Fix channel join flooding and enhance TUI features

- Implemented separate PacketID counters for Ping, Pong, and Ack (protocol compliance).
- Encrypted outgoing Pong packets after handshake.
- Fixed 'clientmove' command by omitting empty 'cpw' parameter.
- Added fullscreen log view toggle ('f' key).
- Improved logging with multi-writer and timestamps.
- Updated .gitignore to exclude binaries and logs.

internal/client/packet.go

@@ -20,8 +20,9 @@ func (c *Client) handlePacket(pkt *protocol.Packet) error {
 		binary.BigEndian.PutUint16(ackData, pkt.Header.PacketID)
 
 		ack := protocol.NewPacket(protocol.PacketTypeAck, ackData)
-		// Spec/ts3j: Header PID for ACK matches the packet being acknowledged
-		ack.Header.PacketID = pkt.Header.PacketID
+		// Spec/ts3j: Ack has its own counter
+		c.AckPacketID++
+		ack.Header.PacketID = c.AckPacketID
 		ack.Header.ClientID = c.ClientID
 		// ACKs usually don't have NewProtocol flag set in Header byte
 		ack.Header.Type &= ^uint8(protocol.PacketFlagNewProtocol)
@@ -56,28 +57,61 @@ func (c *Client) handlePacket(pkt *protocol.Packet) error {
 	case protocol.PacketTypeVoice:
 		c.handleVoice(pkt)
 	case protocol.PacketTypePing:
+		// Respond with Pong
 		// Respond with Pong
 		pong := protocol.NewPacket(protocol.PacketTypePong, nil)
-		// Spec/ts3j: Header PID for Pong matches the Ping ID
-		pong.Header.PacketID = pkt.Header.PacketID
+		// Spec/ts3j: Pong has its own counter
+		c.PongPacketID++
+		pong.Header.PacketID = c.PongPacketID
 		pong.Header.ClientID = c.ClientID
-		// Must NOT have NewProtocol (0x20) flag for Pings/Pongs
-		pong.Header.Type = uint8(protocol.PacketTypePong) | protocol.PacketFlagUnencrypted
 
-		// Use SharedMac if available, otherwise zeros
-		if c.Handshake != nil && len(c.Handshake.SharedMac) > 0 {
+		// Determine valid keys for encryption
+		key := protocol.HandshakeKey
+		nonce := protocol.HandshakeNonce
+		shouldEncrypt := false
+
+		if c.Handshake != nil && c.Handshake.Step >= 6 && len(c.Handshake.SharedMac) > 0 {
+			shouldEncrypt = true
 			copy(pong.Header.MAC[:], c.Handshake.SharedMac)
+
+			// Generate EAX keys
+			if len(c.Handshake.SharedIV) > 0 {
+				crypto := &protocol.CryptoState{
+					SharedIV:     c.Handshake.SharedIV,
+					SharedMac:    c.Handshake.SharedMac,
+					GenerationID: 0,
+				}
+				key, nonce = crypto.GenerateKeyNonce(&pong.Header, true) // Client->Server
+			}
 		} else {
+			// Pre-handshake or fallback
+			pong.Header.Type = uint8(protocol.PacketTypePong) | protocol.PacketFlagUnencrypted
 			for i := 0; i < 8; i++ {
 				pong.Header.MAC[i] = 0
 			}
 		}
 
 		// The body of the Pong must contain the PID of the Ping it's acknowledging
-		pong.Data = make([]byte, 2)
-		binary.BigEndian.PutUint16(pong.Data, pkt.Header.PacketID)
+		pongData := make([]byte, 2)
+		binary.BigEndian.PutUint16(pongData, pkt.Header.PacketID)
+
+		if shouldEncrypt {
+			// Encrypt the Pong data
+			// Meta for Client->Server: PID(2) + CID(2) + PT(1) = 5 bytes
+			meta := make([]byte, 5)
+			binary.BigEndian.PutUint16(meta[0:2], pong.Header.PacketID)
+			binary.BigEndian.PutUint16(meta[2:4], pong.Header.ClientID)
+			meta[4] = pong.Header.Type // ensure NewProtocol is NOT set (0x05)
+
+			encData, mac, _ := protocol.EncryptEAX(key, nonce, meta, pongData)
+			pong.Data = encData
+			copy(pong.Header.MAC[:], mac)
+			log.Printf("Sending Encrypted Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
+		} else {
+			pong.Data = pongData
+			log.Printf("Sending Unencrypted Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
+		}
 
-		log.Printf("Sending Pong (HeaderPID=%d) for Ping", pong.Header.PacketID)
 		c.Conn.SendPacket(pong)
 	case protocol.PacketTypePong:
 		// Server acknowledged our Ping