Fix channel join flooding and enhance TUI features

- Implemented separate PacketID counters for Ping, Pong, and Ack (protocol compliance).
- Encrypted outgoing Pong packets after handshake.
- Fixed 'clientmove' command by omitting empty 'cpw' parameter.
- Added fullscreen log view toggle ('f' key).
- Improved logging with multi-writer and timestamps.
- Updated .gitignore to exclude binaries and logs.

internal/client/client.go

@@ -1,6 +1,8 @@
 package client
 
 import (
+	"encoding/binary"
+	"fmt"
 	"log"
 	"sync"
 	"time"
@@ -29,8 +31,11 @@ type Client struct {
 	ClientID uint16
 
 	// Counters
-	PacketIDCounterC2S uint16
-	VoicePacketID      uint16
+	PacketIDCounterC2S uint16 // Commands (Type 0x02)
+	VoicePacketID      uint16 // Voice (Type 0x00)
+	PingPacketID       uint16 // Type 0x04
+	PongPacketID       uint16 // Type 0x05
+	AckPacketID        uint16 // Type 0x06
 
 	// State
 	Connected  bool
@@ -136,25 +141,52 @@ func (c *Client) Connect(address string) error {
 			if !c.Connected {
 				continue // Don't send pings if not connected yet
 			}
-			ping := protocol.NewPacket(protocol.PacketTypePing, nil)
-			c.PacketIDCounterC2S++
-			ping.Header.PacketID = c.PacketIDCounterC2S
-			ping.Header.ClientID = c.ClientID
-			// Must NOT have NewProtocol (0x20) flag for Pings/Pongs
-			ping.Header.Type = uint8(protocol.PacketTypePing) | protocol.PacketFlagUnencrypted
-
-			// Use SharedMac if available, otherwise zeros (as per ts3j InitPacketTransformation)
-			if c.Handshake != nil && len(c.Handshake.SharedMac) > 0 {
-				copy(ping.Header.MAC[:], c.Handshake.SharedMac)
-			} else {
-				// Initialize Header.MAC with zeros
-				for i := 0; i < 8; i++ {
-					ping.Header.MAC[i] = 0
-				}
+			// Send KeepAlive Ping (Encrypted, No NewProtocol)
+			if err := c.sendPing(); err != nil {
+				log.Printf("Error sending Ping: %v", err)
 			}
-
-			log.Printf("Sending KeepAlive Ping (PID=%d)", ping.Header.PacketID)
-			c.Conn.SendPacket(ping)
 		}
 	}
 }
+
+// sendPing sends an encrypted Ping packet WITHOUT the NewProtocol flag
+func (c *Client) sendPing() error {
+	pType := protocol.PacketTypePing
+	pkt := protocol.NewPacket(pType, nil)
+	c.PingPacketID++
+	pkt.Header.PacketID = c.PingPacketID
+	pkt.Header.ClientID = c.ClientID
+	// Note: We do NOT set PacketFlagNewProtocol for Pings
+
+	// Encryption
+	key := protocol.HandshakeKey[:]
+	nonce := protocol.HandshakeNonce[:]
+
+	if c.Handshake != nil && c.Handshake.Step >= 6 && len(c.Handshake.SharedIV) > 0 {
+		crypto := &protocol.CryptoState{
+			SharedIV:     c.Handshake.SharedIV,
+			SharedMac:    c.Handshake.SharedMac,
+			GenerationID: 0,
+		}
+		keyArr, nonceArr := crypto.GenerateKeyNonce(&pkt.Header, true) // Client->Server=true
+		key = keyArr
+		nonce = nonceArr
+	}
+
+	// Meta for Client->Server: PID(2) + CID(2) + PT(1) = 5 bytes
+	meta := make([]byte, 5)
+	binary.BigEndian.PutUint16(meta[0:2], pkt.Header.PacketID)
+	binary.BigEndian.PutUint16(meta[2:4], pkt.Header.ClientID)
+	meta[4] = pkt.Header.Type
+
+	encData, mac, err := protocol.EncryptEAX(key, nonce, meta, pkt.Data)
+	if err != nil {
+		return fmt.Errorf("encryption failed: %w", err)
+	}
+
+	pkt.Data = encData
+	copy(pkt.Header.MAC[:], mac)
+
+	log.Printf("Sending proper Encrypted Ping (PID=%d)", pkt.Header.PacketID)
+	return c.Conn.SendPacket(pkt)
+}

internal/client/commands.go

@@ -331,6 +331,32 @@ func (c *Client) processCommand(data []byte, pkt *protocol.Packet) error {
 
 				return c.SendCommand(moveCmd)
 			}
+		case "clientlist":
+			// Parse client info (usually received after connection for all clients)
+			nick := ""
+			clientID := uint16(0)
+			channelID := uint64(0)
+			if n, ok := args["client_nickname"]; ok {
+				nick = protocol.Unescape(n)
+			}
+			if cid, ok := args["clid"]; ok {
+				var id uint64
+				fmt.Sscanf(cid, "%d", &id)
+				clientID = uint16(id)
+			}
+			if ctid, ok := args["cid"]; ok {
+				fmt.Sscanf(ctid, "%d", &channelID)
+			}
+
+			// Don't emit for ourselves if we already handle it in initserver
+			if clientID != c.ClientID && clientID != 0 {
+				log.Printf("Existing client: %s (ID=%d) in Channel %d", nick, clientID, channelID)
+				c.emitEvent("client_enter", map[string]any{
+					"clientID":  clientID,
+					"nickname":  nick,
+					"channelID": channelID,
+				})
+			}
 		case "notifycliententerview":
 			// A client entered the server
 			nick := ""

internal/client/packet.go

@@ -20,8 +20,9 @@ func (c *Client) handlePacket(pkt *protocol.Packet) error {
 		binary.BigEndian.PutUint16(ackData, pkt.Header.PacketID)
 
 		ack := protocol.NewPacket(protocol.PacketTypeAck, ackData)
-		// Spec/ts3j: Header PID for ACK matches the packet being acknowledged
-		ack.Header.PacketID = pkt.Header.PacketID
+		// Spec/ts3j: Ack has its own counter
+		c.AckPacketID++
+		ack.Header.PacketID = c.AckPacketID
 		ack.Header.ClientID = c.ClientID
 		// ACKs usually don't have NewProtocol flag set in Header byte
 		ack.Header.Type &= ^uint8(protocol.PacketFlagNewProtocol)
@@ -56,28 +57,61 @@ func (c *Client) handlePacket(pkt *protocol.Packet) error {
 	case protocol.PacketTypeVoice:
 		c.handleVoice(pkt)
 	case protocol.PacketTypePing:
+		// Respond with Pong
 		// Respond with Pong
 		pong := protocol.NewPacket(protocol.PacketTypePong, nil)
-		// Spec/ts3j: Header PID for Pong matches the Ping ID
-		pong.Header.PacketID = pkt.Header.PacketID
+		// Spec/ts3j: Pong has its own counter
+		c.PongPacketID++
+		pong.Header.PacketID = c.PongPacketID
 		pong.Header.ClientID = c.ClientID
-		// Must NOT have NewProtocol (0x20) flag for Pings/Pongs
-		pong.Header.Type = uint8(protocol.PacketTypePong) | protocol.PacketFlagUnencrypted
 
-		// Use SharedMac if available, otherwise zeros
-		if c.Handshake != nil && len(c.Handshake.SharedMac) > 0 {
+		// Determine valid keys for encryption
+		key := protocol.HandshakeKey
+		nonce := protocol.HandshakeNonce
+		shouldEncrypt := false
+
+		if c.Handshake != nil && c.Handshake.Step >= 6 && len(c.Handshake.SharedMac) > 0 {
+			shouldEncrypt = true
 			copy(pong.Header.MAC[:], c.Handshake.SharedMac)
+
+			// Generate EAX keys
+			if len(c.Handshake.SharedIV) > 0 {
+				crypto := &protocol.CryptoState{
+					SharedIV:     c.Handshake.SharedIV,
+					SharedMac:    c.Handshake.SharedMac,
+					GenerationID: 0,
+				}
+				key, nonce = crypto.GenerateKeyNonce(&pong.Header, true) // Client->Server
+			}
 		} else {
+			// Pre-handshake or fallback
+			pong.Header.Type = uint8(protocol.PacketTypePong) | protocol.PacketFlagUnencrypted
 			for i := 0; i < 8; i++ {
 				pong.Header.MAC[i] = 0
 			}
 		}
 
 		// The body of the Pong must contain the PID of the Ping it's acknowledging
-		pong.Data = make([]byte, 2)
-		binary.BigEndian.PutUint16(pong.Data, pkt.Header.PacketID)
+		pongData := make([]byte, 2)
+		binary.BigEndian.PutUint16(pongData, pkt.Header.PacketID)
+
+		if shouldEncrypt {
+			// Encrypt the Pong data
+			// Meta for Client->Server: PID(2) + CID(2) + PT(1) = 5 bytes
+			meta := make([]byte, 5)
+			binary.BigEndian.PutUint16(meta[0:2], pong.Header.PacketID)
+			binary.BigEndian.PutUint16(meta[2:4], pong.Header.ClientID)
+			meta[4] = pong.Header.Type // ensure NewProtocol is NOT set (0x05)
+
+			encData, mac, _ := protocol.EncryptEAX(key, nonce, meta, pongData)
+			pong.Data = encData
+			copy(pong.Header.MAC[:], mac)
+			log.Printf("Sending Encrypted Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
+		} else {
+			pong.Data = pongData
+			log.Printf("Sending Unencrypted Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
+		}
 
-		log.Printf("Sending Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
 		c.Conn.SendPacket(pong)
 	case protocol.PacketTypePong:
 		// Server acknowledged our Ping

internal/client/send.go

@@ -18,6 +18,7 @@ func (c *Client) SendCommand(cmd *protocol.Command) error {
 
 // SendCommandString sends a raw command string with fragmentation.
 func (c *Client) SendCommandString(cmdStr string) error {
+	log.Printf("Sending Command: %s", cmdStr)
 	data := []byte(cmdStr)
 	maxPacketSize := 500
 	maxBody := maxPacketSize - 13 // Header is 13 bytes for C->S (MAC 8, PID 2, TYPE 1, CID 2)