From a05ca1a17fd1ce0303158f3a86ed4027ea33b1ed Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 17 May 2017 12:27:55 -0400
Subject: [PATCH] push the HTTP/1.x constraint into the program documentation
---
README.md | 4 ++--
hddemux.1.md | 31 ++++++++++++++++++++-----------
hddemux.service | 2 +-
hddemux.socket | 2 +-
4 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 66c1ef9..354821c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
Given restrictive firewalls and intrusive network monitors, it can be
both privacy-preserving and connectivity-enhancing to be able to serve
-both HTTPS and DNS-over-TLS from the same TCP port.
+both HTTPS (HTTP/1.x) and DNS-over-TLS from the same TCP port.
This project aims to document specifically how that can be done
safely, and to provide simple code to demonstrate the mechanism.
@@ -12,7 +12,7 @@ for more details of that service.
This project includes:
- * `hddemux.c` -- a `libuv`-based HTTP/DNS multiplexing server
+ * `hddemux.c` -- a `libuv`-based HTTP/1.x and DNS multiplexing server
* `hddemux.socket` and `hddemux.service` -- systemd units to manage
`hddemux`
diff --git a/hddemux.1.md b/hddemux.1.md
index 5878022..18750e2 100644
--- a/hddemux.1.md
+++ b/hddemux.1.md
@@ -2,7 +2,7 @@
title: HDDEMUX
section: 1
author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-date: 2017 April
+date: 2017 May
---
@@ -23,9 +23,9 @@ hddemux takes a set of listening stream-based file descriptors (see
sd_listen_fds(3)) and accepts new connections on them.
When a new connection comes in, it decides from the first few octets
-whether the connection is HTTP or DNS. If it thinks it's HTTP, it
-splices the connection to the HTTP_TARGET. If it thinks it's DNS, it
-splices the connection to the DNS_TARGET.
+whether the connection is HTTP/1.x or DNS. If it thinks it's
+HTTP/1.x, it splices the connection to the HTTP_TARGET. If it thinks
+it's DNS, it splices the connection to the DNS_TARGET.
ENVIRONMENT VARIABLES
=====================
@@ -60,9 +60,8 @@ For systemd, you need a .socket unit file:
#/lib/systemd/hddemux.socket
[Unit]
- Description=HTTP/DNS demuxer socket
+ Description=HTTP/1.x and DNS demuxer socket
Documentation=man:hddemux(1)
- Before=sockets.target
[Socket]
ListenStream=/run/hddemux/socket
@@ -74,25 +73,34 @@ and a .service unit file:
#/lib/systemd/hddemux.service
[Unit]
- Description=HTTP/DNS demuxer service
+ Description=HTTP/1.x and DNS demuxer service
Documentation=man:hddemux(1)
- ## This is a socket-activated service:
- RefuseManualStart=true
+ Requires=hddemux.socket
[Service]
Type=notify
ExecStart=/usr/bin/hddemux
WorkingDirectory=/run/hddemux/workdir
User=hddemux
+ Group=hddemux
[Install]
- WantedBy=sockets.target
+ Also=hddemux.socket
Configuration can be done by overriding the .service file (e.g. with
Service.Environment= entries). See the "edit" documentation in
systemctl(1) and the "Overriding vendor settings" section of
systemd.unit(5).
+
+CONSTRAINTS
+===========
+
+hddemux is designed to demultiplex HTTP/1.x from stream-based DNS.
+Trying to demultiplex other protocols (including HTTP/2 or later) is
+not advised. Please see draft-dkg-dprive-demux-dns-http for more
+information and analysis.
+
WARNING
=======
@@ -105,4 +113,5 @@ recursion.
SEE ALSO
========
-sd_listen_fds(3), systemctl(1), systemd.unit(5)
+sd_listen_fds(3), systemctl(1), systemd.unit(5),
+https://datatracker.ietf.org/doc/draft-dkg-dprive-demux-dns-http/
diff --git a/hddemux.service b/hddemux.service
index 356c247..717d09e 100644
--- a/hddemux.service
+++ b/hddemux.service
@@ -1,5 +1,5 @@
[Unit]
-Description=HTTP/DNS demuxer service
+Description=HTTP/1.x and DNS demuxer service
Documentation=man:hddemux(1)
Requires=hddemux.socket
diff --git a/hddemux.socket b/hddemux.socket
index 35ac9ab..93ae9d1 100644
--- a/hddemux.socket
+++ b/hddemux.socket
@@ -1,5 +1,5 @@
[Unit]
-Description=HTTP/DNS demuxer socket
+Description=HTTP/1.x and DNS demuxer socket
Documentation=man:hddemux(1)
[Socket]
--
GitLab