BREAKING: Interface name is now specified by configuration file

The syntax for the hypd server command has changed.  Now instead of specifying an interface name as an argument to the server command, you instead specify a configuration file path.

Example:
./hypd server hypdconfig.json

.gitignore

@@ -2,3 +2,4 @@ hyp.secret
 *.exe
 hypd/hypd
 hyp/hyp
+hypdconfig.json

hypd/cmd/defaultconfig.go

@@ -0,0 +1,35 @@
+/*
+Copyright © 2024 Steven Polley <himself@stevenpolley.net>
+*/
+package cmd
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"deadbeef.codes/steven/hyp/hypd/configuration"
+	"github.com/spf13/cobra"
+)
+
+// defaultconfigCmd represents the defaultconfig command
+var defaultconfigCmd = &cobra.Command{
+	Use:   "defaultconfig",
+	Short: "Prints the default configuration to stdout",
+	Long: `The default configuration is used if one is not set.  The default configuration
+can be used as a reference to build your own. 
+
+hypd generate defaultconfig | tee hypdconfig.json`,
+	Run: func(cmd *cobra.Command, args []string) {
+		config := configuration.DefaultConfig()
+		b, err := json.MarshalIndent(config, "", "    ")
+		if err != nil {
+			panic(fmt.Errorf("failed to marshal default configuration to json (this should never happen): %v", err))
+		}
+		fmt.Println(string(b))
+	},
+}
+
+func init() {
+	generateCmd.AddCommand(defaultconfigCmd)
+
+}

hypd/cmd/server.go

@@ -5,32 +5,52 @@ package cmd
 
 import (
 	"fmt"
+	"os/user"
 
+	"deadbeef.codes/steven/hyp/hypd/configuration"
 	"deadbeef.codes/steven/hyp/hypd/server"
 	"github.com/spf13/cobra"
 )
 
 // serverCmd represents the server command
 var serverCmd = &cobra.Command{
-	Use:   "server <NIC>",
+	Use:   "server <configFilePath>",
 	Args:  cobra.ExactArgs(1),
 	Short: "Runs hyp in server mode",
-	Long: `Runs the hyp server and begins capture on the NIC specified
+	Long: `Runs the hyp server and begins watching for authentic knock sequences.
+
+Before running this command, you must first have a configuration file.  You can
+generate a configuration file with:  hypd generate defaultconfig > hypdconfig.json
+
+You should then edit the config file to meet your needs.  
+
+In addition to a config file you will need to generate pre-shared keys: 
+mkdir -p ./secrets
+hypd generate secret > secrets/mykey.secret
 
 Example Usage:
 
-	# Linux - capture enp0s0
-	hyp server enp0s0
-
-	# Linux - capture eth0
-	hyp server eth0
-
-	# Windows - get-netadapter | where {$_.Name -eq “Ethernet”} | Select-Object -Property DeviceName
-	hyp.exe server "\\Device\\NPF_{A6F067DE-C2DC-4B4E-9C74-BE649C4C0F03}"
+	# Use config file in local directory
+	hypd server hypdconfig.json
 
+	# Use config file in /etc/hyp/
+	hypd server /etc/hyp/hypdconfig.json
 	`,
 	Run: func(cmd *cobra.Command, args []string) {
-		err := server.PacketServer(args[0])
+
+		currentUser, err := user.Current()
+		if err != nil {
+			panic(fmt.Errorf("could not determine current user: %w", err))
+		}
+		if currentUser.Username != "root" {
+			fmt.Println("WARNING: It's recommended you run this as root, but will proceed anyways...")
+		}
+
+		hypdConfiguration, err := configuration.LoadConfiguration(args[0])
+		if err != nil {
+			panic(fmt.Errorf("failed to start packet server: %w", err))
+		}
+		err = server.PacketServer(hypdConfiguration)
 		if err != nil {
 			panic(fmt.Errorf("failed to start packet server: %w", err))
 		}
@@ -40,22 +60,4 @@ Example Usage:
 
 func init() {
 	rootCmd.AddCommand(serverCmd)
-	/*
-		viper.SetConfigName("hypconfig")
-		viper.SetConfigType("yaml")
-		viper.AddConfigPath("/etc/hyp/")
-		viper.AddConfigPath("$HOME/.hyp")
-		viper.AddConfigPath(".")
-		viper.SetDefault("RefreshInterval", 7200)
-
-		if err := viper.ReadInConfig(); err != nil {
-			if _, ok := err.(viper.ConfigFileNotFoundError); ok {
-				// Config file not found
-				// TBD: Implement
-			} else {
-				// Config file was found, but another error was produced
-				panic(fmt.Errorf("failed reading existing config file: %w", err))
-			}
-		}*/
-
 }

hypd/configuration/configuration.go

@@ -0,0 +1,68 @@
+package configuration
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+)
+
+type HypdConfiguration struct {
+	NetworkInterface      string `json:"networkInterface"`
+	PreSharedKeyDirectory string `json:"preSharedKeyDirectory"` // hypd will load all *.secret files from this directory
+	SuccessAction         string `json:"successAction"`         // The action to take
+	TimeoutSeconds        int    `json:"timeoutSeconds"`        // If > 0, once a knock sequence has been successful this value will count down and when it reaches 0, it will perform the TimeoutAction on the client.
+	TimeoutAction         string `json:"timeoutAction"`         // The action to take after TimeoutSeconds has elapsed.  only applicable if TimeoutSeconds is > 0
+
+}
+
+// LoadConfiguration opens and parses the configuration file into a HypdConfiguration struct
+// If a configFilePath is not specified, it will search in common locations
+func LoadConfiguration(configFilePath string) (*HypdConfiguration, error) {
+	if configFilePath == "" {
+		commonLocations := []string{"hypdconfig.json",
+			"~/.hypdconfig.json",
+			"~/.config/hyp/hypdConfig.json",
+			"/etc/hyp/hypdConfig.json",
+			"/usr/local/etc/hyp/hypdConfig.json",
+		}
+
+		for _, loc := range commonLocations {
+			if _, err := os.Stat(loc); err == nil {
+				configFilePath = loc
+				break
+			}
+		}
+	}
+	// if it's still not found after checking common locations, load default config
+	if configFilePath == "" {
+		fmt.Println("no configuration file found.  You can generate one with ./hypd generate defaultconfig | tee hypdconfig.json")
+		return DefaultConfig(), nil
+	}
+
+	// Otherwise if a config is specified, try to load it and error if it fails.
+	// I think it's better to error here if a config was intended and failed
+	// rather than failing back to default
+
+	b, err := os.ReadFile(configFilePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read config file '%s': %w", configFilePath, err)
+	}
+
+	hypdConfiguration := &HypdConfiguration{}
+	err = json.Unmarshal(b, hypdConfiguration)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal config file json to HypdConfiguration (is the config file malformed?): %w", err)
+	}
+
+	return hypdConfiguration, nil
+}
+
+func DefaultConfig() *HypdConfiguration {
+	return &HypdConfiguration{
+		NetworkInterface:      "enp0s3",
+		PreSharedKeyDirectory: "./secrets/",
+		SuccessAction:         "iptables -A INPUT -p tcp -s %s --dport 22 -j ACCEPT",
+		TimeoutSeconds:        1440,
+		TimeoutAction:         "iptables -D INPUT -p tcp -s %s --dport 22 -j ACCEPT",
+	}
+}

hypd/server/packet.go

@@ -15,6 +15,7 @@ import (
 	"os/exec"
 	"time"
 
+	"deadbeef.codes/steven/hyp/hypd/configuration"
 	"deadbeef.codes/steven/hyp/otphyp"
 	"github.com/cilium/ebpf/link"
 	"github.com/cilium/ebpf/ringbuf"
@@ -48,11 +49,11 @@ var (
 // PacketServer is the main function when operating in server mode
 // it sets up the pcap on the capture device and starts a goroutine
 // to rotate the knock sequence
-func PacketServer(captureDevice string) error {
+func PacketServer(config *configuration.HypdConfiguration) error {
 
-	iface, err := net.InterfaceByName(captureDevice)
+	iface, err := net.InterfaceByName(config.NetworkInterface)
 	if err != nil {
-		log.Fatalf("lookup network iface %q: %v", captureDevice, err)
+		log.Fatalf("lookup network iface %q: %v", config.NetworkInterface, err)
 	}
 
 	secretBytes, err := os.ReadFile("hyp.secret")