~mdw
/
hippotat
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ResponseConsumer: break out connectionLostOK into superclass
[hippotat]
/
PROTOCOL
diff --git
a/PROTOCOL
b/PROTOCOL
index
c7033af
..
e18cf0e
100644
(file)
--- a/
PROTOCOL
+++ b/
PROTOCOL
@@
-1,41
+1,42
@@
Server maintains a queue of outbound packets for each user
Server maintains a queue of outbound packets for each user
-Packets which are older than
MAX_QUEUE_TIME
are discarded
+Packets which are older than
the applicable max_queue_time
are discarded
-Each incoming request to the server takes up to
MAX_BATCH_DOWN
bytes
+Each incoming request to the server takes up to
max_batch_down
bytes
from the queue and returns them as the POST response body payload
from the queue and returns them as the POST response body payload
-Each incoming request contains up to
MAX_BATCH_UP
bytes of payload.
+Each incoming request contains up to
max_batch_up
bytes of payload.
It's a multipart/form-data.
It's a multipart/form-data.
-Authentication:
for now, plaintext password
+Authentication:
clock-based lifetime-limited bearer tokens.
-Sever side configuration:
+Encryption and integrity checking: none. Use a real VPN over this!
- [<client-ipaddr>] or [default]
- max_batch_down
- max_queue_time
- max_request_time
- password
+Routing assistance: none in hippotat; can be requested on client
+ from userv-ipif via `vroutes' parameter. Use with secnet polypath
+ ideally uses the special support in secnet 0.4.x.
- [global]
- max_batch_down
- max_queue_time
- max_request_time
+Client form parameters (multipart/form-data):
+ m metadata, newline-separated list (text file) of
+ client ip address (textual)
+ token
+ target_requests_outstanding
+ http_timeout
+ d data (SLIP format, with SLIP_ESC and `-' swapped)
- [virtual]
- network # required
- host # default is first host in network (eg <network>.1)
- relay # default is first host in network not equal to server
- mtu # default is 1500
-Client side configuration;
- MAX_BATCH_DOWN MAX_QUEUE_TIME PASSWORD
+Authentication token is:
+ <time_t in hex with no leading 0s> <hmac in base64>
+(separated by a single space). The hmac is
+ HMAC(secret, <time_t in hex>)
-Routing assistance: none needed; secnet polypath will DTRT
-Client form parameters:
- i ip address (textual)
- p password
- d data (SLIP format)
- mbd mqt mrt config updates
+Possible future nonce-based authentication:
+
+server keeps big nonce counter for each client
+meaning is:
+ nonce counter is most recent nonce client has sent
+also server keeps bitmap of the previous ?64 nonces,
+ whether client has sent them
+
+client picks.... xxx