X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=TODO;h=aea076b3e5424274d72738303b9002d3f5154338;hb=ff05a229397c75142725f45cad191ce4a00625ce;hp=b75c6335954939b12f5137aa0d8db204f1e51d15;hpb=2fe58dfd10216a37f1ece081f926971882de112e;p=secnet.git

diff --git a/TODO b/TODO
index b75c633..aea076b 100644
--- a/TODO
+++ b/TODO
@@ -1,24 +1,42 @@
-conffile.c: deal with line numbers from included conffiles correctly
+dh.c: change format to binary from decimal string (without introducing
+endianness problems)
 
-dh.c: change format to binary from decimal string
+netlink.c: test the 'allow_route' option properly.
+Add fragmentation code.  Check that we comply with RFC1812.
 
-netlink.c: initial implementation done, needs basic router functionality
-adding. Can wait. Also support tun device.
+process.c: capture output from children in sys_cmd() and log it
 
-random.c: test
+random.c: test properly
 
-resolver.c: done
+resolver.c: ought to return a list of addresses for each address; the
+site code ought to remember them and try contacting them in turn.
 
 rsa.c: check padding type, change format to binary from decimal string
+(without introducing endianness problems)
 
-secnet.c: done
+secnet.c: optionally pipe stderr to a log when we become a daemon.
+Don't just close it.
 
-site.c: the site_incoming() routing could be implemented much more
-cleanly using a table. There's still quite a lot of redundancy in this
-file.
+site.c: Abandon key exchanges when a bad packet is received. Modify
+protocol to include version fields, as described in the NOTES
+file. Implement keepalive mode. Make policy about when to initiate key
+exchanges more configurable (how many NAKs / bad reverse-transforms
+does it take to prompt a key exchange?)
 
-transform.c: done
+slip.c: restart userv-ipif to cope with soft routes? Restart it if it
+fails in use?
 
-udp.c: done
+transform.c: separate the transforms into multiple parts, which can
+then be combined in the configuration file.  Will allow the user to
+plug in different block ciphers, invent an authenticity-only mode,
+etc. (similar to udptunnel)
 
-util.c: sort out logging
+tun.c: Solaris support, and configuring the interface and
+creating/deleting routes using ioctl()
+
+udp.c: option for path-MTU discovery (once fragmentation support is
+implemented in netlink)
+
+
+global:
+consider using liboop for the event loop