Added version and re-ordered header... Breaking change

README.md

@@ -1,4 +1,4 @@
-# vppn: Virtual Pretty Private Network
+# vppn: Virtual Potentially Private Network
 
 ## TODO
 
@@ -30,7 +30,7 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE
 Type=simple
 User=user
 WorkingDirectory=/home/user/
-ExecStart=/home/user/hub -listen <addr>:https -secure=true -root-dir=/home/user
+ExecStart=/home/user/hub -listen <addr>:https -root-dir=/home/user
 Restart=always
 RestartSec=8
 TimeoutStopSec=24

go.mod

@@ -5,13 +5,12 @@ go 1.23.2
 require (
 	git.crumpington.com/lib/go v0.8.1
 	git.crumpington.com/lib/webutil v0.0.7
-	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
 	golang.org/x/crypto v0.29.0
+	golang.org/x/sys v0.27.0
 )
 
 require (
 	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	golang.org/x/net v0.31.0 // indirect
-	golang.org/x/sys v0.27.0 // indirect
 	golang.org/x/text v0.20.0 // indirect
 )

go.sum

@@ -4,8 +4,6 @@ git.crumpington.com/lib/webutil v0.0.7 h1:1RG9CpuXYalT0NPj8fvxjOLV566LqL37APvAdA
 git.crumpington.com/lib/webutil v0.0.7/go.mod h1:efIEiuK1uqFIhI/dlsWUHMsC5bXcEbJEjmdluRoFPPQ=
 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
 github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8=
-github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
 golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
 golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=

hub/app.go

@@ -19,14 +19,14 @@ var templateFS embed.FS
 type Config struct {
 	RootDir    string
 	ListenAddr string
-	Secure     bool
+	Insecure   bool
 }
 
 type App struct {
-	api    *api.API
-	mux    *http.ServeMux
-	tmpl   map[string]*template.Template
-	secure bool
+	api      *api.API
+	mux      *http.ServeMux
+	tmpl     map[string]*template.Template
+	insecure bool
 }
 
 func NewApp(conf Config) (*App, error) {
@@ -36,10 +36,10 @@ func NewApp(conf Config) (*App, error) {
 	}
 
 	app := &App{
-		api:    api,
-		mux:    http.NewServeMux(),
-		tmpl:   webutil.ParseTemplateSet(templateFuncs, templateFS),
-		secure: conf.Secure,
+		api:      api,
+		mux:      http.NewServeMux(),
+		tmpl:     webutil.ParseTemplateSet(templateFuncs, templateFS),
+		insecure: conf.Insecure,
 	}
 
 	app.registerRoutes()

hub/cookie.go

@@ -17,8 +17,9 @@ func (a *App) setCookie(w http.ResponseWriter, name, value string) {
 		Name:     name,
 		Value:    value,
 		Path:     "/",
-		Secure:   a.secure,
+		Secure:   !a.insecure,
 		SameSite: http.SameSiteStrictMode,
+		HttpOnly: true,
 		MaxAge:   86400 * 365 * 10,
 	})
 }

hub/main.go

@@ -15,7 +15,7 @@ func Main() {
 	conf := Config{}
 	flag.StringVar(&conf.RootDir, "root-dir", "", "[REQUIRED] Root directory.")
 	flag.StringVar(&conf.ListenAddr, "listen", "", "[REQUIRED] Listen address.")
-	flag.BoolVar(&conf.Secure, "secure", false, "Use secure cookies.")
+	flag.BoolVar(&conf.Insecure, "insecure", false, "Don't use secure cookies.")
 
 	flag.Parse()
 

hub/static/custom.css

@@ -1,7 +1,3 @@
-body {
-    max-width: 1920px;
-}
-
 .def-list tr td:first-child {
     text-align:right;
     width:1%;

hub/templates/admin-peer-view.html

@@ -3,7 +3,6 @@
 
 <p>
   <a href="/admin/peer/edit/?PeerIP={{.Peer.PeerIP}}">Edit</a> /
-  <a href="/admin/peer/init/?PeerIP={{.Peer.PeerIP}}">Initialize</a> /
   <a href="/admin/peer/delete/?PeerIP={{.Peer.PeerIP}}">Delete</a>
 </p>
 

node/header.go

@@ -13,23 +13,25 @@ const (
 )
 
 type header struct {
+	Version  byte
 	StreamID byte
-	Counter  uint64 // Init with time.Now().Unix << 30 to ensure monotonic.
 	SourceIP byte
 	DestIP   byte
+	Counter  uint64 // Init with time.Now().Unix << 30 to ensure monotonic.
 }
 
 func (h *header) Parse(b []byte) {
-	h.StreamID = b[0]
-	h.Counter = *(*uint64)(unsafe.Pointer(&b[1]))
-	h.SourceIP = b[9]
-	h.DestIP = b[10]
+	h.Version = b[0]
+	h.StreamID = b[1]
+	h.SourceIP = b[2]
+	h.DestIP = b[3]
+	h.Counter = *(*uint64)(unsafe.Pointer(&b[4]))
 }
 
 func (h *header) Marshal(buf []byte) {
-	buf[0] = h.StreamID
-	*(*uint64)(unsafe.Pointer(&buf[1])) = h.Counter
-	buf[9] = h.SourceIP
-	buf[10] = h.DestIP
-	buf[11] = 0
+	buf[0] = h.Version
+	buf[1] = h.StreamID
+	buf[2] = h.SourceIP
+	buf[3] = h.DestIP
+	*(*uint64)(unsafe.Pointer(&buf[4])) = h.Counter
 }

node/supervisor.go

@@ -107,14 +107,10 @@ type peerStateData struct {
 // ----------------------------------------------------------------------------
 
 func (s *peerStateData) sendControlPacket(pkt interface{ Marshal([]byte) []byte }) {
-	s.limiter.Limit()
-	_sendControlPacket(pkt, s.staged, s.buf1, s.buf2)
+	s._sendControlPacket(pkt, s.staged)
 }
 
-func (s *peerStateData) sendControlPacketTo(
-	pkt interface{ Marshal([]byte) []byte },
-	addr netip.AddrPort,
-) {
+func (s *peerStateData) sendControlPacketTo(pkt interface{ Marshal([]byte) []byte }, addr netip.AddrPort) {
 	if !addr.IsValid() {
 		s.logf("ERROR: Attepted to send packet to invalid address: %v", addr)
 		return
@@ -122,7 +118,14 @@ func (s *peerStateData) sendControlPacketTo(
 	route := s.staged
 	route.Direct = true
 	route.RemoteAddr = addr
-	s.limiter.Limit()
+	s._sendControlPacket(pkt, route)
+}
+
+func (s *peerStateData) _sendControlPacket(pkt interface{ Marshal([]byte) []byte }, route peerRoute) {
+	if err := s.limiter.Limit(); err != nil {
+		s.logf("Not sending control packet: rate limited.") // Shouldn't happen.
+		return
+	}
 	_sendControlPacket(pkt, route, s.buf1, s.buf2)
 }