-configure.in: done
-
Makefile.in: autodep stuff
-
-conffile.c: done
+Make it work using the distributed install.sh (which doesn't support -D)
dh.c: change format to binary from decimal string (without introducing
endianness problems)
-netlink.c: done
-
-slip.c: done. Detect failure of userv-ipif to start.
+netlink.c: test the 'allow_route' option properly.
-tun.c: jdamery reports tun-old code works on Linux-2.2.
-Unresolved problem with ioctl(TUNSETIFF) sometimes return EINVAL.
+process.c: capture output from children in sys_cmd() and log it
random.c: test
-resolver.c: done
+resolver.c: ought to return a list of addresses for each address; the
+site code ought to remember them and try contacting them in turn.
rsa.c: check padding type, change format to binary from decimal string
(without introducing endianness problems)
-secnet.c: done
-
site.c: the site_incoming() routing could be implemented much more
cleanly using a table. There's still quite a lot of redundancy in this
file. Abandon key exchanges when a bad packet is received. Modify
-protocol to include version fields, as described in the NOTES file.
-
-transform.c: done. JDA reports endianness problems are fixed.
-
-udp.c: done
-
-util.c: sort out logging
-
-General: separate the transforms in transform.c into multiple parts,
-which can then be combined in the configuration file. Will allow the
-user to plug in different block ciphers, invent an authenticity-only
-mode, etc.
-
-Write scripts to generate the 'real' sites file from a less-expressive
-version that's more easily checked by external tools.
+protocol to include version fields, as described in the NOTES
+file. Implement keepalive mode. Make policy about when to initiate key
+exchanges more configurable (how many NAKs / bad reverse-transforms
+does it take to prompt a key exchange?)
+
+slip.c: restart userv-ipif to cope with soft routes? Restart it if it
+fails in use?
+
+transform.c: separate the transforms into multiple parts, which can
+then be combined in the configuration file. Will allow the user to
+plug in different block ciphers, invent an authenticity-only mode,
+etc.