr/lib64/librt-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b2e3000-7f5f4b2e4000 r--p 00006000 fd:00 25838618 /usr/lib64/librt-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b2e4000-7f5f4b2e5000 rw-p 00007000 fd:00 25838618 /usr/lib64/librt-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b2e5000-7f5f4b2fc000 r-xp 00000000 fd:00 25838612 /usr/lib64/libpthread-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b2fc000-7f5f4b4fb000 ---p 00017000 fd:00 25838612 /usr/lib64/libpthread-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b4fb000-7f5f4b4fc000 r--p 00016000 fd:00 25838612 /usr/lib64/libpthread-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b4fc000-7f5f4b4fd000 rw-p 00017000 fd:00 25838612 /usr/lib64/libpthread-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b4fd000-7f5f4b501000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b501000-7f5f4b736000 r-xp 00000000 fd:00 25386506 /usr/lib64/libcrypto.so.1.0.2k
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b736000-7f5f4b936000 ---p 00235000 fd:00 25386506 /usr/lib64/libcrypto.so.1.0.2k
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b936000-7f5f4b952000 r--p 00235000 fd:00 25386506 /usr/lib64/libcrypto.so.1.0.2k
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b952000-7f5f4b95f000 rw-p 00251000 fd:00 25386506 /usr/lib64/libcrypto.so.1.0.2k
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b95f000-7f5f4b963000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4b963000-7f5f4b985000 r-xp 00000000 fd:00 25166930 /usr/lib64/ld-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4bb76000-7f5f4bb7b000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4bb82000-7f5f4bb84000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7f5f4bb84000-7f5f4bb85000 r--p 00021000 fd:00 25166930 /usr/lib64/ld-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4bb85000-7f5f4bb86000 rw-p 00022000 fd:00 25166930 /usr/lib64/ld-2.17.so
Rgp 01 15:52:21 host spiped[19882]: 7f5f4bb86000-7f5f4bb87000 rw-p 00000000 00:00 0
Rgp 01 15:52:21 host spiped[19882]: 7ffd71903000-7ffd71924000 rw-p 00000000 00:00 0 [stack]
Rgp 01 15:52:21 host spiped[19882]: 7ffd71938000-7ffd7193a000 r-xp 00000000 00:00 0 [vdso]
Rgp 01 15:52:21 host spiped[19882]: ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Rgp 01 15:52:21 host systemd[1]: Unit [email protected] entered failed state.
[email protected] is a link to /etc/systemd/system/[email protected]:
[Unit]
Description=Spipe tunnel daemon service %i
After=network-online.target
[Service]
Type=simple
EnvironmentFile=/etc/spiped/%i
ExecStart=/usr/local/bin/spiped -${mode} -s ${source} -t ${target} -k ${key} -F -g
RestartSec=1
Restart=always
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
Hello
An attempt to build fails as follows:
$ make
Makefile:5: *** missing separator. Stop.
I've seen this post on stackoverflow.com regarding tabs, but cannot figure out what may be causing this failure. There don't seem to be any missing tabs for any actions.
The system has GNU Make 4.1 installed.
Please let me know if you require more info to debug this.
Thanks.
We now have a branch which allows make test to pass on GNU/Hurd: https://github.com/Tarsnap/spiped/tree/DO-NOT-MERGE-hurd
This currently has two commits:
GNU/Hurd does not support cancellation points:
This is on their list of "open issues", although much of the info is from 2013 so I don't know how accurate it is:
https://www.gnu.org/software/hurd/open_issues/libpthread_cancellation_points.html
GNU/Hurd: shutdown(2) can produce EMIG_BAD_ID
I think this is a kernel errno value, which their standard library should notice and replace with EBADF or ENOTSOCK.
These commits are not candidates for merging to spiped master.
libcperciva/util/setuidgid.c begins with
/* We use non-POSIX functionality in this file. */
#undef _POSIX_C_SOURCE
#undef _XOPEN_SOURCE
because it uses setgroups() [where possible].
Unfortunately, it also tries to use strdup(), which is a POSIX extension [1]. On FreeBSD, strdup(3) notes that
The strdup() function is specified by IEEE Std 1003.1-2001 (“POSIX.1”).
while on Linux, I see:
strdup():
_XOPEN_SOURCE >= 500
|| /* Since glibc 2.12: / _POSIX_C_SOURCE >= 200809L
|| / Glibc versions <= 2.19: */ _BSD_SOURCE || _SVID_SOURCE
[1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/strdup.html
How should I proceed?
malloc(3).I just wanted to let you know that the Docker workaround is not strictly required for Docker 1.13 any more. However it is necessary to pass a special flag to Docker in order to spawn an extra init process. See this PR in the repository for the documentation to the official Docker images for extra information: docker-library/docs#814
I'll leave it up to you whether you want to remove the workaround or not.
Official releases on www.tarsnap.com/spiped.html have POSIX-compliant Makefiles; please use those.
:warning: The git repository (including the tag-based "release" snapshots on github) uses BSD Makefiles, which may or may not work on your operating system.
These comments have been out of date since c46ceda5 I think?
Hi,
First thank you for this really great project!
The version 1.6.1 is available in the changelog file (https://github.com/Tarsnap/spiped/blob/master/CHANGELOG) but it doesn't have been released (https://github.com/Tarsnap/spiped/releases).
Is it normal or is it an oversight?
Thanks,
Adrien
clang 13.0.0's scan-build reports:
Logic error "Result of operation is garbage or undefined" in crypto_aesctr_stream_cipherblock_use.
This is discussed in Tarsnap/libcperciva#372.
TL;DR: clang doesn't realize that writing a 32-bit integer will initialize all 4 bytes.
Logic error "Assigned value is garbage or undefined" in _mm_loadu_si64 (called from cpusupport-X86-AESNI.c)
This is discussed in Tarsnap/libcperciva#423.
TL;DR: clang-scan doesn't like its own <emmintrin.h> header.
Memory error "Potential leak of memory pointed to by 'R'" in dnsthread_resolve() in lib/dnsthread/dnsthread.c. That's the struct resolve_cookie * R.
This is because R is freed in callback_resolve(). We can see from the valgrind memory test of 07-dnsthread-resolve.sh that this value is freed.
I compiled latest 1.6.0 release on CentOS 7, and running ./spipe -v shows:
spipe @VERSION@
Requested by tblackwell, makes it possible to use with daemontools.
Original issue reported on code.google.com by [email protected] on 9 Sep 2011 at 3:04
Hey
Is there official support for windows? Or, as an alternaitve, C# client? I think I will be able to write something, but I would like some help to test it.
Thnaks
Omer
Hi developers, in the below codes, the lock &T->mtx could be not released before program's exit exit(1); when noeintr_write(T->wakeupsock[0], &zero, 1) != 1 . I think there is no harm to write pthread_mutex_unlock(&T->mtx) before the exit(1); for better resource management and code symmetry. Thanks!
spiped/lib/dnsthread/dnsthread.c
Lines 107 to 120 in 5ce9cff
Best,
I need to use non default interface for outgoing connections. telnet has -b option for it:
$ telnet 10.10.10.63 8080
Trying 10.10.10.63...
telnet: connect to address 10.10.10.63: Connection timed out
$ telnet -b 10.15.0.2 10.10.10.63 8080
Trying 10.10.10.63...
Connected to 10.10.10.63.
Is it possible when using spiped?
copying my request from IRC:
<TimWolla> cperciva_, I wanted to compile Tarsnap's Debian based docker image using the recommended Debian hardening flags (https://wiki.debian.org/Hardening#dpkg-buildflags) and learned about this mailing list thread: http://mail.tarsnap.com/spiped/msg00044.html. Could you possibly revisit adding LDFLAGS as well as CPPFLAGS to your Makefiles?
You can find the patches the Debian maintainer does here: https://gitlab.com/spiped/spiped/blob/debian/debian/patches/honor-compiler-flags.patch. It's obviously not applicable to your autogenerated Makefiles, but it should give an idea what is required by the Debian project.
Thanks.
Hi There,
On a pretty stock install of OpenSUSE Leap 42.2 including gcc I'm unable to run make within the spiped directory after extracting the tarball.
Something appears to be passing invalid arguments to the "c99" command:
c99 -O2 -D_POSIX_C_SOURCE=200809L -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -I.. -I../proto -I../libcperciva/alg -I../libcperciva/datastruct -I../lib/dnsthread -I../lib/util -I../libcperciva/util -I../libcperciva/cpusupport -I../libcperciva/events -I../libcperciva/network -I../libcperciva/crypto -c main.c -o main.o
c99: invalid option -- '2'
usage: c99 [-c] [-D name[=value]] [...] [-E] [-g] [-I directory ...]
[-L directory ...] [-o outfile] [-O] [-s] [-U name ...] operand ...
where operand is one or more of file.c, file.o, file.a
or -llibrary
from the man page for c99 I can't see any way that "-O2" could be a valid argument?
What steps will reproduce the problem?
1. download spiped version from tarsnap website 1.2.1
2. tar -zvxf spiped-1.2.1.tgz
3. make
What is the expected output? What do you see instead?
compile and link successfully.
Instead of:
ld: library not found for -lrt
collect2: ld returned 1 exit status
What version of the product are you using? On what operating system?
1.2.1 on Mac OS X 10.6.8
Darwin macbookpro 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT
2011; root:xnu-1504.15.3~1/RELEASE_I386 i386
Please provide any additional information below.
To fix this issue. I removed -lrt from both spiped and spipe. They compile and
link successfully without it.
Original issue reported on code.google.com by [email protected] on 29 Sep 2012 at 9:46
Compiled latest (22cc9b4) on a couple different versions of Debian.
Segfaults pretty consistently, after the first one or two or few tunneled connections (to PostgreSQL, for the curious).
(Here, I'm aware -b 127.0.0.1 is unnecessary, but it segfaults all the same regardless of the chosen address.)
Command:
spiped -d -k /root/test.key -p /root/test.pid -s [192.168.1.2]:7700 -t [127.0.0.1]:5432 -b 127.0.0.1 -n 40
Error:
spiped: shutdown: Transport endpoint is not connected
spiped: Error running event loop
spiped: close: Bad file descriptor
Syslog:
Jan 30 21:04:21 host kernel: [11486873.888877] spiped[7300]: segfault at 29 ip 0000000000407805 sp 00007ffeefb62fb0 error 4 in spiped-22cc9b4c18[400000+17000]
Jan 30 21:04:21 host kernel: [11486873.889835] audit: type=1701 audit(1706666661.707:67894): auid=1011 uid=0 gid=0 ses=27243 pid=7300 comm="spiped" exe="/usr/local/bin/spiped-22cc9b4c18" sig=11
Here's a segfault from a different server, Debian 10 :
[ +0.036077] spiped[12592]: segfault at a9 ip 0000559136791e2c sp 00007fff2bfef820 error 4 in spiped-22cc9b4c18[55913678c000+11000]
[ +0.009377] Code: 58 fe ff ff bb ff ff ff ff e9 4e fe ff ff 48 83 ec 08 be 00 00 00 00 e8 71 fd ff ff 48 83 c4 08 c3 48 85 ff 74 17 53 48 89 fb <48> 8b 7f 08 e8 7b a4 ff ff 48 89 df e8 73 a4 ff ff 5b c3 c3 41 57
EDIT:
Nevermind, I lied.
Thought it worked fine without option -b ... turns out it was just luck, segfaults all the same with or without -b. :/
Feel free to rename this issue, or I can create a new one.
Note that spiped v1.6.2 has been working stably (but lacks the -b option I need).
While updating my spiped Docker image from Debian Jessie to Debian Stretch it failed, because the libc headers were not automatically pulled in any more.
The failure is absolutely fine, but it seems that it is not handled like it should:
export CFLAGS="${CFLAGS:--O2}"; \
export LDADD_POSIX=`export CC="c99"; cd libcperciva/POSIX && command -p sh posix-l.sh "$PATH"`; \
export CFLAGS_POSIX=`export CC="c99"; cd libcperciva/POSIX && command -p sh posix-cflags.sh "$PATH"`; \
. ./cpusupport-config.h; \
for D in spiped spipe tests/nc-client tests/nc-server tests/valgrind; do \
( cd ${D} && make all ) || exit 2; \
done
WARNING: POSIX violation: make's CC doesn't understand -lrt
WARNING: POSIX violation: make's CC doesn't understand -lxnet
WARNING: POSIX violation: <sys/socket.h> not defining MSG_NOSIGNAL
WARNING: POSIX violation: <time.h> not defining CLOCK_REALTIME
WARNING: POSIX violation: c99 does not accept 'restrict' keyword
/bin/sh: 3: export: -DPOSIXFAIL_CLOCK_REALTIME: bad variable name
Makefile:9: recipe for target 'all' failed
make: *** [all] Error 2
Notice the /bin/sh: 3: export: -DPOSIXFAIL_CLOCK_REALTIME: bad variable name line that most likely should not look like this, even if the dev environment is borked, no?
Does it possible to emulate an SNI Handshake request on Spipe client?
In theory, it can pass over Traefik or Haproxy TLS passthrough routing and it can invisible (almost) work together with regular SSL servers on common port 443
Was #328, but that patch wasn't successful.
About the connection, @cperciva wrote:
we want the same behaviour as regular (not proxied via spiped) TCP connections -- each direction is shut down independently, so that you can e.g. printf(1) an HTTP request and pipe that into spipe, even though the HTTP response will arrive back long after printf exits (and thus spipe's stdin is EOFed).
Whether we're doing this correctly is an open question, of course. But that's the idea -- an error can shut down the connection in both directions, but EOF only shuts down the connection in one direction.
In this particular case, @cperciva wrote:
Hmm... looking back at the test case, I think it will depend on how the OS handles TCP sockets owned by a process which is being terminated. If it sends a RST then spipe should get a read error and exit; if it sends a FIN then spipe will continue until it tries to send something (at which point it will receive a RST and exit).
IIRC this depends on the SO_LINGER setting and possibly on whether there's any data buffered when the socket is closed.
Hello!
Interesting project, I'm surprised that I didn't hear about it before! :) It would be great, for old graybeards like me, to see a comparison between spiped and stunnel. They both seem to serve similar purposes but I understand they differ in implementation (and maybe performance? or reliability?).
For someone used to deploying stunnel stuff everywhere, why would we switch to spiped?
In a 64-bit cygwin environment on Windows 8.1 (with cygwin packages gcc-core, openssl-devel, make), spiped 5ed4547 always dumps core on exit. I haven't tested earlier versions.
# spiped
usage: spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
[-DFj] [-f | -g] [-n <max # connections>] [-o <connection timeout>]
[-p <pidfile>] [-r <rtime> | -R]
spiped -v
zsh: abort (core dumped) spiped
strace spiped ends with
[...]
11 7817 [main] spiped 4828 alloc_sd: ACL-Size: 124
27 7844 [main] spiped 4828 alloc_sd: Created SD-Size: 200
10 7854 [main] spiped 4828 fhandler_pty_slave::open: (395): pty output_mutex (0x10): waiting -1 ms
15 7869 [main] spiped 4828 fhandler_pty_slave::open: (395): pty output_mutex: acquired
15 7884 [main] spiped 4828 tty::create_inuse: cygtty.slave_alive.14 0x128
9 7893 [main] spiped 4828 fhandler_pty_slave::open: (398): pty output_mutex(0x10) released
25 7918 [main] spiped 4828 open_shared: name cygpid.5836, n 5836, shared 0x20000 (wanted 0x0), h 0x12C, *m 6
14 7932 [main] spiped 4828 fhandler_pty_slave::open: dup handles directly since I'm the owner
14 7946 [main] spiped 4828 fhandler_pty_slave::open: duplicated from_master 0x25C->0x12C from pty_owner
9 7955 [main] spiped 4828 fhandler_pty_slave::open: duplicated to_master 0x290->0x134 from pty_owner
8 7963 [main] spiped 4828 fhandler_pty_slave::open: duplicated to_master_cyg 0x298->0x138 from pty_owner
26 7989 [main] spiped 4828 fhandler_console::need_invisible: invisible_console 0
17 8006 [main] spiped 4828 fhandler_base::open_with_arch: line 476: /dev/pty14<0x180302CE0> usecount + 1 = 1
12 8018 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
10 8028 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
9 8037 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
11 8048 [main] spiped 4828 _pinfo::set_ctty: old no ctty, ctty device number 0xFFFFFFFF, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
9 8057 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty 0x0, archetype 0x180302CE0
8 8065 [main] spiped 4828 _pinfo::set_ctty: ctty was NULL
11 8076 [main] spiped 4828 _pinfo::set_ctty: line 482: /dev/pty14<0x180302CE0> usecount + 1 = 2
11 8087 [main] spiped 4828 _pinfo::set_ctty: /dev/pty14 ctty, usecount 2
9 8096 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 4828, pid 4828, pgid 4828, tty->pgid 5540, tty->sid 12184
9 8105 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
11 8116 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 2
10 8126 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
7 8133 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
10 8143 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
10 8153 [main] spiped 4828 _pinfo::set_ctty: old ctty /dev/pty14, ctty device number 0x88000E, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
10 8163 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 12184, pid 4828, pgid 5540, tty->pgid 5540, tty->sid 12184
9 8172 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
9 8181 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 2
34 8215 [main] spiped 4828 build_fh_pc: found an archetype for (null)(136/14) io_handle 0x12C
16 8231 [main] spiped 4828 build_fh_pc: fh 0x180302FC0, dev 0088000E
14 8245 [main] spiped 4828 fhandler_base::open_with_arch: line 496: /dev/pty14<0x180302CE0> usecount + 1 = 3
17 8262 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
11 8273 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
10 8283 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
10 8293 [main] spiped 4828 _pinfo::set_ctty: old ctty /dev/pty14, ctty device number 0x88000E, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
12 8305 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 12184, pid 4828, pgid 5540, tty->pgid 5540, tty->sid 12184
13 8318 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
12 8330 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 3
12 8342 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
10 8352 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
14 8366 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
9 8375 [main] spiped 4828 _pinfo::set_ctty: old ctty /dev/pty14, ctty device number 0x88000E, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
10 8385 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 12184, pid 4828, pgid 5540, tty->pgid 5540, tty->sid 12184
8 8393 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
9 8402 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 3
28 8430 [main] spiped 4828 build_fh_pc: found an archetype for (null)(136/14) io_handle 0x12C
11 8441 [main] spiped 4828 build_fh_pc: fh 0x180303240, dev 0088000E
14 8455 [main] spiped 4828 fhandler_base::open_with_arch: line 496: /dev/pty14<0x180302CE0> usecount + 1 = 4
10 8465 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
10 8475 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
9 8484 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
8 8492 [main] spiped 4828 _pinfo::set_ctty: old ctty /dev/pty14, ctty device number 0x88000E, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
10 8502 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 12184, pid 4828, pgid 5540, tty->pgid 5540, tty->sid 12184
9 8511 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
8 8519 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 4
10 8529 [main] spiped 4828 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
8 8537 [main] spiped 4828 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
8 8545 [main] spiped 4828 fhandler_base::set_flags: filemode set to binary
9 8554 [main] spiped 4828 _pinfo::set_ctty: old ctty /dev/pty14, ctty device number 0x88000E, tc.ntty device number 0x88000E flags & O_NOCTTY 0x0
9 8563 [main] spiped 4828 _pinfo::set_ctty: attaching ctty /dev/pty14 sid 12184, pid 4828, pgid 5540, tty->pgid 5540, tty->sid 12184
9 8572 [main] spiped 4828 _pinfo::set_ctty: cygheap->ctty now 0x180302CE0, archetype 0x180302CE0
8 8580 [main] spiped 4828 fhandler_pty_slave::open_setup: /dev/pty14 opened, usecount 4
119 8699 [main] spiped 4828 __set_errno: void dll_crt0_1(void*):999 setting errno 0
212 8911 [main] spiped 4828 fhandler_pty_slave::write: pty14, write(0x10040D030, 202)
9 8920 [main] spiped 4828 fhandler_pty_common::process_opost_output: (1852): pty output_mutex (0x10): waiting -1 ms
14 8934 [main] spiped 4828 fhandler_pty_common::process_opost_output: (1852): pty output_mutex: acquired
usage: spiped {-e | -d} -s <source socket> -t <target socket> -k <key file>
[-DFj] [-f | -g] [-n <max # connections>] [-o <connection timeout>]
[-p <pidfile>] [-r <rtime> | -R]
spiped -v
9 8943 [main] spiped 4828 fhandler_pty_common::process_opost_output: (1891): pty output_mutex(0x10) released
10 8953 [main] spiped 4828 write: 202 = write(2, 0x10040D030, 202)
65 9018 [main] spiped 4828 set_signal_mask: setmask 0, newmask FFFFFFFFFFFEFEDF, mask_bits 0
10 9028 [main] spiped 4828 kill0: kill (4828, 6)
9 9037 [main] spiped 4828 sig_send: sendsig 0x7C, pid 4828, signal 6, its_me 1
12 9049 [main] spiped 4828 sig_send: wakeup 0x100
10 9059 [main] spiped 4828 sig_send: Waiting for pack.wakeup 0x100
17 9076 [sig] spiped 4828 sigpacket::process: signal 6 processing
10 9086 [sig] spiped 4828 init_cygheap::find_tls: sig 6
11 9097 [sig] spiped 4828 sigpacket::process: using tls 0x23CE00
29 9126 [sig] spiped 4828 sigpacket::process: signal 6, signal handler 0x180071B40
9 9135 [sig] spiped 4828 sigpacket::setup_handler: controlled interrupt. stackptr 0x23E408, stack 0x23E3F8, stackptr[-1] 0x100407850
13 9148 [sig] spiped 4828 proc_subproc: args: 5, 1
8 9156 [sig] spiped 4828 proc_subproc: clear waiting threads
8 9164 [sig] spiped 4828 proc_subproc: finished clearing
8 9172 [sig] spiped 4828 proc_subproc: returning 1
10 9182 [sig] spiped 4828 _cygtls::interrupt_setup: armed signal_arrived 0x104, signal 6
8 9190 [sig] spiped 4828 sigpacket::setup_handler: signal 6 delivered
9 9199 [sig] spiped 4828 sigpacket::process: returning 1
8 9207 [sig] spiped 4828 wait_sig: signalling pack.wakeup 0x100
11 9218 [main] spiped 4828 set_process_mask_delta: oldmask FFFFFFFFFFFEFEDF, newmask FFFFFFFFFFFEFEDF, deltamask 0
19 9237 [main] spiped 4828 signal_exit: exiting due to signal 6
11 9248 [main] spiped 4828 try_to_debug: debugger_command ''
9413 [main] spiped 4828 cygwin_exception::open_stackdumpfile: Dumping stack trace to spiped.exe.stackdump
165 9413 [main] spiped 4828 cygwin_exception::open_stackdumpfile: Dumping stack trace to spiped.exe.stackdump
31279 40692 [main] spiped 4828 signal_exit: about to call do_exit (86)
43 40735 [main] spiped 4828 do_exit: do_exit (134), exit_state 2
13 40748 [main] spiped 4828 void: 0x0 = signal (20, 0x1)
10 40758 [main] spiped 4828 void: 0x0 = signal (1, 0x1)
8 40766 [main] spiped 4828 void: 0x0 = signal (2, 0x1)
9 40775 [main] spiped 4828 void: 0x0 = signal (3, 0x1)
20 40795 [main] spiped 4828 fhandler_base::close_with_arch: line 1142: /dev/pty14<0x180302CE0> usecount + -1 = 3
9 40804 [main] spiped 4828 fhandler_base::close_with_arch: not closing archetype
10 40814 [main] spiped 4828 fhandler_base::close_with_arch: line 1142: /dev/pty14<0x180302CE0> usecount + -1 = 2
9 40823 [main] spiped 4828 fhandler_base::close_with_arch: not closing archetype
10 40833 [main] spiped 4828 fhandler_base::close_with_arch: line 1142: /dev/pty14<0x180302CE0> usecount + -1 = 1
8 40841 [main] spiped 4828 fhandler_base::close_with_arch: not closing archetype
8 40849 [main] spiped 4828 init_cygheap::close_ctty: closing cygheap->ctty 0x180302CE0
8 40857 [main] spiped 4828 fhandler_base::close_with_arch: closing passed in archetype 0x0, usecount 0
9 40866 [main] spiped 4828 fhandler_pty_slave::cleanup: /dev/pty14 closed, usecount 0
9 40875 [main] spiped 4828 fhandler_pty_slave::close: closing last open /dev/pty14 handle
21 40896 [main] spiped 4828 fhandler_console::free_console: freed console, res 1
16 40912 [main] spiped 4828 fhandler_pty_common::close: pty14 <0x12C,0x134> closing
11 40923 [main] spiped 4828 dtable::delete_archetype: deleting element 0 for /dev/pty14(136/14)
12 40935 [main] spiped 4828 getpid: 4828 = getpid()
8 40943 [main] spiped 4828 proc_terminate: nprocs 0
8 40951 [main] spiped 4828 proc_terminate: leaving
14 40965 [main] spiped 4828 pinfo::exit: Calling ExitProcess n 0x86, exitcode 0x8600
and the stack dump contains:
Stack trace:
Frame Function Args
0000023BD30 00180071CB3 (00000070007, 000DC0401D9, 00000000190, 0000023BEEE)
FFFFFFFFFFFEFEDF 0018007324C (00000000064, 00000000000, 00000000100, 00000000100)
0000023C420 00180124E54 (001801E07D0, 0000023C8DC, 001800C1119, 0000023C56C)
00000000041 00180121FAE (000000000CA, 0010040D030, 00000000000, 000000012DC)
00000000001 0018012247B (00000000001, 00000000005, 0018012AE78, 00000000006)
00000000001 0018012264C (00000000001, 001801E0080, 00000000001, 00000000005)
00000000001 0018012290F (00000000001, 0000023C860, 0000003A0E0, 001801E0280)
00000000001 00180155E35 (00600018040, 00000000000, 0000023C890, 0000003A0E0)
00000000001 001800C7DF3 (001801E0728, 00000000001, 00000000001, 001802C4740)
00000000001 0018011DFAB (001801E0728, 00000000001, 00000000001, 001802C4740)
00000000001 00100407850 (00100000000, 00000000000, 00100000000, 0000023C920)
00000000001 001801BA19A (00000000000, 00000000000, 0018017D2AA, 0000023CB50)
00000000064 00180176E8E (00000000000, 001801E0728, 001800BBC6D, 00180047030)
00000000064 00180047043 (00000000001, 00000000000, 00000000000, 001800BBC50)
00000000064 0018011DFAB (00000000001, 00000000000, 00000000000, 001800BBC50)
00000000064 0010040110E (00000000000, 001801E0860, 001801BC3EE, 0000023CAA6)
End of stack trace (more stack frames may be present)
At some point, we may wish to add PROXY protocol support to spiped. I don't think there's any urgency to this, but I'm opening an issue so I don't forget about it.
It appears to require BSD make. GNU make reports:
$ make
Makefile:5: *** missing separator. Stop.
Not sure what's going on here.
# spiped -d -s '[0.0.0.0]:8025' -t '[127.0.0.1]:25' -k keyfile
: Address must contain port number:
zsh: abort (core dumped) spiped -d -s '[0.0.0.0]:8025' -t '[127.0.0.1]:25' -k keyfile
We should teach warnp.c to (optionally) send output to syslog instead of stderr. (This belongs in libcperciva since syslog is a POSIX interface.)
If the appropriate command line option is used, the change should occur immediately after daemonizing.
I am wondering why the spiped protocol computes dhmac_C and dhmac_S, and uses those for the HMAC keys for protecting the public keys, instead of just using the original PSK for the HMAC and computing the HMAC over both nonces and the pubic key? Or even just computing the HMAC over the public key we are being sent and the nonce choosen by us?
I’m not sure if this is an OK place for an infrequenty asked question, apologies in advance if its not.
spiped won't allow values for -n over 500. is there any reason or history for that behaviour?
i believe it would be better if we could choose any number we deem suitable for our projects. this limit prevents me from deploying spiped across my infrastructure.
thanks
Similar to 'ssh -t' I guess, without messing with .zshrc and .bashrc remote files, how can I start a screen session (or reconnect to existing one) upon login?
Thank you.
It would be nice if we could support PREFIX, i.e.
make PREFIX=$HOME/.local/ install
It would be easy enough to automatically set BINDIR=${PREFIX}/bin. However, MAN1DIR is a problem. Many OSes expect that to be ${PREFIX}/share/man/man1, but FreeBSD doens't have a /usr/local/share/man; instead, their heir(7) clearly documents that this should be /usr/local/man instead.
So it's probably best to keep BINDIR and MAN1DIR separate and let packages set them as appropriate. (Also, that allows us to indicate whether to install man-pages in addition to the binary.)
On a similar note, may build systems support a DESTDIR, such as
BINDIR=${DESTDIR}${PREFIX}/bin
This is similiar to FreeBSD's "staging"[1][2]. But again, it's probably safest to leave that to packagers to play with.
[1] https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/porting-prefix.html
[2] https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/special.html#staging
[I opened this issue to keep track of any future developments or discussion about this; at the moment I don't think that we can make any changes cleanly.]
I recently updated the README of the spiped Dockerfile repository to match the ones of other official images: https://github.com/TimWolla/docker-spiped
The new README shows the build status of the image on various architectures, among them arm32v6 which is the only architecture that fails to build the spiped Docker image.
An example output can be found here: https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/spiped/34/console
The relevant excerpt is as follows:
+ CC=gcc make -C /usr/local/src/spiped
make: Entering directory '/usr/local/src/spiped'
( export CC="gcc"; command -p sh libcperciva/cpusupport/Build/cpusupport.sh "$PATH" ) > cpusupport-config.h
Checking if compiler supports X86 CPUID feature... no
Checking if compiler supports X86 AESNI feature... no
export CFLAGS="${CFLAGS:--O2}"; \
export LDADD_POSIX=`export CC="gcc"; cd libcperciva/POSIX && command -p sh posix-l.sh "$PATH"`; \
export CFLAGS_POSIX=`export CC="gcc"; cd libcperciva/POSIX && command -p sh posix-cflags.sh "$PATH"`; \
. ./cpusupport-config.h; \
for D in spiped spipe tests/nc-client tests/nc-server tests/valgrind; do \
( cd ${D} && make all ) || exit 2; \
done
make[1]: Entering directory '/usr/local/src/spiped/spiped'
gcc -O2 -D_POSIX_C_SOURCE=200809L -DCPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -I.. -I../proto -I../libcperciva/alg -I../libcperciva/datastruct -I../lib/dnsthread -I../lib/util -I../libcperciva/util -I../libcperciva/cpusupport -I../libcperciva/events -I../libcperciva/network -I../libcperciva/crypto -c main.c -o main.o
main.c: In function 'parsenum_float':
main.c:368:1: internal compiler error: Illegal instruction
}
^
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.
make[1]: *** [Makefile:33: main.o] Error 1
make[1]: Leaving directory '/usr/local/src/spiped/spiped'
make: Leaving directory '/usr/local/src/spiped'
make: *** [Makefile:9: all] Error 2
The corresponding line in the Dockerfile is this: https://github.com/TimWolla/docker-spiped/blob/4c5ed8edd93bab152cd34cc1bf837bab8b8fa882/1.6/alpine/Dockerfile#L25
I have no idea whether this issue is with spiped, gcc or somewhere else. I don't have an arm32v6 machine handy to compile it outside of Docker myself, either.
Thus I'm just reporting it here to make you aware of it.
Hello everyone, how to use the Windows Spiped client, where to download, install
If want to use it to encrypt the browser, how to use it
We keep open connections between 2 machines for some long running processes and are bumping up against the 500 connection limit.
Before I forked the code to remove the 500 connection limit, I thought I would ask if there was a particular reason behind the limit to begin with so I'm not re-learning lessons you have already learned?
Thanks for any help and guidance :)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.