push the HTTP/1.x constraint into the program documentation

README.md

 Given restrictive firewalls and intrusive network monitors, it can be
 both privacy-preserving and connectivity-enhancing to be able to serve
-both HTTPS and DNS-over-TLS from the same TCP port.
+both HTTPS (HTTP/1.x) and DNS-over-TLS from the same TCP port.
 
 This project aims to document specifically how that can be done
 safely, and to provide simple code to demonstrate the mechanism.
@@ -12,7 +12,7 @@ for more details of that service.
 
 This project includes:
 
- * `hddemux.c` -- a `libuv`-based HTTP/DNS multiplexing server
+ * `hddemux.c` -- a `libuv`-based HTTP/1.x and DNS multiplexing server
  
  * `hddemux.socket` and `hddemux.service` -- systemd units to manage
    `hddemux`

hddemux.1.md

@@ -2,7 +2,7 @@
 title: HDDEMUX
 section: 1
 author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-date: 2017 April
+date: 2017 May
 ---
 
 
@@ -23,9 +23,9 @@ hddemux takes a set of listening stream-based file descriptors (see
 sd_listen_fds(3)) and accepts new connections on them.
 
 When a new connection comes in, it decides from the first few octets
-whether the connection is HTTP or DNS.  If it thinks it's HTTP, it
-splices the connection to the HTTP_TARGET.  If it thinks it's DNS, it
-splices the connection to the DNS_TARGET.
+whether the connection is HTTP/1.x or DNS.  If it thinks it's
+HTTP/1.x, it splices the connection to the HTTP_TARGET.  If it thinks
+it's DNS, it splices the connection to the DNS_TARGET.
 
 ENVIRONMENT VARIABLES
 =====================
@@ -60,9 +60,8 @@ For systemd, you need a .socket unit file:
 
     #/lib/systemd/hddemux.socket
     [Unit]
-    Description=HTTP/DNS demuxer socket
+    Description=HTTP/1.x and DNS demuxer socket
     Documentation=man:hddemux(1)
-    Before=sockets.target
 
     [Socket]
     ListenStream=/run/hddemux/socket
@@ -74,25 +73,34 @@ and a .service unit file:
 
     #/lib/systemd/hddemux.service
     [Unit]
-    Description=HTTP/DNS demuxer service
+    Description=HTTP/1.x and DNS demuxer service
     Documentation=man:hddemux(1)
-    ## This is a socket-activated service:
-    RefuseManualStart=true
+    Requires=hddemux.socket
     
     [Service]
     Type=notify
     ExecStart=/usr/bin/hddemux
     WorkingDirectory=/run/hddemux/workdir
     User=hddemux
+    Group=hddemux
     
     [Install]
-    WantedBy=sockets.target
+    Also=hddemux.socket
 
 Configuration can be done by overriding the .service file (e.g. with
 Service.Environment= entries).  See the "edit" documentation in
 systemctl(1) and the "Overriding vendor settings" section of
 systemd.unit(5).
 
+
+CONSTRAINTS
+===========
+
+hddemux is designed to demultiplex HTTP/1.x from stream-based DNS.
+Trying to demultiplex other protocols (including HTTP/2 or later) is
+not advised.  Please see draft-dkg-dprive-demux-dns-http for more
+information and analysis.
+
 WARNING
 =======
 
@@ -105,4 +113,5 @@ recursion.
 SEE ALSO
 ========
 
-sd_listen_fds(3), systemctl(1), systemd.unit(5)
+sd_listen_fds(3), systemctl(1), systemd.unit(5),
+https://datatracker.ietf.org/doc/draft-dkg-dprive-demux-dns-http/

hddemux.service

 [Unit]
-Description=HTTP/DNS demuxer service
+Description=HTTP/1.x and DNS demuxer service
 Documentation=man:hddemux(1)
 Requires=hddemux.socket
 

hddemux.socket

 [Unit]
-Description=HTTP/DNS demuxer socket
+Description=HTTP/1.x and DNS demuxer socket
 Documentation=man:hddemux(1)
 
 [Socket]