1e195c3768
fix client broke from last commit
continuous-integration/drone/push Build is passing
2024-04-19 22:08:16 -06:00
2951c1f684
add support for multiple secrets (independent agents) on the knock daemon
...
continuous-integration/drone/push Build is failing
This allows you to generate more than one pre-shared secret on the knock daemon so that you can distribute the secret and control revocation at a more granular level. Each additional secret creates one more concurrent authentic knock sequence.
2024-04-19 22:04:00 -06:00
334407e309
mislinked
continuous-integration/drone/push Build is passing
2024-04-19 20:34:07 -06:00
348fe6296b
Add example vulnerabilities
continuous-integration/drone/push Build is passing
2024-04-19 20:20:34 -06:00
b8a16fed7f
Minor formatting fixes
continuous-integration/drone/push Build is passing
2024-04-19 19:21:56 -06:00
59cd35a51e
Merge branch 'main' of https://deadbeef.codes/steven/hyp
continuous-integration/drone/push Build is passing
2024-04-19 19:19:14 -06:00
35f58da4f0
Rewrite readme.md
...
Make the project goal more clear, less personal opinion mentioned. Mention how hyp differentiates itself, how the authentic knock sequence is determined with a diagram. Provide instructions to build.
2024-04-19 19:18:39 -06:00
034f3024b6
add diagram
continuous-integration/drone/push Build is passing
2024-04-19 18:46:43 -06:00
05e37193b4
Make the success action configurable
...
Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed.
2024-04-18 11:22:03 -06:00
79aa8136c5
add openwrt-wireguard example
continuous-integration/drone/push Build is passing
2024-04-18 09:39:21 -06:00
344d874c02
minor formatting changes
2024-04-18 09:39:05 -06:00
1ffadf5c86
BREAKING: Interface name is now specified by configuration file
...
continuous-integration/drone/push Build is passing
The syntax for the hypd server command has changed. Now instead of specifying an interface name as an argument to the server command, you instead specify a configuration file path.
Example:
./hypd server hypdconfig.json
2024-04-17 19:41:24 -06:00
e95b4972da
add scaffolding for configuration file
2024-04-17 19:12:01 -06:00
a0d118b987
Ensure generated code is checked in
continuous-integration/drone/push Build is passing
2024-04-16 20:09:54 -06:00
e9aefaf8d6
README add/edit
2024-04-16 20:09:37 -06:00
beed9726e3
remove unreferenced macros...
...
These were previously used while trying to parse out specific headers. They are no longer required though because the current length bounds checks covers edge cases.
2024-04-16 20:09:01 -06:00
e85b644e82
Add maxjitter flag to hyp client
...
continuous-integration/drone/push Build is passing
This to allow configurable time between knock sequence transmissions. It's important the sequence arrive in the correct order, and some networks have multiple paths.
2024-04-16 19:44:25 -06:00
2c43affac9
fix typo in help message
2024-04-16 19:43:39 -06:00
fbf1758ccb
added generated go code from ebpg-go
continuous-integration/drone/push Build is passing
2024-04-14 21:03:22 -06:00
ffb4b7681f
Merge branch 'main' of https://deadbeef.codes/steven/hyp
continuous-integration/drone/push Build is passing
2024-04-14 21:01:03 -06:00
7f2e3c0ed9
Added pre-compiled ebpf programs
2024-04-14 21:00:31 -06:00
4ec16513ac
give meaningful names to build artifacts
continuous-integration/drone/push Build was killed
continuous-integration/drone/tag Build is passing
2024-04-14 19:18:35 -06:00
0d113b4e8b
fix dist files path for releases
continuous-integration/drone/push Build was killed
continuous-integration/drone/tag Build is passing
2024-04-14 19:05:11 -06:00
8cd537cd79
Merge branch 'main' of https://deadbeef.codes/steven/hyp
continuous-integration/drone/push Build was killed
continuous-integration/drone/tag Build is passing
2024-04-14 18:39:17 -06:00
80043a571d
release on tag
2024-04-14 18:39:08 -06:00
998c9e217c
add build badge to readme
continuous-integration/drone/push Build is passing
continuous-integration/drone/promote/release Build is failing
2024-04-14 18:20:05 -06:00
977aef9ee2
separate hyp and hypd build into different steps, add windows build
continuous-integration/drone/push Build was killed
2024-04-14 18:19:52 -06:00
5f10c27b0f
add knock sequence timeout
...
continuous-integration/drone/push Build is passing
This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence.
2024-04-14 18:14:24 -06:00
0b876665d5
add step to create symlinks - required for compiling eBPF program
continuous-integration/drone/push Build was killed
continuous-integration/drone/promote/environment Build is passing
2024-04-14 09:59:23 -06:00
d422724556
source /root/.profile
continuous-integration/drone/push Build is failing
2024-04-14 09:54:43 -06:00
a73854e040
do explicitly create not create /dist, it's created during mount
continuous-integration/drone/push Build is failing
2024-04-14 09:53:52 -06:00
d40147d61c
source command is a bash thing
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/promote/environment Build is failing
it doesn't exist in sh
2024-04-14 09:10:35 -06:00
3cbd6eace2
add public release volume to build pipeline
...
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/promote/environment Build is failing
Allows us to get the latest build at any time from: https://public.deadbeef.codes/build/
2024-04-14 08:49:10 -06:00
42e5679570
Fix EOF error when building in dockerfile
continuous-integration/drone/push Build is failing
2024-04-14 08:43:27 -06:00
54159e2e5e
Add golang bin to path of build image
continuous-integration/drone/push Build is failing
continuous-integration/drone/promote/environment Build is failing
2024-04-14 08:29:21 -06:00
e197990185
mfw: half my commits are fixing yaml indentations
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/promote/environment Build is failing
2024-04-13 23:00:02 -06:00
f3d84f09fd
fix indenting i do love yaml tho
continuous-integration/drone/push Build encountered an error
2024-04-13 22:59:21 -06:00
0382892f73
add condition for release
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/promote/environment Build was killed
2024-04-13 22:58:24 -06:00
cb20f91223
add CICD pipeline (untested)
continuous-integration/drone/push Build encountered an error
2024-04-13 22:56:21 -06:00
2efe3344b4
knock frames should not contain any data, only headers
2024-04-13 21:50:20 -06:00
0ad3e2b0d4
enter eBPF, libpcap and CGO = bloat
2024-04-13 21:22:22 -06:00
3ae568639e
add flag to specify alternative filepath to secret
...
For the hyp client to be able to support multiple servers, each with their own secret, this capability is requried.
2024-04-11 15:31:08 -06:00
ead7578544
change pcap snaplen to 126 bytes
...
We really only care getting as far as the UDP header and can discard the rest. This should reduce load, and perhaps enable full pcap with ports on the BPF filter
UDP header = 8 bytes
IPv4 max size = 60 bytes
IPv6 fixed size = 40 bytes
Ethernet header size = 18 bytes
2024-04-11 15:21:48 -06:00
3ff47dfa19
use cobra args, not os.Args
2024-04-10 21:51:00 -06:00
291cbaabd4
BREAKING: changes to CLI interface, moved to cobra CLI
...
To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now.
2024-04-10 21:42:38 -06:00
cca8310dd1
Change license from GPLv3 to BSD3
2024-04-10 06:10:38 -06:00
bd7fff97b3
rename hyp-client to hyp and upgrade internal dependencies
...
hyp-client is cumbersome. The server is called hypd, so it's fine if the client is just called hyp. Not only is it fine, it's better.
2024-04-07 21:34:14 -06:00
19388ca140
minor fixes to usage() and comments
2024-04-07 21:33:13 -06:00
b95f764fc9
breaking: increase keysize
...
This change increases the pre-shared key size, and requires regenerating any existing keys.
2024-04-07 21:15:34 -06:00
27c2f28429
keep track of knock sequences which are already used
2024-04-07 07:59:23 -06:00