hyp/hypd/server/packet.go

/*
Copyright © 2024 Steven Polley <himself@stevenpolley.net>
*/

package server

import (
	"bytes"
	"encoding/binary"
	"errors"
	"fmt"
	"log"
	"net"
	"os"
	"os/exec"
	"time"

	"deadbeef.codes/steven/hyp/hypd/configuration"
	"deadbeef.codes/steven/hyp/otphyp"
	"github.com/cilium/ebpf/link"
	"github.com/cilium/ebpf/ringbuf"
	"github.com/cilium/ebpf/rlimit"
)

//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --type knock_data hyp_bpf hyp_bpf.c

// Client is used to keep track of a client attempting to perform an authentic knock sequence
type Client struct {
	Progress int       // index of current progress in sequence.   Value of 1 means first port has been matched
	Sequence [4]uint16 // stores the knock sequence the current client is attempting.  It's set and tracked here to prevent race conditions during a knock sequence being received and key rotations
}

// KnockSequence is used keep track of an ordered knock sequence and whether it's been marked for use (to prevent replay attacks)
type KnockSequence struct {
	Used         bool      // If true, that means this knock sequence has already been used once.  It may still be within the valid time window, but it can't be used again
	PortSequence [4]uint16 // Each knock sequence is four ports long
}

const (
	KnockSequenceTimeout = 3 // TBD: Make this a configurable value
)

var (
	clients        map[uint32]*Client // Contains a map of clients, key is IPv4 address
	knockSequences []KnockSequence    // We have 3 valid knock sequences at any time to account for clock skew
	sharedSecret   string             // base32 encoded shared secret used for totp
	serverConfig   *configuration.HypdConfiguration
)

// PacketServer is the main function when operating in server mode
// it sets up the pcap on the capture device and starts a goroutine
// to rotate the knock sequence
func PacketServer(config *configuration.HypdConfiguration) error {
	serverConfig = config
	iface, err := net.InterfaceByName(serverConfig.NetworkInterface)
	if err != nil {
		log.Fatalf("lookup network iface %q: %v", serverConfig.NetworkInterface, err)
	}

	secretBytes, err := os.ReadFile("hyp.secret")
	if err != nil {
		log.Fatalf("failed to read file 'hyp.secret': %v", err)
	}
	sharedSecret = string(secretBytes)

	clients = make(map[uint32]*Client, 0)
	knockSequences = []KnockSequence{}

	// Setup a goroutine to periodically rotate the authentic knock sequence
	go rotateSequence()

	////////////////////////////////////

	// Allow the current process to lock memory for eBPF resources.
	if err := rlimit.RemoveMemlock(); err != nil {
		log.Fatal(err)
	}

	// Load pre-compiled programs into the kernel.
	objs := hyp_bpfObjects{}
	if err := loadHyp_bpfObjects(&objs, nil); err != nil {
		log.Fatalf("loading objects: %v", err)
	}
	defer objs.Close()

	// Attach the program.
	l, err := link.AttachXDP(link.XDPOptions{
		Program:   objs.XdpProgFunc,
		Interface: iface.Index,
	})
	if err != nil {
		log.Fatalf("could not attach XDP program: %v", err)
	}
	defer l.Close()

	log.Printf("Attached XDP program to iface %q (index %d)", iface.Name, iface.Index)
	log.Printf("Press Ctrl-C to exit and remove the program")

	rd, err := ringbuf.NewReader(objs.Rb)
	if err != nil {
		log.Fatalf("could not open ring buffer reader: %v", err)
	}
	defer rd.Close()

	var event hyp_bpfKnockData
	for {
		record, err := rd.Read()
		if err != nil {
			if errors.Is(err, ringbuf.ErrClosed) {
				log.Println("eBPF ring buffer closed, exiting...")
				return nil
			}
			log.Printf("error reading from ring buffer reader: %v", err)
			continue
		}

		if err := binary.Read(bytes.NewBuffer(record.RawSample), binary.LittleEndian, &event); err != nil {
			log.Printf("error parsing ringbuf event: %v", err)
			continue
		}
		handleKnock(event)
	}
}

// intToIP converts IPv4 number to net.IP
func intToIP(ipNum uint32) net.IP {
	ip := make(net.IP, 4)
	binary.BigEndian.PutUint32(ip, ipNum)
	return ip
}

// packets that match the BPF filter get passed to handlePacket
func handleKnock(knockEvent hyp_bpfKnockData) {

	client, ok := clients[knockEvent.Srcip]
	if !ok { // client doesn't exist yet
		for i, knockSequence := range knockSequences { // identify which of the 3 authentic knock sequences is matched
			if knockSequence.Used { // skip over sequences that are already used to prevent replay attack
				continue
			}
			if knockEvent.Dstport == knockSequence.PortSequence[0] {
				// Create the client and mark the knock sequence as used
				clients[knockEvent.Srcip] = &Client{Progress: 1, Sequence: knockSequence.PortSequence}
				knockSequences[i].Used = true
				go timeoutKnockSequence(knockEvent.Srcip)
			}
		}
		return
	}

	// if it's wrong, reset progress
	if knockEvent.Dstport != client.Sequence[client.Progress] {
		delete(clients, knockEvent.Srcip)
		fmt.Printf("port '%d' is in sequence, but came at unexpected order - resetting progress", knockEvent.Dstport)
		return
	}

	// Client increases progress through sequence and checks if sequence is completed
	client.Progress++
	if client.Progress >= len(client.Sequence) {
		delete(clients, knockEvent.Srcip)
		handleSuccess(intToIP(knockEvent.Srcip)) // The magic function, the knock is completed
		return
	}
}

// Remove the client after the timeout value has elapsed.  This prevents a client from
// being indefinitely stuck part way through an old knock sequence.  It's also helpful
// in preventing sweep attacks as the authentic knock sequence must be correctly entered
// within the timeout value from start to finish.
func timeoutKnockSequence(srcip uint32) {
	time.Sleep(time.Second * KnockSequenceTimeout)
	_, ok := clients[srcip]
	if ok {
		delete(clients, srcip)
	}
}

// Used to rotate the authentic port knock sequence
func rotateSequence() {
	for {
		// Generate new knock sequences with time skew support
		t := time.Now().Add(time.Second * -30)
		for i := len(knockSequences); i < 3; i++ {
			portSequence, err := otphyp.GeneratePorts(sharedSecret, t.Add((time.Second * 30 * time.Duration(i))))
			if err != nil {
				log.Fatalf("failed to generate port knock sequence: %v", err)
			}
			knockSequence := KnockSequence{PortSequence: portSequence}
			knockSequences = append(knockSequences, knockSequence)
		}
		fmt.Println("New sequences:", knockSequences)

		// Sleep until next 30 second offset
		time.Sleep(time.Until(time.Now().Truncate(time.Second * 30).Add(time.Second * 30)))

		// pop first value, next iteration pushes new value
		knockSequences = knockSequences[1:]
	}
}

// handleSuccess is ran when a source IP successfully enters the authentic knock sequence
// the configured success action is ran
func handleSuccess(srcip net.IP) {
	fmt.Println("Successful knock from:", srcip)
	// Don't care about command injection, the configuration file providing the command literally NEEDS to be trusted
	// TBD: Use template / substitution instead of string formatting directive - allows for srcip token to be used multiple times
	cmd := exec.Command("sh", "-c", fmt.Sprintf(serverConfig.SuccessAction, srcip))
	err := cmd.Run()
	if err != nil {
		log.Printf("failed to execute success action command for '%s': %v", srcip, err)
	}
}
BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`/*`
			`Copyright © 2024 Steven Polley <himself@stevenpolley.net>`
			`*/`

			`package server`
initial commit 2024-04-07 03:59:13 +00:00
			`import (`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`"bytes"`
initial commit 2024-04-07 03:59:13 +00:00			`"encoding/binary"`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`"errors"`
initial commit 2024-04-07 03:59:13 +00:00			`"fmt"`
			`"log"`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`"net"`
BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`"os"`
			`"os/exec"`
initial commit 2024-04-07 03:59:13 +00:00			`"time"`

add scaffolding for configuration file 2024-04-18 01:12:01 +00:00			`"deadbeef.codes/steven/hyp/hypd/configuration"`
initial commit 2024-04-07 03:59:13 +00:00			`"deadbeef.codes/steven/hyp/otphyp"`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`"github.com/cilium/ebpf/link"`
			`"github.com/cilium/ebpf/ringbuf"`
			`"github.com/cilium/ebpf/rlimit"`
initial commit 2024-04-07 03:59:13 +00:00			`)`

enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --type knock_data hyp_bpf hyp_bpf.c`

keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`// Client is used to keep track of a client attempting to perform an authentic knock sequence`
initial commit 2024-04-07 03:59:13 +00:00			`type Client struct {`
add knock sequence timeout This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence. 2024-04-15 00:14:24 +00:00			`Progress int // index of current progress in sequence. Value of 1 means first port has been matched`
			`Sequence [4]uint16 // stores the knock sequence the current client is attempting. It's set and tracked here to prevent race conditions during a knock sequence being received and key rotations`
initial commit 2024-04-07 03:59:13 +00:00			`}`

keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`// KnockSequence is used keep track of an ordered knock sequence and whether it's been marked for use (to prevent replay attacks)`
			`type KnockSequence struct {`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00			`Used bool // If true, that means this knock sequence has already been used once. It may still be within the valid time window, but it can't be used again`
			`PortSequence [4]uint16 // Each knock sequence is four ports long`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`}`

add knock sequence timeout This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence. 2024-04-15 00:14:24 +00:00			`const (`
			`KnockSequenceTimeout = 3 // TBD: Make this a configurable value`
			`)`

initial commit 2024-04-07 03:59:13 +00:00			`var (`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`clients map[uint32]*Client // Contains a map of clients, key is IPv4 address`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00			`knockSequences []KnockSequence // We have 3 valid knock sequences at any time to account for clock skew`
			`sharedSecret string // base32 encoded shared secret used for totp`
Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`serverConfig *configuration.HypdConfiguration`
initial commit 2024-04-07 03:59:13 +00:00			`)`

change pcap snaplen to 126 bytes We really only care getting as far as the UDP header and can discard the rest. This should reduce load, and perhaps enable full pcap with ports on the BPF filter UDP header = 8 bytes IPv4 max size = 60 bytes IPv6 fixed size = 40 bytes Ethernet header size = 18 bytes 2024-04-11 21:21:48 +00:00			`// PacketServer is the main function when operating in server mode`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00			`// it sets up the pcap on the capture device and starts a goroutine`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`// to rotate the knock sequence`
BREAKING: Interface name is now specified by configuration file The syntax for the hypd server command has changed. Now instead of specifying an interface name as an argument to the server command, you instead specify a configuration file path. Example: ./hypd server hypdconfig.json 2024-04-18 01:41:24 +00:00			`func PacketServer(config *configuration.HypdConfiguration) error {`
Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`serverConfig = config`
			`iface, err := net.InterfaceByName(serverConfig.NetworkInterface)`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`if err != nil {`
Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`log.Fatalf("lookup network iface %q: %v", serverConfig.NetworkInterface, err)`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`}`

BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`secretBytes, err := os.ReadFile("hyp.secret")`
			`if err != nil {`
			`log.Fatalf("failed to read file 'hyp.secret': %v", err)`
			`}`
			`sharedSecret = string(secretBytes)`

enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`clients = make(map[uint32]*Client, 0)`
BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`knockSequences = []KnockSequence{}`
initial commit 2024-04-07 03:59:13 +00:00
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`// Setup a goroutine to periodically rotate the authentic knock sequence`
			`go rotateSequence()`

			`////////////////////////////////////`

			`// Allow the current process to lock memory for eBPF resources.`
			`if err := rlimit.RemoveMemlock(); err != nil {`
			`log.Fatal(err)`
			`}`

			`// Load pre-compiled programs into the kernel.`
			`objs := hyp_bpfObjects{}`
			`if err := loadHyp_bpfObjects(&objs, nil); err != nil {`
			`log.Fatalf("loading objects: %v", err)`
			`}`
			`defer objs.Close()`

			`// Attach the program.`
			`l, err := link.AttachXDP(link.XDPOptions{`
			`Program: objs.XdpProgFunc,`
			`Interface: iface.Index,`
			`})`
initial commit 2024-04-07 03:59:13 +00:00			`if err != nil {`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`log.Fatalf("could not attach XDP program: %v", err)`
initial commit 2024-04-07 03:59:13 +00:00			`}`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`defer l.Close()`
initial commit 2024-04-07 03:59:13 +00:00
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`log.Printf("Attached XDP program to iface %q (index %d)", iface.Name, iface.Index)`
			`log.Printf("Press Ctrl-C to exit and remove the program")`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`rd, err := ringbuf.NewReader(objs.Rb)`
			`if err != nil {`
			`log.Fatalf("could not open ring buffer reader: %v", err)`
			`}`
			`defer rd.Close()`

			`var event hyp_bpfKnockData`
			`for {`
			`record, err := rd.Read()`
			`if err != nil {`
			`if errors.Is(err, ringbuf.ErrClosed) {`
			`log.Println("eBPF ring buffer closed, exiting...")`
			`return nil`
			`}`
			`log.Printf("error reading from ring buffer reader: %v", err)`
			`continue`
			`}`

			`if err := binary.Read(bytes.NewBuffer(record.RawSample), binary.LittleEndian, &event); err != nil {`
			`log.Printf("error parsing ringbuf event: %v", err)`
			`continue`
			`}`
			`handleKnock(event)`
initial commit 2024-04-07 03:59:13 +00:00			`}`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`}`

			`// intToIP converts IPv4 number to net.IP`
			`func intToIP(ipNum uint32) net.IP {`
			`ip := make(net.IP, 4)`
			`binary.BigEndian.PutUint32(ip, ipNum)`
			`return ip`
initial commit 2024-04-07 03:59:13 +00:00			`}`

			`// packets that match the BPF filter get passed to handlePacket`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`func handleKnock(knockEvent hyp_bpfKnockData) {`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`client, ok := clients[knockEvent.Srcip]`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00			`if !ok { // client doesn't exist yet`
			`for i, knockSequence := range knockSequences { // identify which of the 3 authentic knock sequences is matched`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`if knockSequence.Used { // skip over sequences that are already used to prevent replay attack`
			`continue`
			`}`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`if knockEvent.Dstport == knockSequence.PortSequence[0] {`
minor fixes to usage() and comments 2024-04-08 03:33:13 +00:00			`// Create the client and mark the knock sequence as used`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`clients[knockEvent.Srcip] = &Client{Progress: 1, Sequence: knockSequence.PortSequence}`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`knockSequences[i].Used = true`
add knock sequence timeout This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence. 2024-04-15 00:14:24 +00:00			`go timeoutKnockSequence(knockEvent.Srcip)`
initial commit 2024-04-07 03:59:13 +00:00			`}`
			`}`
			`return`
			`}`

			`// if it's wrong, reset progress`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`if knockEvent.Dstport != client.Sequence[client.Progress] {`
			`delete(clients, knockEvent.Srcip)`
			`fmt.Printf("port '%d' is in sequence, but came at unexpected order - resetting progress", knockEvent.Dstport)`
initial commit 2024-04-07 03:59:13 +00:00			`return`
			`}`

			`// Client increases progress through sequence and checks if sequence is completed`
			`client.Progress++`
			`if client.Progress >= len(client.Sequence) {`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`delete(clients, knockEvent.Srcip)`
			`handleSuccess(intToIP(knockEvent.Srcip)) // The magic function, the knock is completed`
initial commit 2024-04-07 03:59:13 +00:00			`return`
			`}`
			`}`

add knock sequence timeout This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence. 2024-04-15 00:14:24 +00:00			`// Remove the client after the timeout value has elapsed. This prevents a client from`
			`// being indefinitely stuck part way through an old knock sequence. It's also helpful`
			`// in preventing sweep attacks as the authentic knock sequence must be correctly entered`
			`// within the timeout value from start to finish.`
			`func timeoutKnockSequence(srcip uint32) {`
			`time.Sleep(time.Second * KnockSequenceTimeout)`
			`_, ok := clients[srcip]`
			`if ok {`
			`delete(clients, srcip)`
			`}`
			`}`

initial commit 2024-04-07 03:59:13 +00:00			`// Used to rotate the authentic port knock sequence`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`func rotateSequence() {`
initial commit 2024-04-07 03:59:13 +00:00			`for {`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`// Generate new knock sequences with time skew support`
			`t := time.Now().Add(time.Second * -30)`
			`for i := len(knockSequences); i < 3; i++ {`
			`portSequence, err := otphyp.GeneratePorts(sharedSecret, t.Add((time.Second * 30 * time.Duration(i))))`
			`if err != nil {`
			`log.Fatalf("failed to generate port knock sequence: %v", err)`
initial commit 2024-04-07 03:59:13 +00:00			`}`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`knockSequence := KnockSequence{PortSequence: portSequence}`
			`knockSequences = append(knockSequences, knockSequence)`
initial commit 2024-04-07 03:59:13 +00:00			`}`
keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`fmt.Println("New sequences:", knockSequences)`
initial commit 2024-04-07 03:59:13 +00:00
			`// Sleep until next 30 second offset`
			`time.Sleep(time.Until(time.Now().Truncate(time.Second * 30).Add(time.Second * 30)))`

keep track of knock sequences which are already used 2024-04-07 13:59:23 +00:00			`// pop first value, next iteration pushes new value`
			`knockSequences = knockSequences[1:]`
initial commit 2024-04-07 03:59:13 +00:00			`}`
			`}`

Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`// handleSuccess is ran when a source IP successfully enters the authentic knock sequence`
			`// the configured success action is ran`
enter eBPF, libpcap and CGO = bloat 2024-04-14 03:22:22 +00:00			`func handleSuccess(srcip net.IP) {`
Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`fmt.Println("Successful knock from:", srcip)`
			`// Don't care about command injection, the configuration file providing the command literally NEEDS to be trusted`
			`// TBD: Use template / substitution instead of string formatting directive - allows for srcip token to be used multiple times`
			`cmd := exec.Command("sh", "-c", fmt.Sprintf(serverConfig.SuccessAction, srcip))`
BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`err := cmd.Run()`
			`if err != nil {`
Make the success action configurable Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed. 2024-04-18 17:22:03 +00:00			`log.Printf("failed to execute success action command for '%s': %v", srcip, err)`
BREAKING: changes to CLI interface, moved to cobra CLI To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now. 2024-04-11 03:42:38 +00:00			`}`
			`}`