diff --git a/README.md b/README.md
index 66c1ef9298c10640985917c7686f24fb5d306a29..354821c625fbf3cebe44941046dcfa0394463ed6 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
Given restrictive firewalls and intrusive network monitors, it can be
both privacy-preserving and connectivity-enhancing to be able to serve
-both HTTPS and DNS-over-TLS from the same TCP port.
+both HTTPS (HTTP/1.x) and DNS-over-TLS from the same TCP port.
This project aims to document specifically how that can be done
safely, and to provide simple code to demonstrate the mechanism.
@@ -12,7 +12,7 @@ for more details of that service.
This project includes:
- * `hddemux.c` -- a `libuv`-based HTTP/DNS multiplexing server
+ * `hddemux.c` -- a `libuv`-based HTTP/1.x and DNS multiplexing server
* `hddemux.socket` and `hddemux.service` -- systemd units to manage
`hddemux`
diff --git a/hddemux.1.md b/hddemux.1.md
index 5878022712a61569594f9d957adbbef049f736af..18750e2cb5d49756ebdc2cc3e2f199c6d1a3e103 100644
--- a/hddemux.1.md
+++ b/hddemux.1.md
@@ -2,7 +2,7 @@
title: HDDEMUX
section: 1
author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-date: 2017 April
+date: 2017 May
---
@@ -23,9 +23,9 @@ hddemux takes a set of listening stream-based file descriptors (see
sd_listen_fds(3)) and accepts new connections on them.
When a new connection comes in, it decides from the first few octets
-whether the connection is HTTP or DNS. If it thinks it's HTTP, it
-splices the connection to the HTTP_TARGET. If it thinks it's DNS, it
-splices the connection to the DNS_TARGET.
+whether the connection is HTTP/1.x or DNS. If it thinks it's
+HTTP/1.x, it splices the connection to the HTTP_TARGET. If it thinks
+it's DNS, it splices the connection to the DNS_TARGET.
ENVIRONMENT VARIABLES
=====================
@@ -60,9 +60,8 @@ For systemd, you need a .socket unit file:
#/lib/systemd/hddemux.socket
[Unit]
- Description=HTTP/DNS demuxer socket
+ Description=HTTP/1.x and DNS demuxer socket
Documentation=man:hddemux(1)
- Before=sockets.target
[Socket]
ListenStream=/run/hddemux/socket
@@ -74,25 +73,34 @@ and a .service unit file:
#/lib/systemd/hddemux.service
[Unit]
- Description=HTTP/DNS demuxer service
+ Description=HTTP/1.x and DNS demuxer service
Documentation=man:hddemux(1)
- ## This is a socket-activated service:
- RefuseManualStart=true
+ Requires=hddemux.socket
[Service]
Type=notify
ExecStart=/usr/bin/hddemux
WorkingDirectory=/run/hddemux/workdir
User=hddemux
+ Group=hddemux
[Install]
- WantedBy=sockets.target
+ Also=hddemux.socket
Configuration can be done by overriding the .service file (e.g. with
Service.Environment= entries). See the "edit" documentation in
systemctl(1) and the "Overriding vendor settings" section of
systemd.unit(5).
+
+CONSTRAINTS
+===========
+
+hddemux is designed to demultiplex HTTP/1.x from stream-based DNS.
+Trying to demultiplex other protocols (including HTTP/2 or later) is
+not advised. Please see draft-dkg-dprive-demux-dns-http for more
+information and analysis.
+
WARNING
=======
@@ -105,4 +113,5 @@ recursion.
SEE ALSO
========
-sd_listen_fds(3), systemctl(1), systemd.unit(5)
+sd_listen_fds(3), systemctl(1), systemd.unit(5),
+https://datatracker.ietf.org/doc/draft-dkg-dprive-demux-dns-http/
diff --git a/hddemux.service b/hddemux.service
index 356c247c4f651f3cb3f06cc63cce26b04307c8db..717d09ed2794630ed520f2166a578e4b72aa2729 100644
--- a/hddemux.service
+++ b/hddemux.service
@@ -1,5 +1,5 @@
[Unit]
-Description=HTTP/DNS demuxer service
+Description=HTTP/1.x and DNS demuxer service
Documentation=man:hddemux(1)
Requires=hddemux.socket
diff --git a/hddemux.socket b/hddemux.socket
index 35ac9ab7bf51ddff58a4d9e6bb6720e420531365..93ae9d15c7dddd528991c948fcf8b345cd6b6edb 100644
--- a/hddemux.socket
+++ b/hddemux.socket
@@ -1,5 +1,5 @@
[Unit]
-Description=HTTP/DNS demuxer socket
+Description=HTTP/1.x and DNS demuxer socket
Documentation=man:hddemux(1)
[Socket]