diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1998-11-15 00:03:51 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1998-11-15 00:03:51 +0000 |
| commit | e79150e203c82fbba87b52246155ba5155b9f1e8 (patch) | |
| tree | 7f85b06a6b243ecd185041e9212d7ea0b6ce4480 /sbin/isakmpd/BUGS | |
| parent | 23065b1eddaddf11c9e23b9193afd76cf35de24d (diff) | |
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
Diffstat (limited to 'sbin/isakmpd/BUGS')
| -rw-r--r-- | sbin/isakmpd/BUGS | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/sbin/isakmpd/BUGS b/sbin/isakmpd/BUGS new file mode 100644 index 00000000000..2eabfe3c778 --- /dev/null +++ b/sbin/isakmpd/BUGS @@ -0,0 +1,50 @@ +$Id: BUGS,v 1.1 1998/11/15 00:03:47 niklas Exp $ + +Until we have a bug-tracking system setup, we might just add bugs to this +file: +------------------------------------------------------------------------------ +* message_drop frees the message, this is sometimes wrong and can cause + duplicate frees, for example when a proposal does not get chosen. [fixed] + +* Notifications should be their own exchanges, otherwise the IV gets + disturbed. [fixed] + +* We need a death timeout on half-ready SAs just like exchanges. At the + moment we leak SAs. + +* When we establish a phase 2 exchange we seem to get the wrong IV set, + according to SSH's logs. [fixed] + +* If a phase 1 SA negotiation exists with a cause that is to be sent in + a NOTIFY to the peer, we get multiple free calls on the cleanup of the + informational exchange. + +* IKE mandates that a HASH should be added to informational exchanges in + phase 2. + +* Message_send requires an exchange to exist, and potentially it tries to + encrypt a message multiple times when retransmitting. [fixed] + +* Multiple protocol proposals seems to fail. [fixed] + +* The initiator fails to match the responders choice of protocol suite with + the correct one of its own when several are offered. [fixed] + +* Duplicate specified sections is not detected. [fixed] + +* Quick mode establishments via UI using -P bind-addr gets "Address already in + use". + +* Not chosen proposals should be deleted from the protos list in the sa + structure. [fixed] + +* Setting SPIs generates "Invalid argument" errors due to one tunnel endpoint + being INADDR_ANY. [fixed] + +* ipsec_proto structs are never allocated. [fixed] + +* Remove SPIs of unused proposals. [fixed] + +* If the first proposal is turned down, the initiator gets confused. + +* Renegotiation after a failed phase 1 fails. |