X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=TODO;h=2d5e447edeb162360ff15fbeb94e1a1754d691b3;hp=aea5e0d4bfc9bac0f5a066c65cd1935f0f3642f2;hb=094ca922beda8a0af97cf9aeeeea3a983b59531c;hpb=9d3a4132788b198345116624761c12ed7bc936b6 diff --git a/TODO b/TODO index aea5e0d..2d5e447 100644 --- a/TODO +++ b/TODO @@ -1,43 +1,34 @@ -configure.in: done - -Makefile.in: autodep stuff - -conffile.c: done - dh.c: change format to binary from decimal string (without introducing endianness problems) -netlink.c: done +netlink.c: test the 'allow_route' option properly. +Add fragmentation code. Check that we comply with RFC1812. -slip.c: done. Detect failure of userv-ipif to start. +random.c: test properly -tun.c: jdamery reports tun-old code works on Linux-2.2. -Unresolved problem with ioctl(TUNSETIFF) sometimes return EINVAL. - -random.c: test - -resolver.c: done +resolver.c: ought to return a list of addresses for each address; the +site code ought to remember them and try contacting them in turn. rsa.c: check padding type, change format to binary from decimal string (without introducing endianness problems) -secnet.c: done - -site.c: the site_incoming() routing could be implemented much more -cleanly using a table. There's still quite a lot of redundancy in this -file. Abandon key exchanges when a bad packet is received. Modify -protocol to include version fields, as described in the NOTES file. +site.c: Abandon key exchanges when a bad packet is received. Modify +protocol to include version fields, as described in the NOTES +file. Implement keepalive mode. Make policy about when to initiate key +exchanges more configurable (how many NAKs / bad reverse-transforms +does it take to prompt a key exchange?) -transform.c: done. JDA reports endianness problems are fixed. +slip.c: restart userv-ipif to cope with soft routes? Restart it if it +fails in use? -udp.c: done +transform.c: separate the transforms into multiple parts, which can +then be combined in the configuration file. Will allow the user to +plug in different block ciphers, invent an authenticity-only mode, +etc. (similar to udptunnel) -util.c: sort out logging +udp.c: option for path-MTU discovery (once fragmentation support is +implemented in netlink) -General: separate the transforms in transform.c into multiple parts, -which can then be combined in the configuration file. Will allow the -user to plug in different block ciphers, invent an authenticity-only -mode, etc. -Write scripts to generate the 'real' sites file from a less-expressive -version that's more easily checked by external tools. +global: +consider using liboop for the event loop