X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/ce5c098f8a19a42ddaeb488ed643ae3b5e697c7b..bfc34affaf5e80fe6a85bbcc4c302005154b4531:/README

diff --git a/README b/README
index 3e8a157..414baee 100644
--- a/README
+++ b/README
@@ -194,8 +194,11 @@ Defines:
   udp (closure => comm closure)
 
 udp: dict argument
-  address (string list): IPv6 or IPv4 addresses to listen and send on
-  port (integer): UDP port to listen and send on
+  address (string list): IPv6 or IPv4 addresses to listen and send on;
+   default is all local addresses
+  port (integer): UDP port to listen and send on; optional if you
+   don't need to have a stable address for your peers to talk to
+   (in which case your site ought probably to have `local-mobile true').
   buffer (buffer closure): buffer for incoming packets
   authbind (string): optional, path to authbind-helper program
 
@@ -258,8 +261,12 @@ is one.  network-manager always sets up a default route.  The result
 is that the wifi always has a default route (so is useable); ppp
 (being a point-to-point link) does not need one.
 
-The use of polypath currently requires that secnet have root
-privilege, to make the setsockopt(,,SO_BINDTODEVICE,) call.
+The use of polypath requires that secnet be started with root
+privilege, to make the setsockopt(,,SO_BINDTODEVICE,) calls.  If the
+configuration specifies that secnet should drop privilege (see
+`userid' above), secnet will keep a special process around for this
+purpose; that process will handle local network interface changes but
+does not deal with any packets, key exchange, etc.
 
 polypath support is only available when secnet is built against an
 IPv6-capable version of adns (because it wants features in the newer