| 1 | Server maintains a queue of outbound packets for each user |
| 2 | |
| 3 | Packets which are older than the applicable max_queue_time are discarded |
| 4 | |
| 5 | Each incoming request to the server takes up to max_batch_down bytes |
| 6 | from the queue and returns them as the POST response body payload |
| 7 | |
| 8 | Each incoming request contains up to max_batch_up bytes of payload. |
| 9 | It's a multipart/form-data. |
| 10 | |
| 11 | Authentication: clock-based lifetime-limited bearer tokens. |
| 12 | |
| 13 | Encryption and integrity checking: none. Use a real VPN over this! |
| 14 | |
| 15 | Routing assistance: none in hippotat; can be requested on client |
| 16 | from userv-ipif via `vroutes' parameter. Use with secnet polypath |
| 17 | ideally uses the special support in secnet 0.4.x. |
| 18 | |
| 19 | Client form parameters (multipart/form-data): |
| 20 | m metadata, newline-separated list (text file) of |
| 21 | client ip address (textual) |
| 22 | token |
| 23 | target_requests_outstanding |
| 24 | http_timeout |
| 25 | d data (SLIP format, with SLIP_ESC and `-' swapped) |
| 26 | |
| 27 | |
| 28 | Authentication token is: |
| 29 | <time_t in hex with no leading 0s> <hmac in base64> |
| 30 | (separated by a single space). The hmac is |
| 31 | HMAC(secret, <time_t in hex>) |
| 32 | |
| 33 | |
| 34 | Possible future nonce-based authentication: |
| 35 | |
| 36 | server keeps big nonce counter for each client |
| 37 | meaning is: |
| 38 | nonce counter is most recent nonce client has sent |
| 39 | also server keeps bitmap of the previous ?64 nonces, |
| 40 | whether client has sent them |
| 41 | |
| 42 | client picks.... xxx |