+# To make a tunnel between two machines `alice' and `bob',
+# on `alice', the active endpoint, run:
+#
+# udptunnel
+# [ -l[<alice-command/arg>] ... .
+# | -e <encryption-mech>[/<encryption-parameter>...]
+# | -m (`masquerade support': bob gets `Wait' instead of our addr/port)
+# | -d (`dump keys': when no peer, spew keys rather than reading them;
+# we always send keys to our peer if there is one)
+# | -Dcrypto (debug crypto - use with care, prints keys, packets &c on screen!)
+# | -f<path-to-udptunnel-forwarder>
+# ...
+# ]
+# <alice-phys-addr>,<alice-phys-port>
+# <bob-phys-addr>,<bob-phys-port>
+# <alice-virt-addr>,<bob-virt-addr>,<mtu>,<proto>
+# <keepalive>,<timeout>[,<reannounce>]
+# <alice-priv-nets> <bob-priv-nets>
+# [ <bob-command> [<bob-args> ...] ]
+#
+# This will run udptunnel-forwarder on alice, and use <bob-command>
+# (usually an ssh invocation) to run udptunnel appropriately on bob.
+# Key material will be generated by alice and fed to udptunnel on bob
+# via <bob-command>'s stdin, and the physical address and port on bob
+# will be (if so configured) returned via <bob-command>'s stdout.
+#
+# The tunnel will stay up until one of the subprocesses involved dies,
+# or the keepalive timeout expires. If you want the tunnel to remain
+# up permanently, you must arrange to invoke it repeatedly (eg, from
+# inittab). See INSTALL.
+#
+# <proto> may be slip or cslip
+#
+# <mtu> will be the MTU of the tunnel interfaces; it is best if this
+# is enough smaller than the path MTU between the physical interfaces
+# that the encapsulated packets will fit without fragmentation.
+#
+# Any <..-addr> supplied to udptunnel may also be hostname; these will
+# all be looked up on alice and IP addresses passed to bob.
+#
+# The `local' physical address and ports (ie, alice's own details),
+# may have these special values:
+# `Any' choose one ourselves and do not print it (the port chosen
+# will be supplied to bob)
+# `Print' choose one ourselves and print both port and addr
+# (this is not usually useful specified directly; it's
+# used by udptunnel when it invokes itself on bob via
+# <bob-command>, to have its other self print the
+# relevant value.
+#
+# The `remote' physical address and port (ie, on alice, bob's details),
+# may also have the special values:
+# `Command' wait for <bob-command> to tell us the values (this is
+# usually the right choice on alice for at least the
+# port). <bob-command> must be specified (ie, this
+# only makes sense on alice).
+# `Wait' alice will wait to receive a packet from bob and use
+# whatever address and port it came from
+#
+# These special values are case-sensitive. When alice runs udptunnel
+# on bob they are automatically translated to appropriate other values
+# in the arguments to bob's udptunnel.
+#
+# If <bob-command> is specified it should run udptunnel at the
+# bob end; it will be invoked as
+# <bob-command> [ <bob-args> ... ]
+# [ <-e arguments passed along> ]
+# <bob-phys-addr'>,<bob-phys-port'>
+# <alice-phys-addr'>,<alice-phys-port'>
+# <bob-virt-addr>,<alice-virt-addr>,<mtu>,<proto>
+# <keepalive>,<timeout>[,<reannounce>]
+# <bob-priv-nets> <alice-priv-nets>
+#
+# If it was given Print for <bob-phys-foo'>, udptunnel's first stdout
+# output will be the real <bob-phys-addr>,<bob-phys-port> pair. It
+# may then produce more stdout which, if any, will be forwarded to the
+# local end's stdout as debugging info.
+#
+# After this, if any encryption was specified, the encryption key
+# material will be fed into its stdin. See the documentation in the
+# mech-*.c files for details of the parameters. udptunnel on alice
+# will arrange to feed the keys fd of udptunnel-forwarder into the
+# stdin of the udptunnel on bob.
+#
+# <bob-phys-foo'> is as follows:
+# <bob-phys-foo> <bob-phys-foo'>
+# actual addr/port that addr/port
+# `Command' `Print'
+# `Wait' `Any'
+#
+# <alice-phys-foo'> is as follows:
+# <alice-phys-foo> <alice-phys-foo'> <alice-phys-foo'>
+# (-m not specified) (-m specified)
+# actual addr/port that addr/port `Wait'
+# `Print' the chosen address `Wait'
+# `Any' `Wait' for addr, `Wait'
+# chosen port for port