Instead of using the hardcoded proof of concept for iptables, the success action is now read from the hypd configuration file and whatever is defined there is executed.
The syntax for the hypd server command has changed. Now instead of specifying an interface name as an argument to the server command, you instead specify a configuration file path.
Example:
./hypd server hypdconfig.json
These were previously used while trying to parse out specific headers. They are no longer required though because the current length bounds checks covers edge cases.
This provides another layer of additional protection against sweep attacks by ensuring the correct sequence be entered rapidly, within 3 seconds by default. It also prevents a client from sitting stuck forever part way through an old knock sequence.
We really only care getting as far as the UDP header and can discard the rest. This should reduce load, and perhaps enable full pcap with ports on the BPF filter
UDP header = 8 bytes
IPv4 max size = 60 bytes
IPv6 fixed size = 40 bytes
Ethernet header size = 18 bytes
To better support configuration and user friendliness, migrated to cobra based CLI. The source tree structure has also changed to single go module, the server has been renamed hypd and client has been named hyp. The original structure came into being organically, but now that the vision is more complete it's best to make these adjustments now.
