146 lines
3.6 KiB
Plaintext
146 lines
3.6 KiB
Plaintext
$OpenBSD: TO-DO,v 1.26 2003/08/28 14:43:35 markus Exp $
|
|
$EOM: TO-DO,v 1.45 2000/04/07 22:47:38 niklas Exp $
|
|
|
|
This file mixes small nitpicks with large projects to be done.
|
|
|
|
* Add debugging messages, maybe possible to control asynchronously. [done]
|
|
|
|
* Implement the local policy governing logging and notification of exceptional
|
|
conditions.
|
|
|
|
* A field description mechanism used for things like making packet dumps
|
|
readable etc. Both Photurisd and Pluto does this. [done]
|
|
|
|
* Fix the cookies. <Niels> [done]
|
|
|
|
* Garbage collect transports (ref-counting?). [done]
|
|
|
|
* Retransmission/dup packet handling. [done]
|
|
|
|
* Generic payload checks. [mostly done]
|
|
|
|
* For math, speed up multiplication and division functions.
|
|
|
|
* Cleanup of SAs when dropping messages. [done]
|
|
|
|
* Look over message resource tracking. [done]
|
|
|
|
* Retransmission timing & count adaptivity and configurability.
|
|
[configurability done]
|
|
|
|
* Quick mode exchanges [done]
|
|
|
|
* Aggressive mode exchange. [done]
|
|
|
|
* Finish main mode exchange [done]
|
|
|
|
* Separation of key exchange from the IPsec DOI, i.e. factor out IKE details.
|
|
|
|
* Setup the IPsec situation field in the main mode. [done]
|
|
|
|
* Kernel interface for IPsec parameter passing. [done]
|
|
|
|
* Notify of unsupported situations.
|
|
|
|
* Set/get field macros generated from the field descriptions. [done]
|
|
|
|
* SIGHUP handler with reparsing of config file. [done]
|
|
|
|
* RSA signature authentication. <Niels> [done]
|
|
|
|
* DSS signature authentication.
|
|
|
|
* RSA encryption authentication.
|
|
|
|
* New group mode.
|
|
|
|
* DELETE payload handling, and generation from ui. [generation done]
|
|
|
|
* Deal well with incoming informational exchanges. [done]
|
|
|
|
* Generate all possible SA attributes in quick mode. [done]
|
|
|
|
* Validate incoming attribute according to policy, main mode. [done]
|
|
|
|
* Validate incoming attribute according to policy, quick mode. [done]
|
|
|
|
* Cleanup reserved SPIs on cleanup of associated SAs. [done]
|
|
|
|
* Validate attribute types (i.e. that what the specs tells should be
|
|
basic).
|
|
|
|
* Cleanup reserved SPIs in proposals never chosen. [done]
|
|
|
|
* Add time measuring and reporting to the exchange code for catching of
|
|
bottlenecks.
|
|
|
|
* Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY
|
|
listener socket. [done]
|
|
|
|
* Validate the configuration file.
|
|
|
|
* Do a soft-limit on ISAKMP SA lifetime. [done]
|
|
|
|
* Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done]
|
|
|
|
* IPsec rekeying. [done]
|
|
|
|
* Store tunnels into SPD, and handle acquire SA events. [done]
|
|
|
|
* If an exchange is on-going when a rekey event happens, drop the request.
|
|
[done]
|
|
|
|
* INITIAL CONTACT notification sending when appropriate. [done]
|
|
|
|
* INITIAL CONTACT notification handling. [done]
|
|
|
|
* IPsec SAs could also do with timers protecting its lifetime, if say,
|
|
someone changed the lifetime of the IPsec SA in stack under us. [done]
|
|
|
|
* Handle notifications showing the peer did not want to continue this exchange.
|
|
|
|
* Flexible identification.
|
|
|
|
* Remove referring flows when a SPI is removed. [done]
|
|
|
|
* IPCOMP.
|
|
|
|
* Acknowledged notification exchange.
|
|
|
|
* Tiger hash.
|
|
|
|
* El-Gamal public key encryption.
|
|
|
|
* Check of attributes not being changed by the responder in phase 2.
|
|
|
|
* See to the commit bit will never be used in phase 1. Give INVALID-FLAGS
|
|
if seeing it.
|
|
|
|
* Base mode.
|
|
|
|
* IKECFG [protocol done, configuration controls remain]
|
|
|
|
* XAUTH framework.
|
|
|
|
* PKCS#11
|
|
|
|
* XAUTH hybrid frame work.
|
|
|
|
* Specify extra certificates to send somehow.
|
|
|
|
* Handle CERTs anywhere in an exchange.
|
|
|
|
* Add a way to do multiple configuration commands via ui.
|
|
|
|
* Replace ui's fifo with a slightly more versatile interface.
|
|
|
|
* Report current configuration. [done]
|
|
|
|
* IPv6 [done]
|
|
|
|
* AES in phase 1 [done]
|
|
|
|
* x509_certreq_validate needs implementing.
|
|
|
|
* Smartcard support.
|