X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=TODO;h=f32d1097476838ed77cce3b189d0f19169b5e270;hb=c6f79b178fe27ee315055dccb371b63ca1a6183a;hp=e9ae871bb7214e82427a9becfa17f3561288b4ed;hpb=3454dce4c6909648b711a59b57c5a527036b2a8e;p=secnet.git diff --git a/TODO b/TODO index e9ae871..f32d109 100644 --- a/TODO +++ b/TODO @@ -3,15 +3,11 @@ Makefile.in: autodep stuff dh.c: change format to binary from decimal string (without introducing endianness problems) +ipaddr.c: implement the useful functionality from ipaddr.py + netlink.c: investigate why 'default' routes don't appear to work (reported by JDA). - -slip.c: detect failure of userv-ipif to start. - -tun.c: jdamery reports tun-old code works on Linux-2.2. -Unresolved problem with ioctl(TUNSETIFF) sometimes returning EINVAL, seems -to be related to early 2.4.x (x<=5) series kernels. 2.4.9 and above seem ok; -2.4.[678] untested. +Implement the 'allow_route' option properly. random.c: test @@ -21,21 +17,23 @@ rsa.c: check padding type, change format to binary from decimal string site.c: the site_incoming() routing could be implemented much more cleanly using a table. There's still quite a lot of redundancy in this file. Abandon key exchanges when a bad packet is received. Modify -protocol to include version fields, as described in the NOTES file. +protocol to include version fields, as described in the NOTES +file. Implement keepalive mode. Make policy about when to initiate key +exchanges more configurable (how many NAKs / bad reverse-transforms +does it take to prompt a key exchange?) -transform.c: make generic +slip.c: restart userv-ipif to cope with soft routes? Restart it if it +fails in use? +userv-ipif doesn't like the same bit of network to be specified +twice. Use the new functionality in ipaddr.c once it's done to prevent +this. -util.c: sort out logging - -sha1.c: test - -General: separate the transforms in transform.c into multiple parts, -which can then be combined in the configuration file. Will allow the -user to plug in different block ciphers, invent an authenticity-only -mode, etc. - -Signal handling! Really just cope with SIGCHLD and SIGTERM. Possibly -use SIGUSR1/2 for prodding things. +tun.c: jdamery reports tun-old code works on Linux-2.2. +Unresolved problem with ioctl(TUNSETIFF) sometimes returning EINVAL, seems +to be related to early 2.4.x (x<=5) series kernels. 2.4.9 and above seem ok; +2.4.[678] untested. -Write scripts to generate the 'real' sites file from a less-expressive -version that's more easily checked by external tools. +transform.c: separate the transforms into multiple parts, which can +then be combined in the configuration file. Will allow the user to +plug in different block ciphers, invent an authenticity-only mode, +etc.