continuous-integration/drone/push Build is passingDetails
continuous-integration/drone/tag Build is passingDetails
When generating a default config instead of using a canned value like "eth0", hypd will isntead look at what interfaces the system has and make a best guess based on progressively narrowing filters.
continuous-integration/drone/push Build is passingDetails
If refreshtime is specified, instead the client running as a one-shot command, it will instead run persistently and perform a new authentic knock sequence each specified time in minutes.
This was introduced in the previous few commits when adding support for multiple secrets in knockd. The logic to push and pop entries from the knockSequences slice needed to be adjusted to cound for the number of secrets that are loaded by hypd.
continuous-integration/drone/push Build is failingDetails
This allows you to generate more than one pre-shared secret on the knock daemon so that you can distribute the secret and control revocation at a more granular level. Each additional secret creates one more concurrent authentic knock sequence.
Make the project goal more clear, less personal opinion mentioned. Mention how hyp differentiates itself, how the authentic knock sequence is determined with a diagram. Provide instructions to build.
Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed.
continuous-integration/drone/push Build is passingDetails
The syntax for the hypd server command has changed. Now instead of specifying an interface name as an argument to the server command, you instead specify a configuration file path.
Example:
./hypd server hypdconfig.json
These were previously used while trying to parse out specific headers. They are no longer required though because the current length bounds checks covers edge cases.
continuous-integration/drone/push Build is passingDetails
This to allow configurable time between knock sequence transmissions. It's important the sequence arrive in the correct order, and some networks have multiple paths.
continuous-integration/drone/push Build is passingDetails
This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence.
Steven Polley