1 Server maintains a queue of outbound packets for each user
3 Packets which are older than the applicable max_queue_time are discarded
5 Each incoming request to the server takes up to max_batch_down bytes
6 from the queue and returns them as the POST response body payload
8 Each incoming request contains up to max_batch_up bytes of payload.
9 It's a multipart/form-data.
11 Authentication: clock-based lifetime-limited bearer tokens.
13 Encryption and integrity checking: none. Use a real VPN over this!
15 Routing assistance: none in hippotat; can be requested on client
16 from userv-ipif via `vroutes' parameter. Use with secnet polypath
17 ideally uses the special support in secnet 0.4.x.
19 Client form parameters (multipart/form-data):
20 m metadata, newline-separated list (text file) of
21 client ip address (textual)
23 target_requests_outstanding
26 max_batch_down } by older
27 max_batch_up } clients
28 d data (SLIP format, with SLIP_ESC and `-' swapped)
31 Authentication token is:
32 <time_t in hex with no leading 0s> <hmac in base64>
33 (separated by a single space). The hmac is
34 HMAC(secret, <time_t in hex>)
35 and the hash function is SHA256
38 Possible future nonce-based authentication:
40 server keeps big nonce counter for each client
42 nonce counter is most recent nonce client has sent
43 also server keeps bitmap of the previous ?64 nonces,
44 whether client has sent them
46 difficult because client-generated nonces would have to never go
47 backwaards which basically means never-rewinding state on the client.